Philippe, I do not know what your time frame is for deployment, but I am currently working on a jboss-cas integration using a JBoss authentication valve with a CasLoginModule. Valves are JBoss specific, but give us the ability to authenticate into Jaas for a specified realm. We are currently using it to integrate CAS into 3rd party J2EE apps running on JBoss that have NO notion of CAS. The down side is that it has been a very long road due to implementation details, and it is still very young. I am currently working on implementing proxy CAS with this architecture to take advantage of its features, as well as documenting how to use it. I have been in communications with Scott Bataglia about contributing this work back to JA-Sig, but it will take some time, as I still have to port it off the old Yale based javaCasClient to the jasigClient.
If you are interested and don't have proxy needs, I can give you what I have with instructions on how to implement it. - Joe PS: This approach was inspired by the JBoss Portal CAS Valve implementation. -- Joseph Valerio Senior Systems Programmer Yale University Technology & Planning Information Technology Services phone: 203-432-1196 email: [email protected] smail: 25 Science Park, New Haven, CT 06511 > _____________________________________ > From: Philippe Demierre [[email protected]] > Sent: Friday, February 06, 2009 4:39 AM > To: [email protected] > Subject: [cas-user] JAAS using CAS with SecurityFilter > > Dear All, > > We ask for your experiences and invaluable advices. > > In order to use java J2EE web applications with CAS (for authentication) we > are evaluating many solutions to use CAS with JAAS for authorization. > > The first solution we are evaluating is based on "Combining CASFilter with > Tomcat Realms using SecurityFilter" as read from JA-SIG web site : > http://www.ja-sig.org/wiki/pages/viewpageattachments.action?pageId=9543 > > As it is proposed, we have first downloaded the SecurityFilter java package > from the source forge site : > http://sourceforge.net/project/showfiles.php?group_id=59484. > (SecurityFilter is a Java Servlet Filter that mimics container managed > security.) > > Then we have combined the CASFilter using the SecurityFilter using the two > provided files CASAuthenticator.java and AuthenticatorFactory.java from > ja-sig http://www.ja-sig.org/wiki/pages/viewpageattachments.action?pageId=9543 > > Finally we created a custom authorization class named > public class UniGeRealm that extends the SimpleSecurityRealmBase provided by > the package. > > This custom class has to overwrite the isUserInRole(String username, String > rolename) SimpleSecurityRealmBase method. > > This method has to query the username rolename against a roles based > directory and returns true in case of username/rolename matching. > > It works... > > We would like to know > > Is this a reliable solution ? > > How many institutions are using this solution to work with JAAS using CAS to > authenticate users? > > Are there other solutions to use JAAS with CAS ? > > Thank you in advance > > Philippe Demierre > University of Geneva > IT Division, Software Development (DEVM) > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
