Philippe,
I have not looked at the security filter, as I my focus was container
base authentication before we actually got to the servlet filters. We
at Yale are using JBoss as our app server of choice. Having used
Weblogic long ago 4.5'ish and not having done anything with it since, I
can not say with certainty that the same paradigms exist in Weblogic to
leverage the same type of model. Unfortunately for you, porting this
over to WL is something that I do not have the resource to do at this time.
Sorry,
- Joe
Philippe Demierre wrote:
Joseph,
At University of Geneva we plan to use CAS with J2EE ADF/JSF
application developped with Oracle jdeveloper.
Following that requirement, of course our app server is the Oracle
WebLogic Server 10g (10.3).
As mentionned we expect to use JAAS to manage the user's
authorizations paradigm.
Do you think your development (JBoss authentication valve with a
CasLoginModule) could be adapted in the medium term to our needs ?
Do you have an opinion on the solution JAAS using CAS with
SecurityFilter ?
Thanks
Joseph Valerio a écrit :
Philippe,
I do not know what your time frame is for deployment, but I am
currently working on a jboss-cas integration using a JBoss
authentication valve with a CasLoginModule. Valves are JBoss
specific, but give us the ability to authenticate into Jaas for a
specified realm. We are currently using it to integrate CAS into 3rd
party J2EE apps running on JBoss that have NO notion of CAS. The
down side is that it has been a very long road due to implementation
details, and it is still very young. I am currently working on
implementing proxy CAS with this architecture to take advantage of
its features, as well as documenting how to use it. I have been in
communications with Scott Bataglia about contributing this work back
to JA-Sig, but it will take some time, as I still have to port it off
the old Yale based javaCasClient to the jasigClient.
If you are interested and don't have proxy needs, I can give you what
I have with instructions on how to implement it.
- Joe
PS: This approach was inspired by the JBoss Portal CAS Valve
implementation.
--
Joseph Valerio
Senior Systems Programmer
Yale University
Technology & Planning
Information Technology Services
phone: 203-432-1196
email: [email protected]
smail: 25 Science Park, New Haven, CT 06511
_____________________________________
From: Philippe Demierre [[email protected]]
Sent: Friday, February 06, 2009 4:39 AM
To: [email protected]
Subject: [cas-user] JAAS using CAS with SecurityFilter
Dear All,
We ask for your experiences and invaluable advices.
In order to use java J2EE web applications with CAS (for
authentication) we are evaluating many solutions to use CAS with
JAAS for authorization.
The first solution we are evaluating is based on "Combining
CASFilter with Tomcat Realms using SecurityFilter" as read from
JA-SIG web site :
http://www.ja-sig.org/wiki/pages/viewpageattachments.action?pageId=9543
As it is proposed, we have first downloaded the SecurityFilter java
package from the source forge site :
http://sourceforge.net/project/showfiles.php?group_id=59484.
(SecurityFilter is a Java Servlet Filter that mimics container
managed security.)
Then we have combined the CASFilter using the SecurityFilter using
the two provided files CASAuthenticator.java and
AuthenticatorFactory.java from ja-sig
http://www.ja-sig.org/wiki/pages/viewpageattachments.action?pageId=9543
Finally we created a custom authorization class named
public class UniGeRealm that extends the SimpleSecurityRealmBase
provided by the package.
This custom class has to overwrite the isUserInRole(String username,
String rolename) SimpleSecurityRealmBase method.
This method has to query the username rolename against a roles based
directory and returns true in case of username/rolename matching.
It works...
We would like to know
Is this a reliable solution ?
How many institutions are using this solution to work with JAAS
using CAS to authenticate users?
Are there other solutions to use JAAS with CAS ?
Thank you in advance
Philippe Demierre
University of Geneva
IT Division, Software Development (DEVM)
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
