Hi, The JIRA is no longer used. You need to fill in a Github issue for CAS: https://github.com/Jasig/cas/issues/new. Thanks. Best regards,
Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-07-22 14:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>: > > Could you provide a link to where I can enter this issue? Thanks. > > -- Jonathan > > > From: Jérôme LELEU <lel...@gmail.com> > Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> > Date: Thursday, July 17, 2014 at 8:23 AM > To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> > Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service > parameter. > > Hi, > > Thanks for testing. Indeed, the HttpServletRequestWrapper is a good > solution. > > Would you mind opening a Github issue to track this bug ? I will fix it > for 4.1. > > Thanks. > Best regards, > > > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > > 2014-07-17 14:08 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>: > >> >> Hi Jérôme, >> >> I wasn’t able to restore "service" as a query parameter. For security >> reasons, the HttpServletRequest class does not expose any methods to modify >> its query parameters . >> >> I’m not sure if there’s a better way, but what I ended up doing was >> writing a “Filter” that wraps the request in a “HttpServletRequestWrapper” >> class like the following. >> >> publicfinal class OAuthServiceParameterFilter implements Filter { >> >> >> static class FilteredRequest extends HttpServletRequestWrapper { >> >> >> public FilteredRequest(final ServletRequest request) { >> >> super((HttpServletRequest) request); >> >> } >> >> >> @Override >> >> public String getParameter(final String param) { >> >> String value = super.getParameter(param); >> >> if (param.equalsIgnoreCase("service") && (value == null)) { >> >> Object service = this.getSession().getAttribute("service"); >> >> if (service != null) { >> >> value = service.toString(); >> >> } >> >> } >> >> return value; >> >> } >> >> . >> >> . >> >> . >> >> >> >> With this class, every time ServiceThemeResolver calls “getParameter” >> for the “service” parameter, we return the service value that was stored in >> the session. >> >> >> >> Thanks, >> >> >> -- Jonathan >> >> >> From: Jérôme LELEU <lel...@gmail.com> >> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> >> Date: Thursday, July 17, 2014 at 5:11 AM >> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> >> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service >> parameter. >> >> Hi, >> >> I don't remember how I came to test *RequestContextUtil.getTheme*, but >> you're right, the default *ServiceThemeResolver* is based on the >> "service" query parameter and not on the "service" in the webflow. >> >> Would you mind overriding my OAuthAction with a new one restoring the >> "service" as a query parameter and do a new test? >> >> Thanks. >> Best regards, >> >> >> >> Jérôme LELEU >> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >> >> >> 2014-07-16 15:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>: >> >>> Hi Jérôme, >>> >>> Which theme resolver are you using? >>> >>> Our code is configured as follows: >>> >>> From our Cas-servlet.xml >>> >>> <!-- Theme Resolver --> >>> >>> <beanid="themeResolver"class= >>> "org.jasig.cas.services.web.ServiceThemeResolver" >>> >>> p:defaultThemeName="${cas.themeResolver.defaultThemeName}" >>> >>> p:argumentExtractors-ref="argumentExtractors" >>> >>> p:servicesManager-ref="servicesManager"> >>> >>> . >>> >>> . >>> >>> . >>> </bean> >>> >>> From our argumentExtractorsConfiguration.xml (I believe these are the >>> default argument extractors that comes with CAS Server 3.5.2) >>> >>> <bean >>> >>> id=“casArgumentExtractor" class= >>> "org.jasig.cas.web.support.CasArgumentExtractor" >>> >>> p:httpClient-ref="noRedirectHttpClient" >>> >>> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/> >>> >>> >>> <beanid="samlArgumentExtractor"class= >>> "org.jasig.cas.web.support.SamlArgumentExtractor" >>> >>> p:httpClient-ref="noRedirectHttpClient" >>> >>> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/> >>> >>> >>> >>> <util:listid="argumentExtractors"> >>> >>> <refbean="casArgumentExtractor"/> >>> >>> <refbean="samlArgumentExtractor"/> >>> >>> </util:list> >>> >>> >>> org.jasig.cas.services.web.ServiceThemeResolver >>> >>> >>> public String resolveThemeName(final HttpServletRequest request) { >>> >>> if (this.servicesManager == null) { >>> >>> return getDefaultThemeName(); >>> >>> } >>> >>> >>> final Service service = WebUtils.getService(this. >>> argumentExtractors, request); >>> >>> final RegisteredService rService = this.servicesManager >>> .findServiceBy(service); >>> >>> . >>> >>> . >>> >>> . >>> >>> return service != null && rService != null && >>> StringUtils.hasText(rService.getTheme()) ? rService.getTheme() : >>> getDefaultThemeName(); >>> >>> } >>> >>> >>> The above >>> “org.jasig.cas.services.web.ServiceThemeResolver.resolveThemeName” >>> method calls each configured argument extractor class which in turn calls a >>> static method “createServiceFrom” from >>> the “SimpleWebApplicationServiceImpl” class which creates a service based >>> on an HttpServletRequest’s query parameter. >>> >>> >>> publicstatic SimpleWebApplicationServiceImpl createServiceFrom( >>> >>> final HttpServletRequest request, final HttpClient httpClient) { >>> >>> final String targetService = request >>> >>> .getParameter(CONST_PARAM_TARGET_SERVICE); >>> >>> final String method = request.getParameter(CONST_PARAM_METHOD); >>> >>> final String serviceToUse = StringUtils.hasText(targetService) >>> >>> ? targetService : request.getParameter(CONST_PARAM_SERVICE); >>> >>> . >>> >>> . >>> >>> . >>> >>> >>> >>> >>> As far as I can tell, the theme resolver we’re using looks for a >>> service value in a HttpServletRequest’s parameter, while the OAuthAction >>> class, stores this information in the session and RequestContext. >>> >>> // retrieve parameters from web session >>> >>> final Service service = (Service) >>> session.getAttribute(OAuthConstants.SERVICE); >>> >>> context.getFlowScope().put(OAuthConstants.SERVICE, service); >>> >>> >>> >>> // save parameters in web session >>> >>> final Service service = (Service) >>> context.getFlowScope().get(OAuthConstants.SERVICE); >>> >>> if (service != null) { >>> >>> session.setAttribute(OAuthConstants.SERVICE, service); >>> >>> } >>> >>> >>> >>> What am I missing? >>> >>> >>> >>> I do see a “restoreRequestAttribute” method in the OAuthAction class, >>> but this method looks to only restore an attribute from a web session as a >>> request attribute, not parameter. >>> >>> In addition, this method is never called for the “service” attribute. >>> >>> >>> /** >>> >>> * Restore an attribute in web session as an attribute in request. >>> >>> * >>> >>> * @param request >>> >>> * @param session >>> >>> * @param name >>> >>> */ >>> >>> private void restoreRequestAttribute(final HttpServletRequest >>> request, final HttpSession session, final String name) { >>> >>> final String value = (String) session.getAttribute(name); >>> >>> request.setAttribute(name, value); >>> >>> } >>> >>> >>> >>> Thank you in advance for any help or clarification you could provide. >>> >>> >>> >>> -- Jonathan >>> >>> >>> From: Jérôme LELEU <lel...@gmail.com> >>> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> >>> Date: Wednesday, June 18, 2014 at 9:04 AM >>> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> >>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service >>> parameter. >>> >>> Hi, >>> >>> Indeed, a logger.error would have been appreciated in the "catch >>> (TicketException" part. >>> >>> Yes, the "restore" methods are the ones the comment is referring to. >>> And they are called before the exception is thrown: all parameters should >>> be restored. >>> >>> I've spent some time to perform a full test and the theme is properly >>> restored through RequestContextUtil.getTheme. Here is the demo I setup: >>> https://github.com/leleuj/cas-oauth-demo-3.5.x/commit/8ccb17d18a1b2fbd3049022ce88455c581328bed >>> . >>> I define a theme for my service and throw an exception as if the >>> authentication has failed -> the theme is properly restored and generates >>> an error (I have not that theme)... >>> >>> Hope it helps. >>> Best regards, >>> Jérôme >>> >>> >>> >>> >>> Jérôme LELEU >>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>> >>> >>> 2014-06-17 0:25 GMT+02:00 Jonathan <jhs...@mit.edu>: >>> >>>> The exception I got appears to have been caught and handled by >>>> CAS/OAuthAction. There's not much of a trace in the log. >>>> >>>> OAuthAction.doExecute: >>>> . >>>> . >>>> . >>>> } catch (final TicketException e) { >>>> return error(); >>>> } >>>> >>>> >>>> cas.log >>>> 2014-06-16 18:07:07,023 INFO >>>> org.jasig.cas.authentication.AuthenticationManagerImpl - >>>> edu.cas.service.implementation.OAuthAuthenticationHandlerImplementation >>>> failed authenticating >>>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293 >>>> >>>> cas-authentication.log >>>> 2014-06-16 18:08:43,338 INFO Audit trail record BEGIN >>>> ============================================================= >>>> WHO: >>>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293 >>>> WHAT: error.authentication.credentials.bad.usernameorpassword >>>> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED >>>> APPLICATION: CAS >>>> WHEN: Mon Jun 16 18:08:43 EDT 2014 >>>> CLIENT IP ADDRESS: 127.0.0.1 >>>> SERVER IP ADDRESS: 127.0.0.1 >>>> ============================================================= >>>> >>>> Again, the problem seems to be that when RequestContextUtil.getTheme is >>>> eventually called, the default theme is used because the service parameter >>>> is null. >>>> >>>> >>>> The following is the comment for the OAuthAction class: >>>> >>>> /** >>>> * This class represents an action in the webflow to retrieve OAuth >>>> information on the callback url which is the webflow url (/login). The >>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.OAUTH_PROVIDER} >>>> and the other OAuth parameters are expected after OAuth authentication. >>>> * Providers are defined by configuration. The {@link >>>> org.jasig.cas.support.oauth.OAuthConstants.SERVICE}, >>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.THEME}, {@link >>>> org.jasig.cas.support.oauth.OAuthConstants.LOCALE} and >>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.METHOD} parameters >>>> are saved and restored from web session after OAuth authentication. >>>> * >>>> * @author Jerome Leleu >>>> * @since 3.5.0 >>>> */ >>>> >>>> Is the comment about restoring parameters from the web session >>>> referring to the following code? >>>> >>>> // retrieve parameters from web session >>>> final Service service = (Service) >>>> session.getAttribute(OAuthConstants.SERVICE); >>>> context.getFlowScope().put(OAuthConstants.SERVICE, service); >>>> restoreRequestAttribute(request, session, >>>> OAuthConstants.THEME); >>>> restoreRequestAttribute(request, session, >>>> OAuthConstants.LOCALE); >>>> restoreRequestAttribute(request, session, >>>> OAuthConstants.METHOD); >>>> >>>> >>>> Thanks, >>>> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>> lel...@gmail.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> lel...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user