Hi,
The JIRA is no longer used. You need to fill in a Github issue for CAS:
https://github.com/Jasig/cas/issues/new.
Thanks.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2014-07-22 14:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>:
>
> Could you provide a link to where I can enter this issue? Thanks.
>
> -- Jonathan
>
>
> From: Jérôme LELEU <lel...@gmail.com>
> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
> Date: Thursday, July 17, 2014 at 8:23 AM
> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service
> parameter.
>
> Hi,
>
> Thanks for testing. Indeed, the HttpServletRequestWrapper is a good
> solution.
>
> Would you mind opening a Github issue to track this bug ? I will fix it
> for 4.1.
>
> Thanks.
> Best regards,
>
>
>
> Jérôme LELEU
> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>
>
> 2014-07-17 14:08 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>:
>
>>
>> Hi Jérôme,
>>
>> I wasn’t able to restore "service" as a query parameter. For security
>> reasons, the HttpServletRequest class does not expose any methods to modify
>> its query parameters .
>>
>> I’m not sure if there’s a better way, but what I ended up doing was
>> writing a “Filter” that wraps the request in a “HttpServletRequestWrapper”
>> class like the following.
>>
>> publicfinal class OAuthServiceParameterFilter implements Filter {
>>
>>
>> static class FilteredRequest extends HttpServletRequestWrapper {
>>
>>
>> public FilteredRequest(final ServletRequest request) {
>>
>> super((HttpServletRequest) request);
>>
>> }
>>
>>
>> @Override
>>
>> public String getParameter(final String param) {
>>
>> String value = super.getParameter(param);
>>
>> if (param.equalsIgnoreCase("service") && (value == null)) {
>>
>> Object service = this.getSession().getAttribute("service");
>>
>> if (service != null) {
>>
>> value = service.toString();
>>
>> }
>>
>> }
>>
>> return value;
>>
>> }
>>
>> .
>>
>> .
>>
>> .
>>
>>
>>
>> With this class, every time ServiceThemeResolver calls “getParameter”
>> for the “service” parameter, we return the service value that was stored in
>> the session.
>>
>>
>>
>> Thanks,
>>
>>
>> -- Jonathan
>>
>>
>> From: Jérôme LELEU <lel...@gmail.com>
>> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
>> Date: Thursday, July 17, 2014 at 5:11 AM
>> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service
>> parameter.
>>
>> Hi,
>>
>> I don't remember how I came to test *RequestContextUtil.getTheme*, but
>> you're right, the default *ServiceThemeResolver* is based on the
>> "service" query parameter and not on the "service" in the webflow.
>>
>> Would you mind overriding my OAuthAction with a new one restoring the
>> "service" as a query parameter and do a new test?
>>
>> Thanks.
>> Best regards,
>>
>>
>>
>> Jérôme LELEU
>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>>
>>
>> 2014-07-16 15:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>:
>>
>>> Hi Jérôme,
>>>
>>> Which theme resolver are you using?
>>>
>>> Our code is configured as follows:
>>>
>>> From our Cas-servlet.xml
>>>
>>> <!-- Theme Resolver -->
>>>
>>> <beanid="themeResolver"class=
>>> "org.jasig.cas.services.web.ServiceThemeResolver"
>>>
>>> p:defaultThemeName="${cas.themeResolver.defaultThemeName}"
>>>
>>> p:argumentExtractors-ref="argumentExtractors"
>>>
>>> p:servicesManager-ref="servicesManager">
>>>
>>> .
>>>
>>> .
>>>
>>> .
>>> </bean>
>>>
>>> From our argumentExtractorsConfiguration.xml (I believe these are the
>>> default argument extractors that comes with CAS Server 3.5.2)
>>>
>>> <bean
>>>
>>> id=“casArgumentExtractor" class=
>>> "org.jasig.cas.web.support.CasArgumentExtractor"
>>>
>>> p:httpClient-ref="noRedirectHttpClient"
>>>
>>> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/>
>>>
>>>
>>> <beanid="samlArgumentExtractor"class=
>>> "org.jasig.cas.web.support.SamlArgumentExtractor"
>>>
>>> p:httpClient-ref="noRedirectHttpClient"
>>>
>>> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/>
>>>
>>>
>>>
>>> <util:listid="argumentExtractors">
>>>
>>> <refbean="casArgumentExtractor"/>
>>>
>>> <refbean="samlArgumentExtractor"/>
>>>
>>> </util:list>
>>>
>>>
>>> org.jasig.cas.services.web.ServiceThemeResolver
>>>
>>>
>>> public String resolveThemeName(final HttpServletRequest request) {
>>>
>>> if (this.servicesManager == null) {
>>>
>>> return getDefaultThemeName();
>>>
>>> }
>>>
>>>
>>> final Service service = WebUtils.getService(this.
>>> argumentExtractors, request);
>>>
>>> final RegisteredService rService = this.servicesManager
>>> .findServiceBy(service);
>>>
>>> .
>>>
>>> .
>>>
>>> .
>>>
>>> return service != null && rService != null &&
>>> StringUtils.hasText(rService.getTheme()) ? rService.getTheme() :
>>> getDefaultThemeName();
>>>
>>> }
>>>
>>>
>>> The above
>>> “org.jasig.cas.services.web.ServiceThemeResolver.resolveThemeName”
>>> method calls each configured argument extractor class which in turn calls a
>>> static method “createServiceFrom” from
>>> the “SimpleWebApplicationServiceImpl” class which creates a service based
>>> on an HttpServletRequest’s query parameter.
>>>
>>>
>>> publicstatic SimpleWebApplicationServiceImpl createServiceFrom(
>>>
>>> final HttpServletRequest request, final HttpClient httpClient) {
>>>
>>> final String targetService = request
>>>
>>> .getParameter(CONST_PARAM_TARGET_SERVICE);
>>>
>>> final String method = request.getParameter(CONST_PARAM_METHOD);
>>>
>>> final String serviceToUse = StringUtils.hasText(targetService)
>>>
>>> ? targetService : request.getParameter(CONST_PARAM_SERVICE);
>>>
>>> .
>>>
>>> .
>>>
>>> .
>>>
>>>
>>>
>>>
>>> As far as I can tell, the theme resolver we’re using looks for a
>>> service value in a HttpServletRequest’s parameter, while the OAuthAction
>>> class, stores this information in the session and RequestContext.
>>>
>>> // retrieve parameters from web session
>>>
>>> final Service service = (Service)
>>> session.getAttribute(OAuthConstants.SERVICE);
>>>
>>> context.getFlowScope().put(OAuthConstants.SERVICE, service);
>>>
>>>
>>>
>>> // save parameters in web session
>>>
>>> final Service service = (Service)
>>> context.getFlowScope().get(OAuthConstants.SERVICE);
>>>
>>> if (service != null) {
>>>
>>> session.setAttribute(OAuthConstants.SERVICE, service);
>>>
>>> }
>>>
>>>
>>>
>>> What am I missing?
>>>
>>>
>>>
>>> I do see a “restoreRequestAttribute” method in the OAuthAction class,
>>> but this method looks to only restore an attribute from a web session as a
>>> request attribute, not parameter.
>>>
>>> In addition, this method is never called for the “service” attribute.
>>>
>>>
>>> /**
>>>
>>> * Restore an attribute in web session as an attribute in request.
>>>
>>> *
>>>
>>> * @param request
>>>
>>> * @param session
>>>
>>> * @param name
>>>
>>> */
>>>
>>> private void restoreRequestAttribute(final HttpServletRequest
>>> request, final HttpSession session, final String name) {
>>>
>>> final String value = (String) session.getAttribute(name);
>>>
>>> request.setAttribute(name, value);
>>>
>>> }
>>>
>>>
>>>
>>> Thank you in advance for any help or clarification you could provide.
>>>
>>>
>>>
>>> -- Jonathan
>>>
>>>
>>> From: Jérôme LELEU <lel...@gmail.com>
>>> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
>>> Date: Wednesday, June 18, 2014 at 9:04 AM
>>> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
>>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service
>>> parameter.
>>>
>>> Hi,
>>>
>>> Indeed, a logger.error would have been appreciated in the "catch
>>> (TicketException" part.
>>>
>>> Yes, the "restore" methods are the ones the comment is referring to.
>>> And they are called before the exception is thrown: all parameters should
>>> be restored.
>>>
>>> I've spent some time to perform a full test and the theme is properly
>>> restored through RequestContextUtil.getTheme. Here is the demo I setup:
>>> https://github.com/leleuj/cas-oauth-demo-3.5.x/commit/8ccb17d18a1b2fbd3049022ce88455c581328bed
>>> .
>>> I define a theme for my service and throw an exception as if the
>>> authentication has failed -> the theme is properly restored and generates
>>> an error (I have not that theme)...
>>>
>>> Hope it helps.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>>
>>>
>>> Jérôme LELEU
>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>>>
>>>
>>> 2014-06-17 0:25 GMT+02:00 Jonathan <jhs...@mit.edu>:
>>>
>>>> The exception I got appears to have been caught and handled by
>>>> CAS/OAuthAction. There's not much of a trace in the log.
>>>>
>>>> OAuthAction.doExecute:
>>>> .
>>>> .
>>>> .
>>>> } catch (final TicketException e) {
>>>> return error();
>>>> }
>>>>
>>>>
>>>> cas.log
>>>> 2014-06-16 18:07:07,023 INFO
>>>> org.jasig.cas.authentication.AuthenticationManagerImpl -
>>>> edu.cas.service.implementation.OAuthAuthenticationHandlerImplementation
>>>> failed authenticating
>>>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293
>>>>
>>>> cas-authentication.log
>>>> 2014-06-16 18:08:43,338 INFO Audit trail record BEGIN
>>>> =============================================================
>>>> WHO:
>>>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293
>>>> WHAT: error.authentication.credentials.bad.usernameorpassword
>>>> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
>>>> APPLICATION: CAS
>>>> WHEN: Mon Jun 16 18:08:43 EDT 2014
>>>> CLIENT IP ADDRESS: 127.0.0.1
>>>> SERVER IP ADDRESS: 127.0.0.1
>>>> =============================================================
>>>>
>>>> Again, the problem seems to be that when RequestContextUtil.getTheme is
>>>> eventually called, the default theme is used because the service parameter
>>>> is null.
>>>>
>>>>
>>>> The following is the comment for the OAuthAction class:
>>>>
>>>> /**
>>>> * This class represents an action in the webflow to retrieve OAuth
>>>> information on the callback url which is the webflow url (/login). The
>>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.OAUTH_PROVIDER}
>>>> and the other OAuth parameters are expected after OAuth authentication.
>>>> * Providers are defined by configuration. The {@link
>>>> org.jasig.cas.support.oauth.OAuthConstants.SERVICE},
>>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.THEME}, {@link
>>>> org.jasig.cas.support.oauth.OAuthConstants.LOCALE} and
>>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.METHOD} parameters
>>>> are saved and restored from web session after OAuth authentication.
>>>> *
>>>> * @author Jerome Leleu
>>>> * @since 3.5.0
>>>> */
>>>>
>>>> Is the comment about restoring parameters from the web session
>>>> referring to the following code?
>>>>
>>>> // retrieve parameters from web session
>>>> final Service service = (Service)
>>>> session.getAttribute(OAuthConstants.SERVICE);
>>>> context.getFlowScope().put(OAuthConstants.SERVICE, service);
>>>> restoreRequestAttribute(request, session,
>>>> OAuthConstants.THEME);
>>>> restoreRequestAttribute(request, session,
>>>> OAuthConstants.LOCALE);
>>>> restoreRequestAttribute(request, session,
>>>> OAuthConstants.METHOD);
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>> lel...@gmail.com
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> lel...@gmail.com
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
