Hi, I just fixed the problem on 4.1-SNAPSHOT version: https://github.com/Jasig/cas/commit/de6c198824c154ac9177c786eb4725eeca087780 .
Would you mind testing it? Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-07-17 14:08 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>: > > Hi Jérôme, > > I wasn’t able to restore "service" as a query parameter. For security > reasons, the HttpServletRequest class does not expose any methods to modify > its query parameters . > > I’m not sure if there’s a better way, but what I ended up doing was > writing a “Filter” that wraps the request in a “HttpServletRequestWrapper” > class like the following. > > public final class OAuthServiceParameterFilter implements Filter { > > > static class FilteredRequest extends HttpServletRequestWrapper { > > > public FilteredRequest(final ServletRequest request) { > > super((HttpServletRequest) request); > > } > > > @Override > > public String getParameter(final String param) { > > String value = super.getParameter(param); > > if (param.equalsIgnoreCase("service") && (value == null)) { > > Object service = this.getSession().getAttribute("service"); > > if (service != null) { > > value = service.toString(); > > } > > } > > return value; > > } > > . > > . > > . > > > > With this class, every time ServiceThemeResolver calls “getParameter” > for the “service” parameter, we return the service value that was stored in > the session. > > > > Thanks, > > > -- Jonathan > > > From: Jérôme LELEU <lel...@gmail.com> > Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> > Date: Thursday, July 17, 2014 at 5:11 AM > To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> > Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service > parameter. > > Hi, > > I don't remember how I came to test *RequestContextUtil.getTheme*, but > you're right, the default *ServiceThemeResolver* is based on the > "service" query parameter and not on the "service" in the webflow. > > Would you mind overriding my OAuthAction with a new one restoring the > "service" as a query parameter and do a new test? > > Thanks. > Best regards, > > > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > > 2014-07-16 15:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>: > >> Hi Jérôme, >> >> Which theme resolver are you using? >> >> Our code is configured as follows: >> >> From our Cas-servlet.xml >> >> <!-- Theme Resolver --> >> >> <beanid="themeResolver"class= >> "org.jasig.cas.services.web.ServiceThemeResolver" >> >> p:defaultThemeName="${cas.themeResolver.defaultThemeName}" >> >> p:argumentExtractors-ref="argumentExtractors" >> >> p:servicesManager-ref="servicesManager"> >> >> . >> >> . >> >> . >> </bean> >> >> From our argumentExtractorsConfiguration.xml (I believe these are the >> default argument extractors that comes with CAS Server 3.5.2) >> >> <bean >> >> id=“casArgumentExtractor" class= >> "org.jasig.cas.web.support.CasArgumentExtractor" >> >> p:httpClient-ref="noRedirectHttpClient" >> >> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/> >> >> >> <beanid="samlArgumentExtractor"class= >> "org.jasig.cas.web.support.SamlArgumentExtractor" >> >> p:httpClient-ref="noRedirectHttpClient" >> >> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/> >> >> >> >> <util:listid="argumentExtractors"> >> >> <refbean="casArgumentExtractor"/> >> >> <refbean="samlArgumentExtractor"/> >> >> </util:list> >> >> >> org.jasig.cas.services.web.ServiceThemeResolver >> >> >> public String resolveThemeName(final HttpServletRequest request) { >> >> if (this.servicesManager == null) { >> >> return getDefaultThemeName(); >> >> } >> >> >> final Service service = WebUtils.getService(this. >> argumentExtractors, request); >> >> final RegisteredService rService = this.servicesManager >> .findServiceBy(service); >> >> . >> >> . >> >> . >> >> return service != null && rService != null && >> StringUtils.hasText(rService.getTheme()) ? rService.getTheme() : >> getDefaultThemeName(); >> >> } >> >> >> The above “org.jasig.cas.services.web.ServiceThemeResolver.resolveThemeName” >> method calls each configured argument extractor class which in turn calls a >> static method “createServiceFrom” from >> the “SimpleWebApplicationServiceImpl” class which creates a service based >> on an HttpServletRequest’s query parameter. >> >> >> publicstatic SimpleWebApplicationServiceImpl createServiceFrom( >> >> final HttpServletRequest request, final HttpClient httpClient) { >> >> final String targetService = request >> >> .getParameter(CONST_PARAM_TARGET_SERVICE); >> >> final String method = request.getParameter(CONST_PARAM_METHOD); >> >> final String serviceToUse = StringUtils.hasText(targetService) >> >> ? targetService : request.getParameter(CONST_PARAM_SERVICE); >> >> . >> >> . >> >> . >> >> >> >> >> As far as I can tell, the theme resolver we’re using looks for a >> service value in a HttpServletRequest’s parameter, while the OAuthAction >> class, stores this information in the session and RequestContext. >> >> // retrieve parameters from web session >> >> final Service service = (Service) >> session.getAttribute(OAuthConstants.SERVICE); >> >> context.getFlowScope().put(OAuthConstants.SERVICE, service); >> >> >> >> // save parameters in web session >> >> final Service service = (Service) >> context.getFlowScope().get(OAuthConstants.SERVICE); >> >> if (service != null) { >> >> session.setAttribute(OAuthConstants.SERVICE, service); >> >> } >> >> >> >> What am I missing? >> >> >> >> I do see a “restoreRequestAttribute” method in the OAuthAction class, >> but this method looks to only restore an attribute from a web session as a >> request attribute, not parameter. >> >> In addition, this method is never called for the “service” attribute. >> >> >> /** >> >> * Restore an attribute in web session as an attribute in request. >> >> * >> >> * @param request >> >> * @param session >> >> * @param name >> >> */ >> >> private void restoreRequestAttribute(final HttpServletRequest >> request, final HttpSession session, final String name) { >> >> final String value = (String) session.getAttribute(name); >> >> request.setAttribute(name, value); >> >> } >> >> >> >> Thank you in advance for any help or clarification you could provide. >> >> >> >> -- Jonathan >> >> >> From: Jérôme LELEU <lel...@gmail.com> >> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> >> Date: Wednesday, June 18, 2014 at 9:04 AM >> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> >> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service >> parameter. >> >> Hi, >> >> Indeed, a logger.error would have been appreciated in the "catch >> (TicketException" part. >> >> Yes, the "restore" methods are the ones the comment is referring to. >> And they are called before the exception is thrown: all parameters should >> be restored. >> >> I've spent some time to perform a full test and the theme is properly >> restored through RequestContextUtil.getTheme. Here is the demo I setup: >> https://github.com/leleuj/cas-oauth-demo-3.5.x/commit/8ccb17d18a1b2fbd3049022ce88455c581328bed >> . >> I define a theme for my service and throw an exception as if the >> authentication has failed -> the theme is properly restored and generates >> an error (I have not that theme)... >> >> Hope it helps. >> Best regards, >> Jérôme >> >> >> >> >> Jérôme LELEU >> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >> >> >> 2014-06-17 0:25 GMT+02:00 Jonathan <jhs...@mit.edu>: >> >>> The exception I got appears to have been caught and handled by >>> CAS/OAuthAction. There's not much of a trace in the log. >>> >>> OAuthAction.doExecute: >>> . >>> . >>> . >>> } catch (final TicketException e) { >>> return error(); >>> } >>> >>> >>> cas.log >>> 2014-06-16 18:07:07,023 INFO >>> org.jasig.cas.authentication.AuthenticationManagerImpl - >>> edu.cas.service.implementation.OAuthAuthenticationHandlerImplementation >>> failed authenticating >>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293 >>> >>> cas-authentication.log >>> 2014-06-16 18:08:43,338 INFO Audit trail record BEGIN >>> ============================================================= >>> WHO: >>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293 >>> WHAT: error.authentication.credentials.bad.usernameorpassword >>> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED >>> APPLICATION: CAS >>> WHEN: Mon Jun 16 18:08:43 EDT 2014 >>> CLIENT IP ADDRESS: 127.0.0.1 >>> SERVER IP ADDRESS: 127.0.0.1 >>> ============================================================= >>> >>> Again, the problem seems to be that when RequestContextUtil.getTheme is >>> eventually called, the default theme is used because the service parameter >>> is null. >>> >>> >>> The following is the comment for the OAuthAction class: >>> >>> /** >>> * This class represents an action in the webflow to retrieve OAuth >>> information on the callback url which is the webflow url (/login). The >>> * {@link org.jasig.cas.support.oauth.OAuthConstants.OAUTH_PROVIDER} and >>> the other OAuth parameters are expected after OAuth authentication. >>> * Providers are defined by configuration. The {@link >>> org.jasig.cas.support.oauth.OAuthConstants.SERVICE}, >>> * {@link org.jasig.cas.support.oauth.OAuthConstants.THEME}, {@link >>> org.jasig.cas.support.oauth.OAuthConstants.LOCALE} and >>> * {@link org.jasig.cas.support.oauth.OAuthConstants.METHOD} parameters >>> are saved and restored from web session after OAuth authentication. >>> * >>> * @author Jerome Leleu >>> * @since 3.5.0 >>> */ >>> >>> Is the comment about restoring parameters from the web session referring >>> to the following code? >>> >>> // retrieve parameters from web session >>> final Service service = (Service) >>> session.getAttribute(OAuthConstants.SERVICE); >>> context.getFlowScope().put(OAuthConstants.SERVICE, service); >>> restoreRequestAttribute(request, session, >>> OAuthConstants.THEME); >>> restoreRequestAttribute(request, session, >>> OAuthConstants.LOCALE); >>> restoreRequestAttribute(request, session, >>> OAuthConstants.METHOD); >>> >>> >>> Thanks, >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> lel...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user