Hi Jose, See attached. The web.xml is where you configure Cosign as a filter. The Sitemap is where you configure your Action to look for the credentials that should have been added to the request by Cosign. Please excuse any dodgy debugging code left in the source.
Please ask if you have any questions. Cheers, Robin. On Tue, 2011-10-04 at 16:10 +0100, Blanco, Jose wrote: > Robin, > > When you get a chance could you send me the Action code and the sitemap you > used to get cosign running in the xmlui environment. I'd like to give it a > try. > > Thank you! > Jose > > -----Original Message----- > From: TAYLOR Robin [mailto:robin.tay...@ed.ac.uk] > Sent: Saturday, July 16, 2011 4:42 AM > To: Mark Diggory > Cc: Blanco, Jose; dspace-tech@lists.sourceforge.net > Subject: RE: [Dspace-tech] adding cosing to manakin > > Will do. Unfortunately I'm on holiday for the next two weeks and don't have > access to the source code so there will be a delay. > > Cheers. > > ________________________________________ > From: mdigg...@gmail.com [mdigg...@gmail.com] On Behalf Of Mark Diggory > [mdigg...@atmire.com] > Sent: 15 July 2011 18:48 > To: TAYLOR Robin > Cc: Blanco, Jose; dspace-tech@lists.sourceforge.net > Subject: Re: [Dspace-tech] adding cosing to manakin > > Robin, > > Can you post the Action code and the sitemap you used here? I think > Jose needs to see this in a complete context. Likewise, maybe its > something we can write a cosine authenticator addon for future dspace > releases. > > Mark > > On Tue, Jul 12, 2011 at 8:22 AM, Robin Taylor <robin.tay...@ed.ac.uk> wrote: > > Hi Jose, > > > > Not sure if I am understanding the problem correctly but I have had > > Cosign working with the XMLUI before so here is what we did... > > > > 1. Add the Cosign Filter to the web.xml. That should cause you to get > > redirected to your 'cosign' login page'. > > > > 2. Add a new Cocoon Action to the main Cocoon sitemap.xmap. to invoke a > > new class. Cosign will have added the 'principal' to the incoming > > request, this new class should extract that info and do whatever you > > want with it eg find a matching eperson. > > > > <map:pipeline> > > <map:match pattern="no-account"> > > <!-- We have already checked the login and failed --> > > <map:mount check-reload="no" src="themes/themes.xmap" > > uri-prefix=""/> > > </map:match> > > > > <map:match pattern="**"> > > <map:act type="CheckLogin"/> > > <map:mount check-reload="no" > > src="themes/themes.xmap" > > uri-prefix=""/> > > </map:match> > > </map:pipeline> > > > > (Apologies for the line wrapping) > > > > > > Its worth pointing out that we were protecting the whole repo, hence the > > check on pattern="**". If this sounds like what you need then reply and > > I'll send you more details. > > > > Cheers, Robin. > > > > > > > > > > > > On Mon, 2011-07-11 at 14:36 +0100, Blanco, Jose wrote: > >> Any suggestions? Really stuck here. > >> > >> > >> > >> From: Blanco, Jose [mailto:blan...@umich.edu] > >> Sent: Wednesday, July 06, 2011 3:09 PM > >> To: Mark Diggory > >> Cc: dspace-tech@lists.sourceforge.net > >> Subject: Re: [Dspace-tech] adding cosing to manakin > >> > >> > >> > >> > >> Mark, I'm getting closer, now I can get the cosign page and login > >> successfully, but what I did is map the /webiso-login to the servlet > >> Cocoon. > >> > >> > >> > >> <servlet-mapping> > >> > >> <servlet-name>Cocoon</servlet-name> > >> > >> <url-pattern>/webiso-login</url-pattern> > >> > >> </servlet-mapping> > >> > >> > >> > >> In the jsp environment I had it mapped to a specifc servlet that did > >> some special things, but I'm not sure how to do this in the xmlui > >> environment. In the xmlui area there is only one servlet - Cocoon. > >> Where do I put my jspui servlet code to handle auth? As you can tell > >> I'm new to Cocoon. > >> > >> > >> > >> Thank you! > >> > >> Jose > >> > >> > >> > >> From: mdigg...@gmail.com [mailto:mdigg...@gmail.com] On Behalf Of Mark > >> Diggory > >> Sent: Monday, June 27, 2011 8:26 PM > >> To: Blanco, Jose > >> Cc: dspace-tech@lists.sourceforge.net > >> Subject: Re: [Dspace-tech] adding cosing to manakin > >> > >> > >> > >> > >> No, each webapp needs to list its needed dependencies separately. > >> Listing cosign as a dependency in dspace/pom.xml will only place it > >> into the commandline application lib directory. > >> > >> On Fri, Jun 24, 2011 at 8:33 AM, Blanco, Jose <blan...@umich.edu> > >> wrote: > >> > >> Mark, the dspace/pom.xml is the only place that the jscosign is > >> listed, and it seems like it would hold for all the apps. > >> > >> > >> > >> Take a look. > >> > >> > >> > >> From: Mark Diggory [mailto:mdigg...@atmire.com] > >> Sent: Friday, June 24, 2011 1:48 AM > >> To: Blanco, Jose > >> Cc: dspace-tech@lists.sourceforge.net > >> Subject: Re: [Dspace-tech] adding cosing to manakin > >> > >> > >> > >> > >> Yes, you need to look for the dependency for cosign in your jspui > >> pom.xml and add it to your xmlui pom.xml > >> > >> > >> > >> > >> Best, > >> > >> > >> Mark > >> > >> On Thu, Jun 23, 2011 at 12:00 PM, Blanco, Jose <blan...@umich.edu> > >> wrote: > >> > >> I have cosign running in my jspui, and I'm trying to run it now in > >> xmlui, so I added the following to the xmui web.xml file: > >> > >> <filter> > >> <filter-name>Cosign Authentication Filter</filter-name> > >> > >> > >> <filter-class>edu.umich.auth.cosign.CosignAuthenticationFilterIII</filter-class> > >> <init-param> > >> <param-name>Cosign.ConfigurationFile</param-name> > >> > >> > >> <param-value>/l1/dspace/repository/dev/config/cosignConfigBlancoj.xml</param-value> > >> </init-param> > >> > >> <init-param> > >> <param-name>Auth.JAASConfigurationFile</param-name> > >> <param-value>/l/local/apache-tomcat/conf/jaas.conf</param-value> > >> </init-param> > >> > >> </filter> > >> > >> <servlet-mapping> > >> <servlet-name>webiso-login</servlet-name> > >> <url-pattern>/webiso-login</url-pattern> > >> </servlet-mapping> > >> > >> <filter-mapping> > >> <filter-name>Cosign Authentication Filter</filter-name> > >> <url-pattern>/webiso-login</url-pattern> > >> </filter-mapping> > >> > >> And I'm getting this error: > >> > >> SEVERE: Parse error in application web.xml file at > >> jndi:/blancoj.dev.deepblue.lib.umich.edu/WEB-INF/web.xml > >> java.lang.IllegalArgumentException: Filter mapping specifies an > >> unknown filter name Cosign Authentication Filter > >> at > >> org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) > >> at > >> org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) > >> at > >> org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1061) > >> at > >> com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601) > >> at > >> com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782) > >> at > >> com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl > >> $FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2938) > >> at > >> com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648) > >> at > >> com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511) > >> > >> > >> === > >> I don't kwow why it can't find it. It finds it just fine in jspui. > >> Do I need to change something in one of the pom.xml files? > >> > >> -Jose > >> > >> ------------------------------------------------------------------------------ > >> Simplify data backup and recovery for your virtual environment with > >> vRanger. > >> Installation's a snap, and flexible recovery options mean your data is > >> safe, > >> secure and there when you need it. Data protection magic? > >> Nope - It's vRanger. Get your free trial download today. > >> http://p.sf.net/sfu/quest-sfdev2dev > >> _______________________________________________ > >> DSpace-tech mailing list > >> DSpace-tech@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/dspace-tech > >> > >> > >> > >> > >> > >> -- > >> Mark R. Diggory > >> @mire - www.atmire.com > >> 2888 Loker Avenue East - Suite 305 - Carlsbad - CA - 92010 > >> Esperantolaan 4 - Heverlee 3001 - Belgium > >> > >> > >> > >> ------------------------------------------------------------------------------ > >> All the data continuously generated in your IT infrastructure contains > >> a > >> definitive record of customers, application performance, security > >> threats, fraudulent activity and more. Splunk takes this data and > >> makes > >> sense of it. Business sense. IT sense. Common sense.. > >> http://p.sf.net/sfu/splunk-d2d-c1 > >> _______________________________________________ > >> DSpace-tech mailing list > >> DSpace-tech@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/dspace-tech > >> > >> > >> > >> > >> > >> -- > >> Mark R. Diggory > >> @mire - www.atmire.com > >> 2888 Loker Avenue East - Suite 305 - Carlsbad - CA - 92010 > >> Esperantolaan 4 - Heverlee 3001 - Belgium > >> > >> > > > > > > > > ------------------------------------------------------------------------------ > > All of the data generated in your IT infrastructure is seriously valuable. > > Why? It contains a definitive record of application performance, security > > threats, fraudulent activity, and more. Splunk takes this data and makes > > sense of it. IT sense. And common sense. > > http://p.sf.net/sfu/splunk-d2d-c2 > > _______________________________________________ > > DSpace-tech mailing list > > DSpace-tech@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > > > -- > Mark R. Diggory > @mire - www.atmire.com > 2888 Loker Avenue East - Suite 305 - Carlsbad - CA - 92010 > Esperantolaan 4 - Heverlee 3001 - Belgium
package org.dspace.app.xmlui.utils;
import java.util.Map;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.cocoon.acting.AbstractAction;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.cocoon.environment.http.HttpEnvironment;
import org.dspace.app.xmlui.utils.AuthenticationUtil;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.content.Collection;
/**
* Created by IntelliJ IDEA.
* User: rtaylor3
* Date: 11-Jan-2010
* Time: 14:07:34
* To change this template use File | Settings | File Templates.
*/
public class LoginChecker extends AbstractAction
{
public Map act(Redirector redirector, SourceResolver resolver,
Map objectModel, String source, Parameters parameters)
throws Exception
{
HttpServletRequest request = (HttpServletRequest) objectModel.get(HttpEnvironment.HTTP_REQUEST_OBJECT);
HttpServletResponse response = (HttpServletResponse) objectModel.get(HttpEnvironment.HTTP_RESPONSE_OBJECT);
// Get a context and if the user has an existing session then set the 'current user'.
Context context = ContextUtil.obtainContext(objectModel);
System.out.println("In LoginChecker");
if (context.getCurrentUser() == null)
{
// Its the start of a new session for this user.
// If the user went through EASE authentication then his/her id should have been added to the request.
String uun = request.getUserPrincipal().getName();
System.out.println("uun is " + uun);
if (uun != null)
{
// The user has been successfully authenticated by EASE. Check the user has an eperson.
EPerson eperson = EPerson.findByNetid(context, uun);
if (eperson == null)
{
// This user has no matching eperson record so send them to the 'Ger off my land!' page.
System.out.println("User with no eperson !");
response.sendRedirect(request.getContextPath() + "/no-account");
}
else
{
// Login the user.
System.out.println("Logging in new user " + eperson.getNetid());
AuthenticationUtil.logIn(objectModel, eperson);
// If they have their own collection then redirect them to it.
Collection collection = Collection.findByUUN(context, uun);
if (collection != null)
{
System.out.println("Redirecting to collection " + collection.getHandle());
response.sendRedirect(request.getContextPath() + "/handle/" + collection.getHandle());
}
}
}
else
{
// User doesn't appear to have logged in with EASE. Lets assume its a test version with EASE
// disabled and let them continue even though they will only have non-logged-in access.
System.out.println("No uun for this user !");
}
}
else
{
System.out.println("Existing user " + context.getCurrentUser().getNetid());
}
return new HashMap();
}
}
sitemap.xmap
Description: XML document
web.xml
Description: XML document
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
