Hi again,
thnx for the response. I use jetspeed 2.2 but I do not want to talk
directly to the LDAP.
I am introducing a filter based on PortalFilter (see attached
CASPortalFilter.java implementation in order to:
(http://u-portal.gunet.gr:8080/uportal3/)
- get the username of authenticated user -> done
- if username does not appear in portal db -> create new user with
username and assign default group/roles (in future I plan to introduce a
mapping mechanism)
- put principal in portal context
Problems till now:
- exception (see attached exception.txt) Any help ??
- As the CAS filter has a url-pattern="/*" (see web.xml) how can a user
see public pages without being redirected to CAS
Any help would be appreciated.
BR,
Vangelis
David Sean Taylor wrote:
On Jul 19, 2009, at 8:47 AM, Evangelos Vlachogiannis wrote:
Hi list,
I would like to ask if anybody has integrated CAS (Central
Authentication Service - http://www.jasig.org/cas) with Jetspeed-2.
I don't have any experience with CAS but I have integrated similar
solutions such as Shibboleth.
Here is my problem situation:
CAS sits"in front" of an LDAP server of my university that I do not
have "write" permissions. The meta I use from ldap is the
credentials and some information of users' role in university (like
student, instructor e.t.c.). What I need to do is to login in
jetspeed portal from jetspeed login form and through CAS to validate
authentication for all services under jetspeed. However, as I cannot
store anything in ldap I need somehow to initialize an existing user
stored in ldap in jetspeed database. An idea is to do that on first
login by introducing some mapping rules (any help how to do that?).
Another problem which I cannot overcome using CAS java clients
filters is how to allow public access, as the filter will always
asks for authentication under /portal/.
We do have a LDAP replication solution in 2.2. What version of
Jetspeed are you using?
Any ideas, help more than welcome,
It would be a valuable contribution to have CAS support or at least
documentation in Jetspeed at some level.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from
fulfilling this request.
exception
java.lang.NullPointerException
org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager.getPasswordCredential(JetspeedSecurityPersistenceManager.java:495)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy3.getPasswordCredential(Unknown Source)
org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl.getPasswordCredential(UserPasswordCredentialManagerImpl.java:51)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy5.getPasswordCredential(Unknown Source)
org.apache.jetspeed.security.impl.UserManagerImpl.getPasswordCredential(UserManagerImpl.java:119)
org.apache.jetspeed.security.impl.UserManagerImpl.getSubject(UserManagerImpl.java:128)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy6.getSubject(Unknown Source)
gr.uportal.filter.CASPortalFilter.doFilter(CASPortalFilter.java:131)
org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter.doFilter(XXSUrlAttackFilter.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:401)
note The full stack trace of the root cause is available in the Apache
Tomcat/6.0.18 logs.
Apache Tomcat/6.0.18/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package gr.uportal.filter;
import java.io.IOException;
import java.security.Principal;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.jetspeed.Jetspeed;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.administration.PortalAdministration;
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
import org.apache.jetspeed.administration.PortalConfiguration;
import org.apache.jetspeed.administration.RegistrationException;
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.cache.UserContentCacheManager;
import org.apache.jetspeed.components.ComponentManager;
import org.apache.jetspeed.login.LoginConstants;
import org.apache.jetspeed.login.filter.PortalRequestWrapper;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticatedUserImpl;
import org.apache.jetspeed.security.AuthenticationProvider;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.SubjectHelper;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.RoleManager;
import org.apache.jetspeed.security.GroupManager;
import edu.yale.its.tp.cas.client.filter.CASFilter;
public class CASPortalFilter implements Filter {
protected String guest = "guest";
public void init(FilterConfig filterConfig) throws ServletException {
PortalConfiguration config = Jetspeed.getConfiguration();
if (config != null)
guest = config.getString("default.user.principal");
}
public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
FilterChain filterChain) throws IOException,
ServletException {
HttpServletRequest request = null;
System.out.println("gr.uportal.filter");
request = (HttpServletRequest) sRequest;
ComponentManager cm = Jetspeed.getComponentManager();
UserManager userManager = (UserManager) cm
.getComponent("org.apache.jetspeed.security.UserManager");
HttpSession session = request.getSession(true);
// get username from CAS authentication
String userName = (String) session
.getAttribute(CASFilter.CAS_FILTER_USER);
System.out.println("user: " + userName);
User user = null;
// if user has been authenticated though CAS
if (userName == null) {
RoleManager roleManager = (RoleManager) cm
.getComponent("org.apache.jetspeed.security.RoleManager");
GroupManager groupManager = (GroupManager) cm
.getComponent("org.apache.jetspeed.security.GroupManager");
try {
// check if the user exists in the portal
database
user = userManager.getUser(userName);
} catch (SecurityException e) {
// TODO Auto-generated catch block
System.out.println("user: " + userName + " not
in portal db");
PortalAdministration portalAdministration =
(PortalAdministration) cm
.getComponent("PortalAdministration");
try {
// populate portal db with user and
appropriate group/roles
// FIXME: set default group/role ->
then introduce mapping
// mechanism
List roles =
roleManager.getRoles("user");
List groups =
groupManager.getGroups("");
//
portalAdministration.registerUser(userName,
//
portalAdministration.generatePassword(),roles,
// groups,null,null,null);
portalAdministration.registerUser(userName,
portalAdministration.generatePassword());
user = userManager.getUser(userName);
} catch (RegistrationException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName
+ " not created");
} catch (SecurityException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName
+ " not created");
}
}
// if user has not been authenticated though CAS
//FIXME: How do allow
} else {
//guest account
}
//put subject into jetspeed
Subject subject;
try {
// default solution using the build-in UserManager
subject = userManager.getSubject(user);
} catch (SecurityException e) {
// TODO: maybe some better handling required here
throw new ServletException(e);
}
sRequest = wrapperRequest(request, subject, user);
request.getSession().removeAttribute(LoginConstants.ERRORCODE);
session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);
System.out.println("*** login session = " + session);
sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE,
"true");
if (filterChain != null) {
filterChain.doFilter(sRequest, sResponse);
}
}
private ServletRequest wrapperRequest(HttpServletRequest request,
Subject subject, Principal principal) {
PortalRequestWrapper wrapper = new PortalRequestWrapper(request,
subject, principal);
return wrapper;
}
public void destroy() {
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
