[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
i'm using a similar approach for openId integration. the seam authenticate method looks up a status from the session that is only set by the servlet that confirms openId authentication an improvement of the seam security framework to handle single sign on like openId or others seams very relevant. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4122994#4122994 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4122994 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
Brad,thanks u very much!But if does this solution can
#{redirect.captureCurrentView} and #{redirect.returnToCapturedView}?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4091583#4091583
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4091583
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
wuhaixing wrote : Thanks,I have readed the thread. | And I also found this,http://www.ja-sig.org/wiki/display/CASC/CASLoginModule+for+JAAS+applications | Do u think this is a better way? | I'm know little about JAAS and CAS,so I cann't do the decision by myself. | Thanks for all of you! I looked at the code at that link - on first pass, it's not clear to me how the service=SERVICE param is going to be transmitted from the HTTP request to the CASLoginModule. Thus, I'm not sure that code is the complete solution. The best way to determine if it's a better way is to decide if you like the CASFilter approach (in which you'll want to set wrapRequest to true in web.xml) or, for some reason, you prefer JAAS. You should try both ways and see which way in practice is easiest to repeat from app to app. In my case, the CASFilter approach is the easiest, least invasive, way to integrate with our CAS Server. I put the solution I posted in this thread up on the JA-SIG CAS Clients wiki directly http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=8094192. Hopefully more CAS + Seam users will benefit-from / contribute-to this. Brad Smith View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4091031#4091031 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4091031 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
Use this link http://www.ja-sig.org/wiki/display/CASC/Seam+Identity+Integration+%28Seam+1.2.1+-+2.0.0%29 instead. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4091037#4091037 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4091037 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
Yes,If I don't call the identitiy.login,the thing is ok.That's why I think identity.login reset the session. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090488#4090488 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090488 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
I don't know what to tell you. You could put a breakpoint in Identity.login() and see what's going on. I'm guessing that's not where the problem is, though, but I could be wrong. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090641#4090641 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090641 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
I use CAS and I have this working. You may want to review this thread
http://www.jboss.com/index.html?module=bbop=viewtopict=119167.
I use a different approach than the CAS Filter for authentication, but the
process should be the same because by the time Seam steps in to the request
processing cycle, your CAS Filter should already have authenticated the user
(with the user-Principal being available in the HttpServletRequest -
request.getUserPrincipal()).
Here is part of my pages config and the relevant code of my authenticator for
integrating with Seam identity.
?xml version=1.0 encoding=UTF-8?
| pages xmlns=http://jboss.com/products/seam/pages;
|xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
|xsi:schemaLocation=http://jboss.com/products/seam/pages
http://jboss.com/products/seam/pages-2.0.xsd;
|
|no-conversation-view-id=/index.xhtml
|
| page view-id=/index.xhtml action=#{ssoAuthenticator.checkLogin}
login-required=false/
|
| page view-id=/* login-required=true/
|
| exception class=org.jboss.seam.security.NotLoggedInException
| redirect view-id=/index.xhtml
| messagePlease log in first/message
| /redirect
| /exception
|
| ...
|
| /pages
and here is the authenticator
@Name(ssoAuthenticator)
| @Scope(ScopeType.SESSION)
| public class SSOAuthenticator {
|
| @Logger
| private Log log;
|
| private UserPrincipal userPrincipal;
|
| // see http://www.jboss.com/index.html?module=bbop=viewtopict=119167
| // This method is configured in pages.xml as an action called for all
pages:
| // page view-id=/* login-required=true
action=#{authenticator.checkLogin}/
| public void checkLogin() {
| Identity identity = Identity.instance();
| final boolean isLoggedIn = identity.isLoggedIn();
| // user may already be logged in - check
| if (!isLoggedIn) {
| authenticate();
| } /* else {
| do nothing - user is logged in from identity perspective
| } */
| }
|
| public boolean authenticate() {
| Identity identity = Identity.instance();
| boolean authenticated = !(userPrincipal == null);
| if (!authenticated) {
| try {
| // Obtain authenticated UserPrincipal from Servlet container
| FacesContext facesContext =
FacesContext.getCurrentInstance();
| Principal rawPrincipal =
facesContext.getExternalContext().getUserPrincipal();
| userPrincipal = (UserPrincipal) rawPrincipal;
|
| // trigger the identity login sequence and add roles
| if (userPrincipal != null) {
| // Identity must have 'fresh' credentials for
authenticat() call to proceed
| identity.setUsername(userPrincipal.getUserid());
| identity.setPassword(userPrincipal.getUserid());
| identity.authenticate();
| // in my case, our system makes roles available in the
UserPrincipal - do what's right for your system
| Group[] roleGroups = userPrincipal.getUserRoles();
| if (roleGroups != null) {
| for (Group group : userPrincipal.getUserRoles()) {
| Enumeration? extends Principal roles =
group.members();
| while (roles.hasMoreElements()) {
|
identity.addRole(roles.nextElement().getName());
| }
| }
| }
| authenticated = true;
| }
| } catch (Exception e) {
| log.error(e, e);
| }
| }
| return authenticated;
| }
| }
You'll need to work out which URL's the CASFilter handles; you may also need
to tweak a bit with security constraints (in web.xml). But the code above
illustrates a basic approach to integrating Seam identity with any solution in
which the user-Principal has somehow been pre-set on the HttpServletRequest.
Hope this helps.
Brad Smith
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4090702#4090702
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090702
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
One other item - CAS SSO server should be deployed standalone in a separate server. Your Seam app (or any app) typically should not be presenting its own login page in a CAS SSO architecture. In other words, there shouldn't be any concept of a 'login.xhtml' in your CAS-adapted Seam application. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090706#4090706 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090706 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
I certainly don't know JAAS, but I don't think that will integrate nicely with Seam security. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090881#4090881 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090881 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
hi,matt.I set the edu.yale.its.tp.cas.client.filter.serviceUrl to my login page in the web.xml. And then the login.xhtml's action as identity.login in the page.xml. In the authenticator component,it seems identity.login reset the session,and I cann't get the username at all. Would you like to tell me what should I do? thanks in advance! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090145#4090145 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090145 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
It sounds like you're using an approach that should work. Why do you think identity.login is resetting the session? How are you trying to get the Cas username? And also, I'm not using the Yale client, but the Ja-sig client. The Yale one should work fine, though, for what you're doing. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090299#4090299 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090299 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
This is what in my web.xml
| filter
| filter-nameCAS Filter/filter-name
|
filter-classedu.yale.its.tp.cas.client.filter.CASFilter/filter-class
| init-param
|
param-nameedu.yale.its.tp.cas.client.filter.loginUrl/param-name
|param-valuehttps://localhost:8443/cas/login/param-value
| /init-param
| init-param
|
param-nameedu.yale.its.tp.cas.client.filter.validateUrl/param-name
|
param-valuehttps://localhost:8443/cas/proxyValidate/param-value
| /init-param
| init-param
|
param-nameedu.yale.its.tp.cas.client.filter.serviceUrl/param-name
|param-valuehttp://localhost:8080/epass/login.seam/param-value
| /init-param
| /filter
|
and this is in the page.xml
| page view-id=/login.xhtml action=#{identity.login}
| navigation from-action=#{identity.login}
| rule if=#{identity.loggedIn}
| redirect view-id=/home.xhtml/redirect
| /rule
| rule if=#{not identity.loggedIn}
| redirect
view-id=/users/register.xhtml/redirect
| /rule
| /navigation
| /page
|
and then in the components.xml ,I have this
| security:identity authenticate-method=#{authenticator.authenticate}/
|
In the authenticator...
| public boolean authenticate()
| {
| String username =
(String)Contexts.getSessionContext().get(CASFilter.CAS_FILTER_USER);
| if(username != null) {
| identity.setUsername(username);
| }
| log.info(authenticating #0, identity.getUsername());
| //write your authentication logic here,
| identity.addRole(admin);
| return true;
| }
|
the log told me
anonymous wrote :
| 09:18:11,085 INFO [Contexts] starting up: org.jboss.seam.security.identity
| 09:18:11,092 WARN [RuleBasedIdentity] no security rule base available -
please install a RuleBase with the name 'securityRules' if permission checks
are required.
| 09:18:11,095 INFO [Contexts] starting up: org.jboss.seam.web.session
| 09:18:13,283 INFO [STDOUT] 2007-10-02 09:18:13,282 INFO
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting ContextPath for
cookies to: /cas
| 09:18:19,535 INFO [STDOUT] 2007-10-02 09:18:19,534 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully
authenticated the user which provided the following credentials
|
| 09:18:19,572 INFO [STDOUT] 2007-10-02 09:18:19,572 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
[ST-1-lHKcFO0JY3WxO3lLJrx0a17yhjDhF5fhUmD-20] for service
[http://localhost:8080/epass/login.seam] for user [wuhaixing]
| 09:18:19,709 INFO [Contexts] starting up: org.jboss.seam.security.identity
| 09:18:19,715 WARN [RuleBasedIdentity] no security rule base available -
please install a RuleBase with the name 'securityRules' if permission checks
are required.
| 09:18:19,718 INFO [Contexts] starting up: org.jboss.seam.web.session
| 09:18:20,054 WARN [SkinFactoryImpl] Init parameter for a skin name changed
to org.richfaces.SKIN
| 09:18:20,177 INFO [Authenticator] authenticating null
|
What's wrong?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4090456#4090456
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090456
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
It looks like you've set things up the way I would. The log makes it look you're being given a new session when you return from CAS; do you have cookies enabled in your browser? Are you sure the filter is validating the ticket successfully? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090458#4090458 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090458 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
Thanks!One more question,how did you create the seam Identity after authentication? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090028#4090028 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090028 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
I haven an Authenticator component that looks in the session for the CAS assertion, and sets the Identity username appropriately. (It assumes that the Cas ticket validation has already happened). View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090046#4090046 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090046 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
Thanks a lot View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4090072#4090072 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4090072 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: How can I integrate CAS client into Seam?
I don't think there's a standard way to do it yet. I took the Jasig cas client and configured it with Seam instead of spring, and though I'm not really using it the way it was intended, it's working. It's not in a place where I could easily share what I have right now, but I hope to put together a blog or wiki page with what I have in the next few months. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4089996#4089996 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4089996 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
