Hi, The shiro-cas is an official module to use CAS with Shiro. The buji-pac4j is an extension to add OAuth, OpenID, CAS support to Shiro. I developed both. The shiro-cas module does not support proxying with CAS where as the buji-pac4j library does.
CAS proxying should work without using Spring. The configuration of your web app looks good. Indeed, you need a CasClient, a CasProxyReceptor and to define both urls (callback and proxy receptor urls). Though, when a CAS service acts as a proxy, the profile returned (the second principal of the subject) is not a CasProfile but a CasProxyProfile ( https://github.com/leleuj/pac4j/blob/master/pac4j-cas/src/main/java/org/pac4j/cas/profile/CasProxyProfile.java#L54), on which you need to call getProxyTicketFor (for the right service). Then, with this proxy ticket, you will be able to call your web service : /mywebservice/dosomething?ticket=ST-xxxx. The CasFilter must be defined for this url to retrieve CAS authentication. Best regards, Jérôme 2014-02-26 12:15 GMT+01:00 Dinabandhu [via Shiro User] < [email protected]>: > Hi, > > Made some further progress in this. Created two simple web applications, > proxy and proxied and configured them with shiro+buji-pac4j. The both > applications take part in sso successfully as long as I access them from > browser. The configurations are - > > proxy (shiro.ini) > ==== > [main] > proxyReceptor=org.pac4j.cas.client.CasProxyReceptor > proxyReceptor.callbackUrl= > https://user-think:8443/shiro-cas-proxy-1/proxyReceptor > > casClient = org.pac4j.cas.client.CasClient > casClient.casLoginUrl = https://user-think:8443/cerberus-sso-test/login > casClient.casProxyReceptor = $proxyReceptor > > clients = org.pac4j.core.client.Clients > clients.callbackUrl = https://user-think:8443/shiro-cas-proxy-1/shiro-cas > clients.clientsList = $casClient > > clientsRealm = io.buji.pac4j.ClientRealm > clientsRealm.defaultRoles = ROLE_USER > clientsRealm.clients = $clients > > clientsFilter = io.buji.pac4j.ClientFilter > clientsFilter.clients = $clients > clientsFilter.failureUrl = /error.jsp > > casUsers = io.buji.pac4j.filter.ClientUserFilter > casUsers.client = $casClient > > securityManager.realms = $clientsRealm > > [urls] > /proxyReceptor = clientsFilter > /shiro-cas = clientsFilter > /error.jsp = anon > > > proxied (shiro.ini) > =========== > > [main] > > casClient = org.pac4j.cas.client.CasClient > casClient.casLoginUrl = https://user-think:8443/cerberus-sso-test/login > casClient.acceptAnyProxy=true > > clients = org.pac4j.core.client.Clients > clients.callbackUrl = https://user-think:8443/shiro-cas-proxied/shiro-cas > clients.clientsList = $casClient > > clientsRealm = io.buji.pac4j.ClientRealm > clientsRealm.defaultRoles = ROLE_USER > clientsRealm.clients = $clients > > clientsFilter = io.buji.pac4j.ClientFilter > clientsFilter.clients = $clients > clientsFilter.failureUrl = /error.jsp > > casUsers = io.buji.pac4j.filter.ClientUserFilter > casUsers.client = $casClient > > securityManager.realms = $clientsRealm > > #authc.loginUrl = > https://user-think:8443/cerberus-sso-test/login?service=https://user-think:8443/shiro-cas-proxied/shiro-cas > > > [urls] > /shiro-cas = clientsFilter > /error.jsp = anon > /** = casUsers > > The part that is not working is proxying. In the proxy application I have > a servlet which calls a url in proxied application. The code is - > > protected void doGet(HttpServletRequest request, > HttpServletResponse response) throws ServletException, IOException > { > String url = " > https://user-think:8443/shiro-cas-proxied/proxy-page.jsp";; > > URL obj = new URL(url); > HttpURLConnection con = (HttpURLConnection) > obj.openConnection(); > > // optional default is GET > con.setRequestMethod("GET"); > > //add request header > //con.setRequestProperty("User-Agent", USER_AGENT); > > int responseCode = con.getResponseCode(); > System.out.println("\nSending 'GET' request to URL : " + url); > System.out.println("Response Code : " + responseCode); > > BufferedReader in = new BufferedReader( > new InputStreamReader(con.getInputStream())); > String inputLine; > // StringBuffer response = new StringBuffer(); > > while ((inputLine = in.readLine()) != null) { > response.getWriter().write(inputLine); > } > response.getWriter().flush(); > in.close(); > > //print result > System.out.println(response.toString()); } > > } > > This always returns the cas login page. I need to do something additional > (possibly programatically) but I am not able to find any docs/example on > that. I saw some example which uses CasAuthenticationToken which seems to > be from spring security. We don't use spring normally and are a bit > reluctant to add spring dependency just for cas integration. Is there no > other way? > > I would appreciate any help greatly. > > Regards, > Dinabandhu > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-tp7579694p7579697.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-tp7579694p7579700.html Sent from the Shiro User mailing list archive at Nabble.com.
