(Newbie) Using Acegi+CAS

**nusa** · Oct 18th, 2006, 01:09 AM

Hi,

I have a working web app running on Weblogic 8.1. The security model implemented is using an LDAP server. I would like to use Acegi+CAS for SSO purpose.

The snippet of my web.xml is :

Code:

...
    <filter>
        <filter-name>MyFilter</filter-name>
        <filter-class>com.personal.MyOwnFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>MyFilter</filter-name>
        <servlet-name>MyDispatcher</servlet-name>
    </filter-mapping>

    <servlet>
        <servlet-name>MyDispatcher</servlet-name>
        <servlet-class>com.personal.MyServletDispatcher</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
...

It's within MyServletDispather.java that I implement the security model :

Code:

public class Dispatcher extends HttpServlet {
    ...
    public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException  {
        ...
        if ( authentication(request,response) ) {
            doA();
        } else {
            doB();
        }
    }
    ...
}

I took the applicationContext-acegi-security.xml ( <Only used by "cas" artifact> ) as my starting point, but here is my questions :
1. which bean(s) I need to use to replace

Code:

if ( authentication(request,response) ) {

2. which bean(s) I need to use to display the current user logged-in ?
3. what happen to MyOwnFilter.java ? Do I need to include in the "filterChainProxy" ?

Thanks.

**nusa** · Oct 18th, 2006, 01:58 AM

Hi,

Oops, I meant :

Code:

public class MyServletDispatcher extends HttpServlet {
}

According CAS site, I need to use the following for AuthenticationManager ( and for LDAP ) :

Code:

    ...
    <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
        <property name="credentialsToPrincipalResolvers">
            <list>
                <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
            </list>
        </property>
        
        <property name="authenticationHandlers">
            <list>
                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
                <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
                    <property name="filter" value="uid=%u" />
                    <property name="searchBase" value="ou=xxx,dc=yyy,dc=zzz" />
                    <property name="contextSource" ref="contextSource" />
                </bean>
            </list>
        </property>
    </bean>

    <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
        <property name="authenticatedReadOnly" value="true" />
        <property name="userName" value="${ldap_username_goes_here}" />
        <property name="password" value="${ldap_password_goes_here}" />
        <property name="urls">
            <list>
                <value>${ldap_url}</value>
            </list>
        </property>
        <property name="baseEnvironmentProperties">
            <map>
                <entry>
                    <key><value>java.naming.security.authentication</value></key>
                    <value>simple</value>
                </entry>
            </map>
        </property>
    </bean>
    ...

but the applicationContext-acegi-security.xml ( <Only used by "cas" artifact> ) uses this :
[code]
...
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
<property name="providers">
<list>
<ref local="casAuthenticationProvider" />
</list>
</property>
</bean>
...
/code]

Which "authenticationManager" I need to use, the Acegi's version or CAS's version ?

Thanks.

**nusa** · Oct 18th, 2006, 08:38 AM

Anyone please ?

**Marten Deinum** · Oct 18th, 2006, 09:16 AM

Check the referenceguide (chapter 18) on the acegi website it describes how to use CAS and Acegi. You also first try to take a look at the examples/tutorials which come with acegi and are described on the acegi website to get an understanding how acegi works.

After that I'm certain you can answer your questions yourself

**nusa** · Oct 18th, 2006, 12:43 PM

I've already passed by chapter and others, as well as the acegi and cas sites.

Anyone else could help me out ?

Thanks.

**Scott Battaglia** · Oct 23rd, 2006, 01:29 PM

Both Acegi and CAS have their own AuthenticationManagers that have nothing to do with each other. CAS needs its own. And Acegi needs its own.

I would recommend getting your CAS server to work on its own before you do any Acegi work.

**nusa** · Oct 24th, 2006, 02:44 PM

Thanks Scott.

Yet, I'm still unable to find which bean(s) I need to use to replace this :

Code:

if ( authentication(request,response) ) {

I appreciate any help/suggestions.

Thanks.

**Scott Battaglia** · Oct 30th, 2006, 08:58 AM

You wouldn't need that line of code. You would configure Acegi in the XML file (look at the examples) to protect the URLS that you want and then Acegi automatically handles the "isThisUserAuthenticated" check that you would have coded in.

The Contacts-CAS application is a good example.

**nusa** · Oct 31st, 2006, 03:49 AM

Originally Posted by Scott Battaglia

The Contacts-CAS application is a good example.

Thanks Scott. Just download from cvs, but I did not find contact cas application ( contact-cas.war ). Am I looking at the wrong directory ?

Thanks.

Thread: (Newbie) Using Acegi+CAS

Thread Tools

Display

(Newbie) Using Acegi+CAS

Posting Permissions