Hi all,

We need to enforce the users to authenticate before have access to ALA-PORTAL..

We found a authentication enforcement in ala-collectory module, when the user tries to access the “admin” page, using JASIG Cas server.

We performed the following steps to test the authentication:

We deployed an instance of JASIG Cas server (http://www.jasig.org/cas) in server: http://143.107.102.247:65002/cas-server-webapp-3.4.12.1.

We configured the ala-collectoy to enforce authentication in file: ala-collectory-0.1.0/ala-collectory/grails-app/conf/config.groovy , using the following code:

/******************************************************************************\

*  SECURITY
\******************************************************************************/
if (!security.cas.uriFilterPattern) {
   security.cas.uriFilterPattern = "/admin.*,/collection.*,/institution.*,/contact.*,/reports.*," +
           "/providerCode.*,/providerMap.*,/dataProvider.*,/dataResource.*,/dataHub.*,/manage/.*"
}
if (!security.cas.loginUrl) {
   security.cas.loginUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login"
}
if (!security.cas.logoutUrl) {
   security.cas.logoutUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/logout"
}
if (!security.apikey.serviceUrl) {
   security.apikey.serviceUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/apikey/ws/check?apikey="
}
if(!security.cas.appServerName){
   security.cas.appServerName = "http://143.107.102.247:65002"
}
if(!security.cas.casServerName){
   security.cas.casServerName = "http://143.107.102.247:8080"
}
if(!security.cas.uriExclusionFilterPattern){
   security.cas.uriExclusionFilterPattern = '/images.*,/css.*,/js.*,/less.*'
}
if(!security.cas.authenticateOnlyIfLoggedInPattern){
   security.cas.authenticateOnlyIfLoggedInPattern = "" // pattern for pages that can optionally display info about the logged-in user
}
if(!security.cas.casServerUrlPrefix){
   security.cas.casServerUrlPrefix = 'http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/'
}
if(!security.cas.bypass){
   security.cas.bypass = true
}
if(!disableAlertLinks){
   disableAlertLinks = false
}

if(!disableOverviewMap){
   disableOverviewMap = false
}

then, we tried to access the admin section of ala-collectory browser. Which worked perfectly: the ala-collectory redirected the call to CAS server login page, and after the user provides correct username and password the user is redirected again to admin-section of ala-collectory.

We would like to enforce the same authentication in ala-hubs, as shown in the figure adapted from wiki (attached).

We followed the steps in wiki:

https://code.google.com/p/ala-bie/wiki/Authentication#Example_web.xml_configuration .

In pom.xml of hubs-webapp directory we included the following code:

<dependency>

<groupId>org.jasig.cas</groupId>

<artifactId>cas-client-core</artifactId>

<version>3.1.10</version>

<type>jar</type>

<scope>compile</scope>

</dependency>

<dependency>

<groupId>au.org.ala</groupId>

<artifactId>ala-cas-client</artifactId>

<version>2.0-SNAPSHOT</version>

<type>jar</type>

<scope>compile</scope>

<exclusions>

<exclusion>

<groupId>javax.servlet</groupId>

<artifactId>servlet-api</artifactId>

</exclusion>

</exclusions>

</dependency>

 

In web.xml file we included the following code:

<!-- CAS Authentication related properties -->

<context-param>

<!-- Parameter used by CAS filters -->

<param-name>serverName</param-name>

<param-value>http://143.107.102.247:8080/hubs-webapp/</param-value>

</context-param>

 

<context-param>

<param-name>casServerName</param-name>

<param-value>http://143.107.102.247:8080</param-value>

</context-param>

 

<context-param>

<param-name>uriFilterPattern</param-name>

<param-value>/, /occurrences/\d+, /occurrences/search, /explore/your-area</param-value>

</context-param>

 

<!-- CAS Authentication Service filters -->

<filter>

<filter-name>CAS Authentication Filter</filter-name>

<filter-class>au.org.ala.cas.client.UriFilter</filter-class>

<init-param>

<param-name>filterClass</param-name>

<param-value>org.jasig.cas.client.authentication.AuthenticationFilter</param-value>

</init-param>

<init-param>

<param-name>casServerLoginUrl</param-name>

<param-value>http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login</param-value>

</init-param>

<init-param>

<param-name>gateway</param-name>

<param-value>true</param-value>

</init-param>

</filter>

 

<filter>

<filter-name>CAS Validation Filter</filter-name>

<filter-class>au.org.ala.cas.client.UriFilter</filter-class>

<init-param>

<param-name>filterClass</param-name>

<param-value>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param-value>

</init-param>

<init-param>

<param-name>casServerUrlPrefix</param-name>

<param-value>http://143.107.102.247:65002/cas-server-webapp-3.4.12.1</param-value>

</init-param>

</filter>

 

<filter>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<filter-class>au.org.ala.cas.client.UriFilter</filter-class>

<init-param>

<param-name>filterClass</param-name>

<param-value>au.org.ala.cas.client.AlaHttpServletRequestWrapperFilter</param-value>

</init-param>

</filter>

 

<filter-mapping>

<filter-name>CAS Authentication Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

 

<filter-mapping>

<filter-name>CAS Validation Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

 

<filter-mapping>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

then we deployed the hubs-webapp.war in tomcat server. Unfornatelly, when the user access ala-webapp no autentication is asked by ala-portal.

What we need to do in order to enforce all the users to autenticate in jasig cas before have access to hubs-webapp?

Regards, 

Suelane/Silvio