Hi Nick,
I did what you suggested and we integrated ala-hubs with jasig-cas.
Now, The Log in button (see image attached)  redirects the hubs-webapp page to jasig-cas authentication page.
nevertheless, The search button in the same page can be accessed even if the user do not perform the log in operation.
We would like to know how to enforce this authentication before the user has access to perform a search in ala-hubs.
Thanks!
Regards.

De: Nick.Dosremedios@csiro.au
Enviada: Quinta-feira, 17 de Abril de 2014 00:16
Para: suelane@uol.com.br,ala-portal@lists.gbif.org,support@ala.org.au
Assunto: Cas Authentication - Hubs-Webapp

Hi Suelane,
 
I’d suggest you try these 2 minor changes to the web.xml file:
 
1. Change the serverName section -
from:

serverName

  http://143.107.102.247:8080/hubs-webapp/

 

to:

serverName

  http://143.107.102.247:8080

 

contextpath

  <param-value>/hubs-webappparam-value>

 


2. Change the server uriFilterPattern to:

 

  uriFilterPattern

  /*

 

 
I also note you are missing a few filter settings that we use in our version of hub-webapp. I’ve attached a sample “web.xml” file that you should look at, to check against, if the above changes do not work.
 
Regards
 
Nick
-- 
Nick dos Remedios
Atlas of Living Australia
http://www.ala.org.au/
 
From: "Suelane G. Fontes" <suelane@uol.com.br>
Date: Thursday, 17 April 2014 5:22 am
To: "ala-portal@lists.gbif.org" <ala-portal@lists.gbif.org>, "support@ala.org.au" <support@ala.org.au>
Subject: Cas Authentication - Hubs-Webapp
 

Hi all,

We need to enforce the users to authenticate before have access to ALA-PORTAL..

We found a authentication enforcement in ala-collectory module, when the user tries to access the “admin” page, using JASIG Cas server.

We performed the following steps to test the authentication:

We deployed an instance of JASIG Cas server (http://www.jasig.org/cas) in server: http://143.107.102.247:65002/cas-server-webapp-3.4.12.1.

We configured the ala-collectoy to enforce authentication in file: ala-collectory-0.1.0/ala-collectory/grails-app/conf/config.groovy , using the following code:

/******************************************************************************\

*  SECURITY
\******************************************************************************/
if (!security.cas.uriFilterPattern) {
   security.cas.uriFilterPattern = "/admin.*,/collection.*,/institution.*,/contact.*,/reports.*," +
           "/providerCode.*,/providerMap.*,/dataProvider.*,/dataResource.*,/dataHub.*,/manage/.*"
}
if (!security.cas.loginUrl) {
   security.cas.loginUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login"
}
if (!security.cas.logoutUrl) {
   security.cas.logoutUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/logout"
}
if (!security.apikey.serviceUrl) {
   security.apikey.serviceUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/apikey/ws/check?apikey="
}
if(!security.cas.appServerName){
   security.cas.appServerName = "http://143.107.102.247:65002"
}
if(!security.cas.casServerName){
   security.cas.casServerName = "http://143.107.102.247:8080"
}
if(!security.cas.uriExclusionFilterPattern){
   security.cas.uriExclusionFilterPattern = '/images.*,/css.*,/js.*,/less.*'
}
if(!security.cas.authenticateOnlyIfLoggedInPattern){
   security.cas.authenticateOnlyIfLoggedInPattern = "" // pattern for pages that can optionally display info about the logged-in user
}
if(!security.cas.casServerUrlPrefix){
   security.cas.casServerUrlPrefix = 'http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/'
}
if(!security.cas.bypass){
   security.cas.bypass = true
}
if(!disableAlertLinks){
   disableAlertLinks = false
}

if(!disableOverviewMap){
   disableOverviewMap = false
}

then, we tried to access the admin section of ala-collectory browser. Which worked perfectly: the ala-collectory redirected the call to CAS server login page, and after the user provides correct username and password the user is redirected again to admin-section of ala-collectory.

We would like to enforce the same authentication in ala-hubs, as shown in the figure adapted from wiki (attached).

We followed the steps in wiki:

https://code.google.com/p/ala-bie/wiki/Authentication#Example_web.xml_configuration .

In pom.xml of hubs-webapp directory we included the following code:

 

org.jasig.cas

cas-client-core

3.1.10

jar

compile

 

 

au.org.ala

ala-cas-client

2.0-SNAPSHOT

jar

compile

 

 

javax.servlet

servlet-api

 

 

 

 

In web.xml file we included the following code:

 

 

 

serverName

http://143.107.102.247:8080/hubs-webapp/

 

 

 

casServerName

http://143.107.102.247:8080

 

 

 

uriFilterPattern

/, /occurrences/\d+, /occurrences/search, /explore/your-area

 

 

 

 

CAS Authentication Filter

au.org.ala.cas.client.UriFilter

 

filterClass

org.jasig.cas.client.authentication.AuthenticationFilter

 

 

casServerLoginUrl

http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login

 

 

gateway

true

 

 

 

 

CAS Validation Filter

au.org.ala.cas.client.UriFilter

 

filterClass

org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter

 

 

casServerUrlPrefix

http://143.107.102.247:65002/cas-server-webapp-3.4.12.1

 

 

 

 

CAS HttpServletRequest Wrapper Filter

au.org.ala.cas.client.UriFilter

 

filterClass

au.org.ala.cas.client.AlaHttpServletRequestWrapperFilter

 

 

 

 

CAS Authentication Filter

/*

 

 

 

CAS Validation Filter

/*

 

 

 

CAS HttpServletRequest Wrapper Filter

/*

 

then we deployed the hubs-webapp.war in tomcat server. Unfornatelly, when the user access ala-webapp no autentication is asked by ala-portal.

What we need to do in order to enforce all the users to autenticate in jasig cas before have access to hubs-webapp?

Regards, 

Suelane/Silvio