Hi Suelane,
I’d suggest you try these 2 minor changes to the web.xml file:
1. Change the serverName section - from:
<param-name>serverName</param-name>
<param-value>http://143.107.102.247:8080/hubs-webapp/</param-value>
</context-param>
to:
<param-name>serverName</param-name>
<param-value>http://143.107.102.247:8080http://143.107.102.247:8080/hubs-webapp/</param-value>
</context-param>
<param-name>contextpath</param-name>
<param-value>/hubs-webapp</param-value>
</context-param>
2. Change the server uriFilterPattern to:
<context-param>
<param-name>uriFilterPattern</param-name>
<param-value>/*</param-value>
</context-param>
I also note you are missing a few filter settings that we use in our version of hub-webapp. I’ve attached a sample “web.xml” file that you should look at, to check against, if the above changes do not work.
Regards
Nick -- Nick dos Remedios Atlas of Living Australia http://www.ala.org.au/
From: "Suelane G. Fontes" <suelane@uol.com.brmailto:suelane@uol.com.br> Date: Thursday, 17 April 2014 5:22 am To: "ala-portal@lists.gbif.orgmailto:ala-portal@lists.gbif.org" <ala-portal@lists.gbif.orgmailto:ala-portal@lists.gbif.org>, "support@ala.org.aumailto:support@ala.org.au" <support@ala.org.aumailto:support@ala.org.au> Subject: Cas Authentication - Hubs-Webapp
Hi all,
We need to enforce the users to authenticate before have access to ALA-PORTAL..
We found a authentication enforcement in ala-collectory module, when the user tries to access the “admin” page, using JASIG Cas server.
We performed the following steps to test the authentication:
We deployed an instance of JASIG Cas server (http://www.jasig.org/cas) in server: http://143.107.102.247:65002/cas-server-webapp-3.4.12.1http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Flogin&sa=D&sntz=1&usg=AFQjCNH3vG0Ka4sLQzPoHwActqlfWHpv0g.
We configured the ala-collectoy to enforce authentication in file: ala-collectory-0.1.0/ala-collectory/grails-app/conf/config.groovy , using the following code:
/******************************************************************************\
* SECURITY ******************************************************************************/ if (!security.cas.uriFilterPattern) { security.cas.uriFilterPattern = "/admin.*,/collection.*,/institution.*,/contact.*,/reports.*," + "/providerCode.*,/providerMap.*,/dataProvider.*,/dataResource.*,/dataHub.*,/manage/.*" } if (!security.cas.loginUrl) { security.cas.loginUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/loginhttp://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Flogin&sa=D&sntz=1&usg=AFQjCNH3vG0Ka4sLQzPoHwActqlfWHpv0g" } if (!security.cas.logoutUrl) { security.cas.logoutUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/logouthttp://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Flogout&sa=D&sntz=1&usg=AFQjCNHehugoZZSv8DVSUX-3YHdqFzEY6A" } if (!security.apikey.serviceUrl) { security.apikey.serviceUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/apikey/ws/check?apik...http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Fapikey%2Fws%2Fcheck%3Fapikey%3D&sa=D&sntz=1&usg=AFQjCNGqC95eT2XCTZg-6Vh_63edJG7VyA" } if(!security.cas.appServerName){ security.cas.appServerName = "http://143.107.102.247:65002http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002&sa=D&sntz=1&usg=AFQjCNH5k83H3rCfxq9G6357RoRk2vu4yA" } if(!security.cas.casServerName){ security.cas.casServerName = "http://143.107.102.247:8080http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A8080&sa=D&sntz=1&usg=AFQjCNHNS4B3AfRd4bnMHSoxOVwzDisprw" } if(!security.cas.uriExclusionFilterPattern){ security.cas.uriExclusionFilterPattern = '/images.*,/css.*,/js.*,/less.*' } if(!security.cas.authenticateOnlyIfLoggedInPattern){ security.cas.authenticateOnlyIfLoggedInPattern = "" // pattern for pages that can optionally display info about the logged-in user } if(!security.cas.casServerUrlPrefix){ security.cas.casServerUrlPrefix = 'http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/'http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2F%27&sa=D&sntz=1&usg=AFQjCNGRqmrqERZlp6oeLUpeJlC8LhUNqA } if(!security.cas.bypass){ security.cas.bypass = true } if(!disableAlertLinks){ disableAlertLinks = false }
if(!disableOverviewMap){ disableOverviewMap = false }
then, we tried to access the admin section of ala-collectory browser. Which worked perfectly: the ala-collectory redirected the call to CAS server login page, and after the user provides correct username and password the user is redirected again to admin-section of ala-collectory.
We would like to enforce the same authentication in ala-hubs, as shown in the figure adapted from wiki (attached).
We followed the steps in wiki:
https://code.google.com/p/ala-bie/wiki/Authentication#Example_web.xml_config... .
In pom.xml of hubs-webapp directory we included the following code:
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.1.10</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>au.org.ala</groupId>
<artifactId>ala-cas-client</artifactId>
<version>2.0-SNAPSHOT</version>
<type>jar</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
In web.xml file we included the following code:
<!-- CAS Authentication related properties -->
<context-param>
<!-- Parameter used by CAS filters -->
<param-name>serverName</param-name>
<param-value>http://143.107.102.247:8080/hubs-webapp/</param-value>
</context-param>
<context-param>
<param-name>casServerName</param-name>
<param-value>http://143.107.102.247:8080http://143.107.102.247:8080/</param-value>
</context-param>
<context-param>
<param-name>uriFilterPattern</param-name>
<param-value>/, /occurrences/\d+, /occurrences/search, /explore/your-area</param-value>
</context-param>
<!-- CAS Authentication Service filters -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>au.org.ala.cas.client.UriFilter</filter-class>
<init-param>
<param-name>filterClass</param-name>
<param-value>org.jasig.cas.client.authentication.AuthenticationFilter</param-value>
</init-param>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>au.org.ala.cas.client.UriFilter</filter-class>
<init-param>
<param-name>filterClass</param-name>
<param-value>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param-value>
</init-param>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://143.107.102.247:65002/cas-server-webapp-3.4.12.1</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>au.org.ala.cas.client.UriFilter</filter-class>
<init-param>
<param-name>filterClass</param-name>
<param-value>au.org.ala.cas.client.AlaHttpServletRequestWrapperFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
then we deployed the hubs-webapp.war in tomcat server. Unfornatelly, when the user access ala-webapp no autentication is asked by ala-portal.
What we need to do in order to enforce all the users to autenticate in jasig cas before have access to hubs-webapp?
Regards,
Suelane/Silvio
participants (2)
-
Nick.Dosremedios@csiro.au
-
Suelane G. Fontes