
Hi Suelane, I’d suggest you try these 2 minor changes to the web.xml file: 1. Change the serverName section - from: <param-name>serverName</param-name> <param-value>http://143.107.102.247:8080/hubs-webapp/</param-value> </context-param> to: <param-name>serverName</param-name> <param-value>http://143.107.102.247:8080<http://143.107.102.247:8080/hubs-webapp/></param-value> </context-param> <param-name>contextpath</param-name> <param-value>/hubs-webapp</param-value> </context-param> 2. Change the server uriFilterPattern to: <context-param> <param-name>uriFilterPattern</param-name> <param-value>/*</param-value> </context-param> I also note you are missing a few filter settings that we use in our version of hub-webapp. I’ve attached a sample “web.xml” file that you should look at, to check against, if the above changes do not work. Regards Nick -- Nick dos Remedios Atlas of Living Australia http://www.ala.org.au/ From: "Suelane G. Fontes" <suelane@uol.com.br<mailto:suelane@uol.com.br>> Date: Thursday, 17 April 2014 5:22 am To: "ala-portal@lists.gbif.org<mailto:ala-portal@lists.gbif.org>" <ala-portal@lists.gbif.org<mailto:ala-portal@lists.gbif.org>>, "support@ala.org.au<mailto:support@ala.org.au>" <support@ala.org.au<mailto:support@ala.org.au>> Subject: Cas Authentication - Hubs-Webapp Hi all, We need to enforce the users to authenticate before have access to ALA-PORTAL.. We found a authentication enforcement in ala-collectory module, when the user tries to access the “admin” page, using JASIG Cas server. We performed the following steps to test the authentication: We deployed an instance of JASIG Cas server (http://www.jasig.org/cas) in server: http://143.107.102.247:65002/cas-server-webapp-3.4.12.1<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Flogin&sa=D&sntz=1&usg=AFQjCNH3vG0Ka4sLQzPoHwActqlfWHpv0g>. We configured the ala-collectoy to enforce authentication in file: ala-collectory-0.1.0/ala-collectory/grails-app/conf/config.groovy , using the following code: /******************************************************************************\ * SECURITY \******************************************************************************/ if (!security.cas.uriFilterPattern) { security.cas.uriFilterPattern = "/admin.*,/collection.*,/institution.*,/contact.*,/reports.*," + "/providerCode.*,/providerMap.*,/dataProvider.*,/dataResource.*,/dataHub.*,/manage/.*" } if (!security.cas.loginUrl) { security.cas.loginUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Flogin&sa=D&sntz=1&usg=AFQjCNH3vG0Ka4sLQzPoHwActqlfWHpv0g>" } if (!security.cas.logoutUrl) { security.cas.logoutUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/logout<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Flogout&sa=D&sntz=1&usg=AFQjCNHehugoZZSv8DVSUX-3YHdqFzEY6A>" } if (!security.apikey.serviceUrl) { security.apikey.serviceUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/apikey/ws/check?apikey=<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2Fapikey%2Fws%2Fcheck%3Fapikey%3D&sa=D&sntz=1&usg=AFQjCNGqC95eT2XCTZg-6Vh_63edJG7VyA>" } if(!security.cas.appServerName){ security.cas.appServerName = "http://143.107.102.247:65002<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002&sa=D&sntz=1&usg=AFQjCNH5k83H3rCfxq9G6357RoRk2vu4yA>" } if(!security.cas.casServerName){ security.cas.casServerName = "http://143.107.102.247:8080<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A8080&sa=D&sntz=1&usg=AFQjCNHNS4B3AfRd4bnMHSoxOVwzDisprw>" } if(!security.cas.uriExclusionFilterPattern){ security.cas.uriExclusionFilterPattern = '/images.*,/css.*,/js.*,/less.*' } if(!security.cas.authenticateOnlyIfLoggedInPattern){ security.cas.authenticateOnlyIfLoggedInPattern = "" // pattern for pages that can optionally display info about the logged-in user } if(!security.cas.casServerUrlPrefix){ security.cas.casServerUrlPrefix = 'http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/'<http://www.google.com/url?q=http%3A%2F%2F143.107.102.247%3A65002%2Fcas-server-webapp-3.4.12.1%2F%27&sa=D&sntz=1&usg=AFQjCNGRqmrqERZlp6oeLUpeJlC8LhUNqA> } if(!security.cas.bypass){ security.cas.bypass = true } if(!disableAlertLinks){ disableAlertLinks = false } if(!disableOverviewMap){ disableOverviewMap = false } then, we tried to access the admin section of ala-collectory browser. Which worked perfectly: the ala-collectory redirected the call to CAS server login page, and after the user provides correct username and password the user is redirected again to admin-section of ala-collectory. We would like to enforce the same authentication in ala-hubs, as shown in the figure adapted from wiki (attached). We followed the steps in wiki: https://code.google.com/p/ala-bie/wiki/Authentication#Example_web.xml_config... . In pom.xml of hubs-webapp directory we included the following code: <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-client-core</artifactId> <version>3.1.10</version> <type>jar</type> <scope>compile</scope> </dependency> <dependency> <groupId>au.org.ala</groupId> <artifactId>ala-cas-client</artifactId> <version>2.0-SNAPSHOT</version> <type>jar</type> <scope>compile</scope> <exclusions> <exclusion> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> </exclusion> </exclusions> </dependency> In web.xml file we included the following code: <!-- CAS Authentication related properties --> <context-param> <!-- Parameter used by CAS filters --> <param-name>serverName</param-name> <param-value>http://143.107.102.247:8080/hubs-webapp/</param-value> </context-param> <context-param> <param-name>casServerName</param-name> <param-value>http://143.107.102.247:8080<http://143.107.102.247:8080/></param-value> </context-param> <context-param> <param-name>uriFilterPattern</param-name> <param-value>/, /occurrences/\d+, /occurrences/search, /explore/your-area</param-value> </context-param> <!-- CAS Authentication Service filters --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>au.org.ala.cas.client.UriFilter</filter-class> <init-param> <param-name>filterClass</param-name> <param-value>org.jasig.cas.client.authentication.AuthenticationFilter</param-value> </init-param> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login</param-value> </init-param> <init-param> <param-name>gateway</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>au.org.ala.cas.client.UriFilter</filter-class> <init-param> <param-name>filterClass</param-name> <param-value>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param-value> </init-param> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://143.107.102.247:65002/cas-server-webapp-3.4.12.1</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>au.org.ala.cas.client.UriFilter</filter-class> <init-param> <param-name>filterClass</param-name> <param-value>au.org.ala.cas.client.AlaHttpServletRequestWrapperFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> then we deployed the hubs-webapp.war in tomcat server. Unfornatelly, when the user access ala-webapp no autentication is asked by ala-portal. What we need to do in order to enforce all the users to autenticate in jasig cas before have access to hubs-webapp? Regards, Suelane/Silvio
participants (2)
-
Nick.Dosremedios@csiro.au
-
Suelane G. Fontes