When redirecting from the https CAS application back to an http service after authenticating successfully, IE6 presents the user with a security dialog saying "you are about to be redirected to a connection that is not secure, do you really want to do this?". We can avoid this by using javascript to perform the redirection in the client browser, instead of a server side redirect. NB: This approach works fine for web pages, but does not work for protected image content, which will not execute the returned javascript, so we revert to a serverside redirect for this type of content.
1. Create WEB-INF/view/jsp/default/ui/redirect.jsp to perform the redirection using javascript
Code Block |
---|
<%@page import="org.jasig.cas.authentication.principal.WebApplicationService" %> <%@page import="org.jasig.cas.web.support.WebUtils" %> <%@page import="java.net.URI" %> <% WebApplicationService service = (WebApplicationService) request.getAttribute("service"); String ticket ticket = (String) request.getAttribute("serviceTicketId"); String redirectURL = service.getResponse(ticket).getUrl(); boolean serverSideRedirect = false; // if redirect is for an image, js or css file URI uri = new URI(redirectURL); String path = uri.getPath(); int dotPos = path.lastIndexOf("."); // returns -1 if not found if( dotPos > -1 ) { String ext = path.substring(dotPos).toLowerCase(); serverSideRedirect = ".gif".equals(ext) || ".jpg".equals(ext) || ".png".equals(ext) || ".js".equals(ext) || ".css".equals(ext); } if( serverSideRedirect ) { // Serverside redirect using HTTP 302 response.sendRedirect(redirectURL); } else { // Client side redirect using javascript %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <script type="text/javascript" language="javascript"> <!-- window.location.replace ("<%=service.getResponse(ticket).getUrl()%>redirectURL%>"); --> </script> <title>Redirect</title> </head> <body></body> </html> <% } %> |
2. Make a redirect view available to CAS by adding it to WEB-INF/classes/default_view.properties
...
Code Block |
---|
<end-state id="redirect" view="redirectView" /> > |