Versions Compared

Version Old Version 3 New Version 4
Changes made by

William G. Thompson, Jr.

William G. Thompson, Jr.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
<bean class="org.jasig.cas.adaptors.ldappwd.BindLdapAuthenticationHandler">
  <property name="filter" value="uid=%u" />
  <property name="searchBase" value="ou=people,dc=rutgers,dc=edu" />
   <property name="contextSource" ref="contextSource" />
  <property name="errorProcessor"  ref="firstErrorProcessor" />
</bean>

Additions:

Code Block


   
<bean id="firstErrorProcessor" class="org.jasig.cas.adaptors.ldappwd.util.ExpiredPasswordErrorProcessor">
        <property name="nextItem">
        <bean class="org.jasig.cas.adaptors.ldappwd.util.AccountLockedErrorProcessor">
            <property name="nextItem">
            <bean class="org.jasig.cas.adaptors.ldappwd.util.MustChangePasswordErrorProcessor">
                <property name="nextItem">
                <bean class="org.jasig.cas.adaptors.ldappwd.util.BadHoursErrorProcessor">
                    <property name="nextItem">
                    <bean class="org.jasig.cas.adaptors.ldappwd.util.BadWorkstationErrorProcessor">
                        <property name="nextItem">
                            <bean class="org.jasig.cas.adaptors.ldappwd.util.AccountDisabledErrorProcessor" />
                        </property>
                    </bean>
                    </property>
                </bean>
                </property>
            </bean>
            </property>
        </bean>
        </property>
    </bean>
   

    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="anonymousReadOnly" value="false" />
        <property name="password" value="{password_goes_here}" />
        <property name="pooled" value="true" />
        <property name="urls">
            <list>
                <value>ldap://ldap.rutgers.edu:636/</value>
                <value>ldap://ldap2.rutgers.edu:636/</value>
            </list>
        </property>
        <property name="userDn" value="{username_goes_here}" />
        <property name="baseEnvironmentProperties">
            <map>
                <entry>
                        <key><value>java.naming.security.protocol</value></key>
                        <value>ssl</value>
                    </entry>
                <entry>
                        <key><value>java.naming.security.authentication</value></key>
                        <value>simple</value>
                    </entry>
                </map>
        </property>
    </bean>

resources/login-webflow.xml -> webapp/WEB-INF/login-webflow.xml

Change:

Code Block

change:
    <decision-state id="warn">
        <if test="flowScope.warnCookieValue" then="showWarningView" else="PasswordWarningCheck" />
    </decision-state>

Additions:

Code Block
    <!-- this checks the status of a password -->
    <action-state id="PasswordWarningCheck">
        <evaluate expression="PasswordWarningCheckAction" />
        <transition on="showWarning" to="warnPassRedirect" />
        <transition on="success" to="redirect" />
        <transition on="error" to="viewLoginForm" />
    </action-state>

        <!--
        The "warnPassRedirect" end state is the end state for when the user's password is close to expiring.  They are not required 
        to change their password to reach the requested service.
        -->
    <action-state id="warnPassRedirect" >
        <evaluate expression="flowScope.service.getResponse(requestScope.serviceTicketId)" result-type="org.jasig.cas.authentication.principal.Response" result="requestScope.response" />
        <transition on="requestScope.response" to="pwdPostView" />
        <transition to="pwdRedirectView" />
    </action-state>

   <end-state id="pwdPostView" view="postWarnPassResponseView">
        <output name="viewScope.parameters" value="requestScope.response.attributes" />
        <output name="viewScope.expireDays" value="flowScope.expireDays" />
        <output name="viewScope.originalUrl" value="flowScope.service.id" />
    </end-state>
    
    <!--
        The "showExpiredPassView" end state is the end state for when the user's password has expired and they must be sent 
        to the account management page to change their password.
        -->
    <end-state id="showExpiredPassView" view="casExpiredPassView" />
     
        <!--
        The "showAccountLockedView" end state is the end state for when the user's account has been locked out due to
        password failures.  They are told to try again in 15 minutes.
        -->
    <end-state id="showAccountLockedView" view="casAccountLockedView" />
    
    <!--
        The "showAccountDisabledView" end state is the end state for when the user's account has been disabled.  They are not 
        allowed to reach any services and must call the Help Desk to re-enable service
        -->
    <end-state id="showAccountDisabledView" view="casAccountDisabledView" />
    
    <!-- 
        The "showMustChangePassView" end state is the end state for when the user must change his password and then must be sent 
        to the account management page.
        -->
    <end-state id="showMustChangePassView" view="casMustChangePassView" />

        <!--
        The "showBadHoursView" end state is the end state for when the user cannot log in at this time.
        -->
    <end-state id="showBadhoursView" view="casBadHoursView" />

        <!--
        The "showBadWorkstation" end state is the end state when the user cannot log in from this worstation (hum, the server indeed)
        -->
    <end-state id="showBadWorkstationView" view="casBadWorkstationView" />
    
    <end-state id="pwdRedirectView" view="casWarnPassView">
        <output name="viewScope.parameters" value="requestScope.response.attributes" />
        <output name="viewScope.serviceTicketId" value="requestScope.serviceTicketId" />
        <output name="viewScope.expireDays" value="flowScope.expireDays" />
        <output name="viewScope.originalUrl" value="flowScope.service.id" />
    </end-state>