...
First step is to add the dependency to the OAuth cas support module in the CAS server webapp pom.xml :
...
| Code Block | ||
|---|---|---|
| ||
<dependency> <groupId>org.jasig.cas</groupId> |
...
<artifactId>cas-server-support-oauth</artifactId> |
...
<version>${project.version}</version> |
...
</dependency> |
2) Add the OAuth20WrapperController
To add the OAuth20WrapperController, you need to add the mapping between the /oauth2.0/* url and the CAS servlet in the web.xml :
| Code Block | ||
|---|---|---|
| ||
<servlet-mapping> |
...
<servlet-name>cas</servlet-name> |
...
<url-pattern>/oauth2.0/*</url-pattern> |
...
</servlet-mapping> |
You have to create the controller itself in cas-servlet.xml :
| Code Block | ||
|---|---|---|
| ||
<bean |
...
id="oauth20WrapperController" |
...
class="org.jasig.cas.support.oauth.web.OAuth20WrapperController" |
...
p:loginUrl="http://mycasserverwithoauthwrapper/login" |
...
p:servicesManager-ref="servicesManager" |
...
p:ticketRegistry-ref="ticketRegistry" |
...
p:timeout="7200" /> |
The loginUrl is the login url of the CAS server. The timeout is the lifetime of a CAS granting ticket (in seconds, not in millisecondes !)
with its mapping in the handlerMappingC bean (cas-servlet.xml) :
| Code Block | ||
|---|---|---|
| ||
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> |
...
<property name="mappings"> |
...
<props> |
...
<prop key="/logout">logoutController</prop> |
...
........................... |
...
<prop key="/403.html">passThroughController</prop> |
...
<prop key="/oauth2.0/*">oauth20WrapperController</prop> |
...
</props> |
...
</property> |
...
<property name="alwaysUseFullPath" value="true" /> |
...
</bean> |
3) Add the needed CAS services
...
For the in memory service registry, you add the two services in the deployerConfigContext.xml :
| Code Block | ||
|---|---|---|
| ||
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> |
...
<property name="registeredServices"> |
...
<list> |
...
<bean class="org.jasig.cas.services.RegisteredServiceImpl"> |
...
<property name="id" value="0" /> |
...
<property name="name" value="HTTP" /> |
...
<property name="description" value="oauth wrapper callback url" /> |
...
<property name="serviceId" value="http://mycasserverwithoauthwrapper/oauth2.0/callbackAuthorize" /> |
...
</bean> |
...
<bean class="org.jasig.cas.services.RegisteredServiceImpl"> |
...
<property name="id" value="1" /> |
...
<property name="name" value="the_key_for_caswrapper1" /> |
...
<property name="description" value="the_secret_for_caswrapper1" /> |
...
<property name="serviceId" value="http://mycasserver/login" /> |
...
</bean> |
If you have one CAS server configured with the CasWrapperProvider20 (the client) to communicate with a CAS server wrapping OAuth 2.0 protocol (the server), you have the name and description of the service in CAS « server » matching the key and secret of the identity provider defined in the CAS « client » :
| Code Block | ||
|---|---|---|
| ||
<bean class="org.jasig.cas.services.RegisteredServiceImpl"> |
...
<property name="id" value="1" /> |
...
<property name="name" value="the_key_for_caswrapper1" /> |
...
<property name="description" value="the_secret_for_caswrapper1" /> |
...
<property name="serviceId" value="http://mycasserver/login" /> |
...
</bean> |
...
<bean id="caswrapper1" class="org.jasig.cas.support.oauth.provider.impl.CasWrapperProvider20"> |
...
<property name="key" value="the_key_for_caswrapper1" /> |
...
<property name="secret" value="the_secret_for_caswrapper1" /> |
...
<property name="callbackUrl" value="http://mycasserver/login" /> |
...
<property name="serverUrl" value="http://mycasserverwithoauthwrapper/oauth2.0" /> |
...
</bean> |
...
II. Technical presentation of the OAuth server mode
...