Versions Compared

Old Version 3

changes.mady.by.user Dom Farr

Saved on

compared with

New Version Current

changes.mady.by.user PatrickB

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The extent of the welcome page decoration is only limited by your imagination.

To fully understand a gateway request see http://www.jasig.org/cas/client-integration/gateway

Configuration of Filters

Assuming you have a standard web site layout, with protected and unprotected areas, you will need to two authentication filters and one validation filter.

...

  • web.xml - defines your web container.
  • securityConfiguration.xml - defines the spring beans.
Code Block
xml
xml
borderStylesolid
titleweb.xml snippetborderStylesolid
...

  <filter>
    <filter-name>Gateway Authentication Filter</filter-name>
    <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
      <param-name>targetBeanName</param-name>
      <param-value>gatewayAuthenticationFilter</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
      <param-name>targetBeanName</param-name>
      <param-value>casNonGatewayAuthenticationFilter</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
      <param-name>targetBeanName</param-name>
      <param-value>casValidationFilter</param-value>
    </init-param>
  </filter>

...

  <!-- Gateway Authentication Filter -->
  <filter-mapping>
    <filter-name>Gateway Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- Non-Gateway Authentication Filter -->
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/protected/*</url-pattern>
  </filter-mapping>

  <!-- Validation Filter -->
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

...
Code Block
xml
xml
borderStylesolid
titlesecurityConfiguration.xml snippet
borderStylesolid
...

  <!-- Gateway Authentication Filter Bean -->
  <bean id="casGatewayAuthenticationFilter"
        class="org.jasig.cas.client.web.filter.AuthenticationFilter">

    <!-- serverName of client to construct serviceURL eg:"thisServer.myDomain.net" -->
    <constructor-arg index="0" value="${cas.client.serverName}"/>

    <!-- serviceUrl of client: either provide serverName or serviceUrl -->
    <constructor-arg index="1">
      <null/>
    </constructor-arg>

    <!-- CAS server loginUrl -->
    <constructor-arg index="2" value="${cas.server.url}login"/>

    <!-- renew? -->
    <constructor-arg index="3" value="false"/>

    <!-- gateway? -->
    <constructor-arg index="4" value="true"/>
  </bean>

  <!-- Non-Gateway Authentication Filter Bean -->
  <bean id="casNonGatewayAuthenticationFilter"
        class="org.jasig.cas.client.web.filter.AuthenticationFilter">

    <!-- serverName of client to construct serviceURL eg:"thisServer.myDomain.net" -->
    <constructor-arg index="0" value="${cas.client.serverName}"/>

    <!-- serviceUrl of client: either provide serverName or serviceUrl -->
    <constructor-arg index="1">
      <null/>
    </constructor-arg>

    <!-- CAS server loginUrl -->
    <constructor-arg index="2" value="${cas.server.url}login"/>

    <!-- renew? -->
    <constructor-arg index="3" value="false"/>

    <!-- gateway? -->
    <constructor-arg index="4" value="false"/>
  </bean>

  <!-- Validation Filter Bean -->
  <bean id="casValidationFilter"
        class="org.jasig.cas.client.web.filter.TicketValidationFilter">

    <constructor-arg index="0" value="${cas.client.serverName}" />

    <constructor-arg index="1">
      <null />
    </constructor-arg>

    <constructor-arg index="2" value="true" />

    <!-- ticketValidator implementation (defines protocol version to be used) -->
    <constructor-arg index="3" ref="ticketValidator" />

    <constructor-arg index="4" value="true" />
  </bean>

...
Info
titleUseful Information

For a complete configuration of the CAS Java Client you will need to visit the CAS Java client page http://www.ja-sig.org/products/cas/client/client-java/index.html

Warning

The configuration on CAS Java Client page does not use this gateway setup. So edit the CAS Java Client configuration with these changes.

Page Layout

Image Modified
Assuming first time request* If a visitor requests either www.site.com/welcome.jsp or www.site.com/other_page.jsp then a gateway log in authentication is called to CAS.

  • If a visitor request either www.site.com/protected/accounts.jsp or www.site.com/protected/payments.jsp then a non-gateway log in authentication is called to CAS.

Sequence

please excuse the bad diagrams

A simplistic view of a gateway call when user does not have a validate CAS session.
Image Added
A simplistic view of a gateway call when user does have a validate CAS session.
Image Added