Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

What is it

The YaleCasFilteredContext is an IYaleCasContext implementation which consumes the results of the CASValidateFilter having performed the actual authentication.

How does it work?

Maybe you would like to view the source code.

How do I configure it?

You'll need to configure the security context in your security.properties file and configure the CASValidateFilter in your web.xml.

Setting the security.properties

Note: this example is for using CAS authentication exclusively. A very common configuration is to use CAS alongside another authentication provider, such as local Simple authentication (MD5 passwords). If you're just getting things set up, you may wish to start with this simpler configuration and then add the complexity of the UnionSecurityContext.

You need to set the root security context factory to be the YaleCasFilteredContextFactory:

root=edu.yale.its.tp.portal.security.YaleCasFilteredContextFactory

You need to set the credential token "ticket":

# Answers what tokens are examined in the request for each context during authentication.
# A subcontext only needs to set it's tokens if it differs from those of the root context.
#principalToken.root=userName
#credentialToken.root=password
credentialToken.root=ticket

Mapping the filters

In your web.xml, you need to map and configure the CASValidateFilter and a helper filter which provides a static cache so that the YaleCasFilteredContext can obtain the CASReceipt bearing the results of the authentication.

hint

Hint: filter declarations come before servlet declarations in the web.xml. Personally, I find XMLBuddy's support for validating application descriptors quite helpful in catching element ordering and XML validity problems...

<filter>
  <filter-name>CAS Validate Filter</filter-name>
  <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter</filter-class>
  <init-param>
    <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
    <param-value>https://secure.its.yale.edu/cas/serviceValidate</param-value>
  </init-param>
  <init-param>
    <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
    <param-value>hkg2.cis.yale.edu:8080</param-value>
  </init-param>
  <init-param>
    <param-name>edu.yale.its.tp.cas.client.filter.proxyCallbackUrl</param-name>
    <param-value>https://hkg2.cis.yale.edu/uPortal/CasProxyServlet</param-value>
  </init-param>
</filter>

<filter>
  <filter-name>CAS Receipt Cacher</filter-name>
  <filter-class>edu.yale.its.tp.cas.client.filter.StaticCasReceiptCacherFilter</filter-class>
</filter>

<filter-mapping>
  <filter-name>CAS Validate Filter</filter-name>
  <url-pattern>/Login</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>CAS Receipt Cacher</filter-name>
  <url-pattern>/Login</url-pattern>
</filter-mapping>

Where can I get it?

The YaleCasFilteredContext is part of the Yale uPortal CAS security provider package, available here.

  • No labels