seminar CASifying your first application

JA-SIG pre-conference seminar piece on CASifying an application.

This piece is a hands-on lab exercise.

Starting point

What's on the disc

The CAS3 demonstration disc includes:

  • A quickstart instance for each of these operating systems:
    • Windows (JDK and Tomcat and Ant)
    • OSX (Tomcat and Ant) (OS includes JDK)
    • Linux (JDK and Tomcat and Ant)
  • The full CAS 3 release (includes source code, etc.)
  • An example plugin

Installing the disc

Copy the quickstart appropriate to your platform (cas3-demo-xxx) to your hard disk. The quickstart will only run from a read-write disc (likely will not work from the CD-R itself).

Copy the full CAS 3 release to your hard disc as well, just in case you get interested in the source...

Copy the example plugin directory tree onto your hard disk. You'll need it for Drew's exercise demonstrating using the plugin development environment.

Starting Tomcat

Navigate to the quickstart instance on your hard disk (cas3-demo-xxx) and run the startup batch script / shell script.

Verify Tomcat started

Open a web browser and head to https://localhost:18443/. You should see the default Tomcat ROOT webapp (congratulating you on installing Tomcat).

Verify CAS started

Open a web browser and head to https://localhost:18443/cas/. You should (after Tomcat compiles those JSPs...) see the default CAS login screen.

CASFilter demos

Investigate the demonstrations

Head to https://localhost:18443/demos/. The demos webapp displays links to the other example webapps. These examples demonstrate how to configure and use the CASFilter

CASFilter exercise

The introductory exercise is to CASify the target.jsp in the casify-me web application, by means of mapping the CASFilter.

How to do this:

  1. Stop your Tomcat (there's a stop script alongside the script you used to start it).
  2. Edit casify-me/WEB-INF/web.xml to declare the CASFilter. Declare
    1. The class of the filter
    2. A name for the filter
    3. The init param configuring what CAS server login URL to use
    4. The init param configuring the service URL or server name of the filtered application
    5. The init param configuring what CAS server ticket validation URL to use
  3. Edit casify-me/WEB-INF/web.xml to map the CASFilter. Declare
    1. The name of the filter configured above
    2. The URL path the filter should affect
  4. Restart your Tomcat

Ending points

Here's an example web.xml that maps the CASFilter to authenticate users to target.jsp.

web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">
	<display-name>CAS Filter demo</display-name>

  <filter>
    <filter-name>CAS Filter</filter-name>
    <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
    <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
      <param-value>https://localhost:18443/cas/login</param-value>
    </init-param>
    <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
      <param-value>https://localhost:18443/cas/serviceValidate</param-value>
    </init-param>
    <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
      <param-value>localhost:18443</param-value>
    </init-param>
  </filter>

  <filter-mapping>
    <filter-name>CAS Filter</filter-name>
    <url-pattern>/target.jsp</url-pattern>
  </filter-mapping>



</web-app>

Resources

Here's a JSP that demonstrates displaying the information exposed into the HttpSession by CASFilter.

cas-filtered.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<head>
	<title>Simple CAS filtered JSP page</title>
</head>

<body>
	<h1>CASFilter demo</h1>
	<p>This page is intended to be mapped behind the 
<a href="http://www.yale.edu/tp/cas/cas-client-java-2.1.0/doc/public/edu/yale/its/tp/cas/client/filter/CASFilter.html">
CASFilter</a> via web.xml configuration.</p>
	<p>This page displays information about any present CAS authentication.</p>

	<h2>The authenticated username</h2>
	<p>The authenticated username is exposed via the a session attribute CASFilter.CAS_FILTER_USER<p>
	<c:choose>
		<c:when test="${not empty sessionScope['edu.yale.its.tp.cas.client.filter.user']}" >
			<p>The authenticated user is: 
<b>${sessionScope['edu.yale.its.tp.cas.client.filter.user']}</b></p>
		</c:when>
		<c:otherwise>
			<p>The session attribute exposing the CAS authenticated NetID is not set.</p>
		</c:otherwise>
	</c:choose>

	<p>A 
<a href="http://www.yale.edu/tp/cas/cas-client-java-2.1.0/doc/public/edu/yale/its/tp/cas/client/CASReceipt.html">
CASReceipt</a> stored in this session in the session attribute 
edu.yale.its.tp.cas.client.filter.receipt exposes advanced information about 
the CAS authentication the filter performed..</p>

	<c:choose>
	<c:when test="${not empty sessionScope['edu.yale.its.tp.cas.client.filter.receipt']}">
	<table>
	<tr>
		<td>CASReceipt property</td>
		<td>property value</td>
	</tr>
	<tr>
		<td>casValidateUrl</td>
		<td>${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].casValidateUrl}</td>
	</tr>
	<tr>
		<td>pgtIou</td>
		<td>${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].pgtIou}</td>
	</tr>
	<tr>
		<td>proxyCallbackUrl</td>
		<td>${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].proxyCallbackUrl}</td>
	</tr>
      <tr>
		<td>proxyingService</td>
		<td>${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].proxyingService}</td>
	</tr>
	<tr>
		<td>proxyList</td>
		<td>
			<c:forEach var="proxyEntry" 
                               items="${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].proxyList}">
				${proxyEntry}<br />
			</c:forEach>
		</td>
	</tr>
		<tr>
		<td>userName</td>
		<td>${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].userName}</td>
	</tr>
	<tr>
		<td>primaryAuthentication</td>
		<td>${sessionScope['edu.yale.its.tp.cas.client.filter.receipt'].primaryAuthentication}</td>
	</tr>
	</c:when>
	<c:otherwise>
		<p>No CASReceipt is stored in the session.</p>
	</c:otherwise>
	</c:choose>
</body>
</html>