Using the CAS JSP tags
CAS Tag Library
The CAS Tag Library is a another way to authenticate users' access to JSP pages. JSP Tags cannot be used in servlets, so if you need CAS protection within a servlet environment, you can use either the CAS Filter or the CAS Java objects (see below); the former is recommended.
To use the tag library, once casclient.jar is installed in your web application's /WEB-INF/lib directory, you need to add the following to the top of a JSP page you wish to protect:
<%@ taglib uri="http://www.yale.edu/its/tp/cas/version2" prefix="cas" %> <cas:auth var="netID" scope="session"> <cas:loginUrl>https://secure.its.yale.edu/cas/login</cas:loginUrl> <cas:validateUrl>https://secure.its.yale.edu/cas/proxyValidate</cas:validateUrl> <cas:authorizedProxy>https://authorized-proxy1</cas:authorizedProxy> <cas:authorizedProxy>https://authorized-proxy2</cas:authorizedProxy> ... <cas:service>http://service-url</cas:service> </cas:auth> ... <html> <body> <p>Welcome, <%= session.getAttribute("netID") %>!</p> </body> </html>
The user will not see any part of the page past the <cas:auth /> tags until he/she has logged in. If the user hasn't logged in yet, a redirect to the CAS login page will be performed.
Also provided with the CAS Tag Library is a logout tag:
<%@ taglib uri="http://www.yale.edu/its/tp/cas/version2" prefix="cas" %> <%-- first destroy the web application's session --%> <% session.invalidate(); %> <%-- then logout of CAS --%> <cas:logout var="netID" scope="session" logoutUrl="https://secure.its.yale.edu/cas/logout" />