Using the CAS JSP tags

Owned by Andrew Petro
Last updated: Feb 01, 2007 by ScottSVersion comment
1 min read

CAS Tag Library

The CAS Tag Library is a another way to authenticate users' access to JSP pages. JSP Tags cannot be used in servlets, so if you need CAS protection within a servlet environment, you can use either the CAS Filter or the CAS Java objects (see below); the former is recommended.

To use the tag library, once casclient.jar is installed in your web application's /WEB-INF/lib directory, you need to add the following to the top of a JSP page you wish to protect:

<%@ taglib uri="http://www.yale.edu/its/tp/cas/version2" prefix="cas" %>
<cas:auth var="netID" scope="session">
  <cas:loginUrl>https://secure.its.yale.edu/cas/login</cas:loginUrl>
  <cas:validateUrl>https://secure.its.yale.edu/cas/proxyValidate</cas:validateUrl>
  <cas:authorizedProxy>https://authorized-proxy1</cas:authorizedProxy>
  <cas:authorizedProxy>https://authorized-proxy2</cas:authorizedProxy>
  ...
  <cas:service>http://service-url</cas:service>
</cas:auth>
...

<html>
<body>
<p>Welcome, <%= session.getAttribute("netID") %>!</p>
</body>
</html>

The user will not see any part of the page past the <cas:auth /> tags until he/she has logged in. If the user hasn't logged in yet, a redirect to the CAS login page will be performed.

Also provided with the CAS Tag Library is a logout tag:

<%@ taglib uri="http://www.yale.edu/its/tp/cas/version2" prefix="cas" %>
<%-- first destroy the web application's session --%>
<%   session.invalidate(); %>
<%-- then logout of CAS --%>
<cas:logout var="netID" scope="session"
    logoutUrl="https://secure.its.yale.edu/cas/logout" />