/
HOWTO utilize javax.servlet.http.HttpServletRequest isUserInRole( java.lang.String role )

HOWTO utilize javax.servlet.http.HttpServletRequest isUserInRole( java.lang.String role )

Apr 10, 2013

Hopefully these notes will evolve into a more formal tutorial.

This example assumes user roles are stored in a database like so:

mysql> select * from VW_USER_ROLES; +----+-----------+---------------+ | ID | LOGINNAME | ROLENAME | +----+-----------+---------------+ | 1 | me | DEBUG | | 1 | me | Super User | +----+-----------+---------------+

Currently works with SAML 1.1 from jasig or by utilizing

            server add-on https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response   ( server version 3.5.1 and above )

            and client add-on https://github.com/Unicon/cas-java-clients-addons ( client version 3.2.1 )

 

(for CAS 2.0 see http://www.ja-sig.org/issues/browse/CAS-655).

  • Client Mods

  •  

    • dependencies

      <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> <version>1.4.5</version> </dependency> <dependency> <groupId>org.opensaml</groupId> <artifactId>opensaml</artifactId> <version>1.1b</version> </dependency>

    • org.jasig.cas.client.authentication.Saml11AuthenticationFilter

    • org.jasig.cas.client.validation.Saml11TicketValidationFilter

    • org.jasig.cas.client.util.HttpServletRequestWrapperFilter

    • Add init-param to HttpServletRequestWrapperFilter :

      <param-name>roleAttribute</param-name> <param-value>USER_ROLE</param-value>

  • Server Mods

    On deployerConfigContext.xml add :

    <bean id="multiRowJdbcPersonAttributeDao" class="org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource" /> <constructor-arg index="1" value="select LOGINNAME, 'USER_ROLE' as attr_name, ROLENAME FROM VW_USER_ROLES WHERE {0}" /> <property name="nameValueColumnMappings"> <map> <entry key="attr_name" value="ROLENAME" /> </map> </property> <property name="queryAttributeMapping"> <map> <entry key="username" value="LOGINNAME" /> </map> </property> </bean>   ...   <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > <property name="attributeRepository" ref="multiRowJdbcPersonAttributeDao"/> </bean> ...

  • Runtime changes

    • in Services Management i.e. /cas/services/ Edit service to 'Ignore Attribute Management via this Tool'