Starting with the patched https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.8/ I pulled in all the changes from CAS Server 3.4.10.
Resources
The LPPE module currently has files under /src/main/resources/ that map to cas-server-webapp/src/main/webapp/. These files could be applied via Maven Overlay if they were in the right directory.
resources/classes/ -> webapp/WEB-INF/classes/
default_views.properties
- added additional views for LPPE
protocol_views.properties
- added postWarnPassResponseView class and url for casWarnPassPostResponseView.jsp (what is this for?)
message.properties (renamed to message_en.properties)
- added messages for LPPE
resources/spring-configuration/ -> webapp/WEB-INF/spring-configuration/
applicationContext.xml
- LPPE depends on a modified CASImpl.
<bean id="centralAuthenticationService" class="org.jasig.cas.LdapPwdCentralAuthenticationServiceImpl"...
passwordWarningCheck.xml
- new file defining beans for LPPE
resources/view/jsp/default/ui -> webapp/WEB-INF/view/jsp/default/ui
New UX files for LPPE
- casAccountDisabledView.jsp
- casAccountLockedView.jsp
- casBadWorkstationView.jsp
- casExpiredPassView.jsp
- casMustChangePassword.jsp
- casWarnPassView.jsp
resources/view/jsp/protocol -> webapp/WEB-INF/view/jsp/protocol
casWarnPassPostResponseView.jsp
- new file
resources/cas-servlet.xml -> webapp/WEB-INF/cas-servlet.xml
Additions:
<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.LdapPwdAuthenticationViaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"
p:errorProcessor-ref="firstErrorProcessor" />
resources/deployerConfigContext.xml -> webapp/WEB-INF/deployerConfigContext.xml
Changes:
<bean class="org.jasig.cas.adaptors.ldappwd.BindLdapAuthenticationHandler"> <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=people,dc=rutgers,dc=edu" /> <property name="contextSource" ref="contextSource" /> <property name="errorProcessor" ref="firstErrorProcessor" /> </bean>
Additions:
<bean id="firstErrorProcessor" class="org.jasig.cas.adaptors.ldappwd.util.ExpiredPasswordErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.AccountLockedErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.MustChangePasswordErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.BadHoursErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.BadWorkstationErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.AccountDisabledErrorProcessor" />
</property>
</bean>
</property>
</bean>
</property>
</bean>
</property>
</bean>
</property>
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="anonymousReadOnly" value="false" />
<property name="password" value="{password_goes_here}" />
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldap://ldap.rutgers.edu:636/</value>
<value>ldap://ldap2.rutgers.edu:636/</value>
</list>
</property>
<property name="userDn" value="{username_goes_here}" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>java.naming.security.protocol</value></key>
<value>ssl</value>
</entry>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>