You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by Vlachogiannis Evangelos <ev...@aegean.gr> on 2009/07/22 21:09:16 UTC

ΑΠ: CAS authentication / authorization

Hi list,

I think I have found some solutions (attached).

- for allowing public pages to be visible to guess user and also allow jetspeed users (not CAS user like admin) to login I have introduced a folder "caslogin" and configured CAS filter with pattern "/portal/caslogin". So only then the user is being redirected to the CAS authentication service. I simply provide a login link with url "/portal/caslogin"

- my second problem was about users that appear in CAS but not in jetspeed. I have developed a filter that when such a login takes place, jetspeed creates a jetspeed user with same username and default roles and pages. 

- my 3rd problem was logout. When a user logout need to be logout both from jetspeed2 context and CAS. For that I have slightly modified the jetspeed logout servet. 

That�s all for now.. Please let me know for any better solutions. 
Thanks,
Vangelis


________________________________________
���: Evangelos Vlachogiannis [evlach@aegean.gr]
��������: �������, 22 ������� 2009 6:55 ��
����: Jetspeed Developers List
����: Re: CAS authentication / authorization

I would like to ask if Portaladministation.registeruser created also
userfolder and create appropriate permissions so that the user can
personalize its pages (Add portlets e.t.c.)

thnx in advance,
Vangelis

David Sean Taylor wrote:
> On Jul 21, 2009, at 1:35 AM, Evangelos Vlachogiannis wrote:
>
>
>> Hi again,
>>
>> thnx for the response. I use jetspeed 2.2 but I do not want to talk
>> directly to the LDAP.
>> I am introducing a filter based on PortalFilter (see attached
>> CASPortalFilter.java implementation in order to: (http://u-portal.gunet.gr:8080/uportal3/
>> )
>> - get the username of authenticated user -> done
>> - if username does not appear in portal db -> create new user with
>> username and assign default group/roles (in future I plan to
>> introduce a mapping mechanism)
>> - put principal in portal context
>>
>> Problems till now:
>> - exception (see attached exception.txt) Any help ??
>> - As the CAS filter has a url-pattern="/*" (see web.xml) how can a
>> user see public pages without being redirected to CAS
>> Any help would be appreciated.
>>
>>
>  From the line number of the NPE, my guess is that the user is null
>
> Do you see any of these exceptions occurring?
>
>       } catch (RegistrationException e1) {
>                                       // TODO Auto-generated catch block
>                                       System.out.println("user: " + userName + " not created");
>                               } catch (SecurityException e1) {
>                                       // TODO Auto-generated catch block
>                                       System.out.println("user: " + userName + " not created");
>                               }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.392 / Virus Database: 270.13.20/2251 - Release Date: 07/20/09 18:29:00
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

Re: ΑΠ: CAS authentication / authorization

Posted by David Sean Taylor <d....@onehippo.com>.

On Jul 22, 2009, at 12:09 PM, Vlachogiannis Evangelos wrote:

> Hi list,
>
> I think I have found some solutions (attached).
>
> - for allowing public pages to be visible to guess user and also  
> allow jetspeed users (not CAS user like admin) to login I have  
> introduced a folder "caslogin" and configured CAS filter with  
> pattern "/portal/caslogin". So only then the user is being  
> redirected to the CAS authentication service. I simply provide a  
> login link with url "/portal/caslogin"
>
> - my second problem was about users that appear in CAS but not in  
> jetspeed. I have developed a filter that when such a login takes  
> place, jetspeed creates a jetspeed user with same username and  
> default roles and pages.
>
> - my 3rd problem was logout. When a user logout need to be logout  
> both from jetspeed2 context and CAS. For that I have slightly  
> modified the jetspeed logout servet.
>
> That’s all for now.. Please let me know for any better solutions.
> Thanks,
> Vangelis
>
Hi Vangelis,

[Sorry for the late response, on vacation]

I downloaded your zip and will try to review it over the next week or  
so, as Im interested in a CAS solution. If it looks good I would like  
to contribute it to the project

I've created a JIRA issue for you to track:

https://issues.apache.org/jira/browse/JS2-1055

>
> ________________________________________
> Από: Evangelos Vlachogiannis [evlach@aegean.gr]
> Αποστολή: Τετάρτη, 22 Ιουλίου 2009 6:55 μμ
> Προς: Jetspeed Developers List
> Θέμα: Re: CAS authentication / authorization
>
> I would like to ask if Portaladministation.registeruser created also
> userfolder and create appropriate permissions so that the user can
> personalize its pages (Add portlets e.t.c.)
>

Yes it can. There are a number of params on registerUser's 3 signatures:

  registerUser
void registerUser(java.lang.String userName,
                   java.lang.String password,
                   java.util.List roles,
                   java.util.List groups,
                   java.util.Map userInfo,
                   java.util.Map rules,
                   java.lang.String template,
                   java.lang.String subsiteFolder)
                   throws RegistrationException
Registers and creates a new user, assigning userInfo, roles, groups,  
profiling rules and a folder template. If any values are null,  
defaults are used from the system wide configuration.

Parameters:

userName - Unique user principal identifier
password - Password for this user
roles - A list of roles to assign to this user
groups - A list of groups to assign to this user
userInfo - Portlet API User Information Attributes name value pairs  
(PLT.D)
rules - A map of name value pairs of profiling rules. Well known rules  
names are 'page' and 'menu'
template - The full PSML path name of a folder to be deep copied as  
the new user's set of folders, pages, links
subsiteFolder - The subsite folder to place the new user in
Throws:RegistrationException
Since:2.1.2 registerUser
So if you specify the subsiteFolder to point to a site path, such / 
_user/templates/mytemplate, it will copy that template to the new  
user's home 
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org