[cas-dev] Custom Attribute Resolver.. help needed.
Scott Battaglia
scott.battaglia at gmail.com
Thu May 22 11:45:27 EDT 2008
Sean,
Two questions/comments:
1. Are you using the AttributePrincipal? My guess is you are. If not, you
should be ;-)
2. The attributes release is dependent on the services management tool.
We've actually built a way to use it without using it (if that made sense).
If you don't want to register all of your services in the tool, then you can
configure in the XML configuration the default attributes that get passed
back (since everything matches the default service if you have none
configured). Take a look at the Javadoc for the DefaultServicesManager. I
believe the constructor takes a list of Strings (which would be the
attribute names)
-Scott
On Thu, May 22, 2008 at 11:29 AM, Sean R. McNamara <
sean.r.mcnamara at dartmouth.edu> wrote:
> Hi all,
>
> I'm working to develop a custom attribute resolver, and am more or less
> following the model given by
> CredentialsToLDAPAttributePrincipalResolver.java.
>
>
> I've built a custom Credentials -> Principal resolver,
> CredentialsToDNDFieldPrincipalResolver
> a custom PersonAttributeDao, DNDPersonAttributeDao,
>
> and have configured the deployerConfigContext.xml as follows:
>
> [.....]
> <property name="credentialsToPrincipalResolvers">
> <list>
> <bean
>
>
> class="org.jasig.cas.authentication.principal.CredentialsToDNDFieldPrincipalResolver">
> <!-- The Principal resolver form
> the credentials -->
> <property
> name="credentialsToPrincipalResolver">
> <bean
>
> class="edu.dartmouth.cas.authentication.principal.DartmouthUsernamePasswordCredentialsToPrincipalResolver"
> />
>
> </property>
> <!-- The query made to find the
> Principal ID. "%u" will be replaced by the resolved Principal -->
> <property name="filter"
> value="%u" />
>
> <!-- The attribute used to
> define the new Principal ID -->
>
> <property
> name="principalAttributeName" value="name" />
>
> <property
> name="attributeRepository">
> <ref
> bean="attributeRepository" />
> </property>
>
> </bean>
> [.....]
>
> <bean id="attributeRepository"
>
> class="org.jasig.services.persondir.support.dnd.DNDPersonAttributeDao">
> <property name="fieldsToAttributes">
> <map>
> <entry key="lastname" value="lastname" />
> <entry key="firstname" value="firstname" />
> <entry key="name" value="name" />
> </map>
> </property>
> </bean>
>
>
>
> The code compiles, and according to some debug I've inserted into the
> code, successfully builds the Principal and populates the attributes,
> however, in casServiceValidationSuccess.jsp, when I attempt to access
> the attributeMap as follows:
>
>
> /<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> principal.id)}</cas:user>/
> <c:forEach var="auth" items="${assertion.chainedAuthentications}">
> <c:forEach var="attr" items="${auth.principal.attributes}" >
> <cas:attribute name="${fn:escapeXml(attr.key)}"
> value="${fn:escapeXml(attr.value)}"/>
> </c:forEach>
> </c:forEach>
>
> I only see the <cas:user>...</cas:user> data in my response. I
> verified I'm modifying the correct .jsp, so, I know that's not an issue.
>
>
> I'd appreciate any assistance anyone could offer. I'm a little stumped
> at this point. One thing I haven't done and I'm not clear whether or
> not is a necessary step to get this to work, is to enable the Services
> support (http://www.ja-sig.org/wiki/display/CASUM/Configuring) or
> whether that's irrelevant unless I'm looking to use the whitelisting
> features..
>
> Thanks for your help..
>
> ..Sean.
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080522/ea770701/attachment.html
More information about the cas-dev
mailing list