[cas-dev] Custom Attribute Resolver.. help needed.
Scott Battaglia
scott.battaglia at gmail.com
Thu May 22 12:32:07 EDT 2008
Sean,
Which version of CAS are you working with?
-Scott
On Thu, May 22, 2008 at 12:23 PM, Sean R. McNamara <
sean.r.mcnamara at dartmouth.edu> wrote:
> Scott,
>
> Regarding the DefaultServicesManager, there are two things -- first, the
> constructor doesn't take a list of Strings, it takes ServiceRegistryDao
> .. and secondly, it appears that the findServiceBy() method will return
> a default RegisteredService granting access to anything if the Registry
> is empty. However, it doesn't set anything regarding the
> allowedAttributes. How would I pass a static list of allowed
> attributes in this case?
>
> Thanks again for the help.. I'm still feeling my way around in the
> dark here and I appreciate your time!
>
> ..Sean.
>
>
> Scott Battaglia wrote:
> > Sean,
> >
> > Two questions/comments:
> >
> > 1. Are you using the AttributePrincipal? My guess is you are. If not,
> > you should be ;-)
> >
> > 2. The attributes release is dependent on the services management
> > tool. We've actually built a way to use it without using it (if that
> > made sense). If you don't want to register all of your services in
> > the tool, then you can configure in the XML configuration the default
> > attributes that get passed back (since everything matches the default
> > service if you have none configured). Take a look at the Javadoc for
> > the DefaultServicesManager. I believe the constructor takes a list of
> > Strings (which would be the attribute names)
> >
> > -Scott
> >
> > On Thu, May 22, 2008 at 11:29 AM, Sean R. McNamara
> > <sean.r.mcnamara at dartmouth.edu <mailto:sean.r.mcnamara at dartmouth.edu>>
> > wrote:
> >
> > Hi all,
> >
> > I'm working to develop a custom attribute resolver, and am more or
> > less
> > following the model given by
> > CredentialsToLDAPAttributePrincipalResolver.java.
> >
> >
> > I've built a custom Credentials -> Principal resolver,
> > CredentialsToDNDFieldPrincipalResolver
> > a custom PersonAttributeDao, DNDPersonAttributeDao,
> >
> > and have configured the deployerConfigContext.xml as follows:
> >
> > [.....]
> > <property name="credentialsToPrincipalResolvers">
> > <list>
> > <bean
> >
> >
> class="org.jasig.cas.authentication.principal.CredentialsToDNDFieldPrincipalResolver">
> > <!-- The Principal resolver
> > form
> > the credentials -->
> > <property
> > name="credentialsToPrincipalResolver">
> > <bean
> >
> class="edu.dartmouth.cas.authentication.principal.DartmouthUsernamePasswordCredentialsToPrincipalResolver"
> > />
> >
> > </property>
> > <!-- The query made to find
> the
> > Principal ID. "%u" will be replaced by the resolved Principal -->
> > <property name="filter"
> > value="%u" />
> >
> > <!-- The attribute used to
> > define the new Principal ID -->
> >
> > <property
> > name="principalAttributeName" value="name" />
> >
> > <property
> > name="attributeRepository">
> > <ref
> > bean="attributeRepository" />
> > </property>
> >
> > </bean>
> > [.....]
> >
> > <bean id="attributeRepository"
> >
> >
> class="org.jasig.services.persondir.support.dnd.DNDPersonAttributeDao">
> > <property name="fieldsToAttributes">
> > <map>
> > <entry key="lastname"
> > value="lastname" />
> > <entry key="firstname"
> > value="firstname" />
> > <entry key="name" value="name" />
> > </map>
> > </property>
> > </bean>
> >
> >
> >
> > The code compiles, and according to some debug I've inserted into the
> > code, successfully builds the Principal and populates the attributes,
> > however, in casServiceValidationSuccess.jsp, when I attempt to access
> > the attributeMap as follows:
> >
> >
> /<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> principal.id
> > <http://principal.id>)}</cas:user>/
> > <c:forEach var="auth" items="${assertion.chainedAuthentications}">
> > <c:forEach var="attr" items="${auth.principal.attributes}" >
> > <cas:attribute name="${fn:escapeXml(attr.key)}"
> > value="${fn:escapeXml(attr.value)}"/>
> > </c:forEach>
> > </c:forEach>
> >
> > I only see the <cas:user>...</cas:user> data in my response. I
> > verified I'm modifying the correct .jsp, so, I know that's not an
> > issue.
> >
> >
> > I'd appreciate any assistance anyone could offer. I'm a little
> > stumped
> > at this point. One thing I haven't done and I'm not clear
> > whether or
> > not is a necessary step to get this to work, is to enable the
> Services
> > support (http://www.ja-sig.org/wiki/display/CASUM/Configuring) or
> > whether that's irrelevant unless I'm looking to use the whitelisting
> > features..
> >
> > Thanks for your help..
> >
> > ..Sean.
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080522/896cb6e1/attachment-0001.html
More information about the cas-dev
mailing list