[cas-dev] Custom Attribute Resolver.. help needed.
Sean R. McNamara
sean.r.mcnamara at Dartmouth.EDU
Thu May 22 13:06:32 EDT 2008
Scott,
3.2.
..Sean.
Scott Battaglia wrote:
> Sean,
>
> Which version of CAS are you working with?
>
> -Scott
>
> On Thu, May 22, 2008 at 12:23 PM, Sean R. McNamara
> <sean.r.mcnamara at dartmouth.edu <mailto:sean.r.mcnamara at dartmouth.edu>>
> wrote:
>
> Scott,
>
> Regarding the DefaultServicesManager, there are two things --
> first, the
> constructor doesn't take a list of Strings, it takes
> ServiceRegistryDao
> .. and secondly, it appears that the findServiceBy() method will
> return
> a default RegisteredService granting access to anything if the
> Registry
> is empty. However, it doesn't set anything regarding the
> allowedAttributes. How would I pass a static list of allowed
> attributes in this case?
>
> Thanks again for the help.. I'm still feeling my way around in the
> dark here and I appreciate your time!
>
> ..Sean.
>
>
> Scott Battaglia wrote:
> > Sean,
> >
> > Two questions/comments:
> >
> > 1. Are you using the AttributePrincipal? My guess is you are.
> If not,
> > you should be ;-)
> >
> > 2. The attributes release is dependent on the services management
> > tool. We've actually built a way to use it without using it (if that
> > made sense). If you don't want to register all of your services in
> > the tool, then you can configure in the XML configuration the
> default
> > attributes that get passed back (since everything matches the
> default
> > service if you have none configured). Take a look at the
> Javadoc for
> > the DefaultServicesManager. I believe the constructor takes a
> list of
> > Strings (which would be the attribute names)
> >
> > -Scott
> >
> > On Thu, May 22, 2008 at 11:29 AM, Sean R. McNamara
> > <sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>
> <mailto:sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>>>
> > wrote:
> >
> > Hi all,
> >
> > I'm working to develop a custom attribute resolver, and am
> more or
> > less
> > following the model given by
> > CredentialsToLDAPAttributePrincipalResolver.java.
> >
> >
> > I've built a custom Credentials -> Principal resolver,
> > CredentialsToDNDFieldPrincipalResolver
> > a custom PersonAttributeDao, DNDPersonAttributeDao,
> >
> > and have configured the deployerConfigContext.xml as follows:
> >
> > [.....]
> > <property name="credentialsToPrincipalResolvers">
> > <list>
> > <bean
> >
> >
> class="org.jasig.cas.authentication.principal.CredentialsToDNDFieldPrincipalResolver">
> > <!-- The Principal
> resolver
> > form
> > the credentials -->
> > <property
> > name="credentialsToPrincipalResolver">
> > <bean
> >
> class="edu.dartmouth.cas.authentication.principal.DartmouthUsernamePasswordCredentialsToPrincipalResolver"
> > />
> >
> > </property>
> > <!-- The query made
> to find the
> > Principal ID. "%u" will be replaced by the resolved
> Principal -->
> > <property name="filter"
> > value="%u" />
> >
> > <!-- The attribute
> used to
> > define the new Principal ID -->
> >
> > <property
> > name="principalAttributeName" value="name" />
> >
> > <property
> > name="attributeRepository">
> > <ref
> > bean="attributeRepository" />
> > </property>
> >
> > </bean>
> > [.....]
> >
> > <bean id="attributeRepository"
> >
> >
> class="org.jasig.services.persondir.support.dnd.DNDPersonAttributeDao">
> > <property name="fieldsToAttributes">
> > <map>
> > <entry key="lastname"
> > value="lastname" />
> > <entry key="firstname"
> > value="firstname" />
> > <entry key="name" value="name" />
> > </map>
> > </property>
> > </bean>
> >
> >
> >
> > The code compiles, and according to some debug I've inserted
> into the
> > code, successfully builds the Principal and populates the
> attributes,
> > however, in casServiceValidationSuccess.jsp, when I attempt
> to access
> > the attributeMap as follows:
> >
> >
> /<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id
> <http://principal.id>
> > <http://principal.id>)}</cas:user>/
> > <c:forEach var="auth"
> items="${assertion.chainedAuthentications}">
> > <c:forEach var="attr" items="${auth.principal.attributes}" >
> > <cas:attribute name="${fn:escapeXml(attr.key)}"
> > value="${fn:escapeXml(attr.value)}"/>
> > </c:forEach>
> > </c:forEach>
> >
> > I only see the <cas:user>...</cas:user> data in my response.
> I
> > verified I'm modifying the correct .jsp, so, I know that's
> not an
> > issue.
> >
> >
> > I'd appreciate any assistance anyone could offer. I'm a little
> > stumped
> > at this point. One thing I haven't done and I'm not clear
> > whether or
> > not is a necessary step to get this to work, is to enable
> the Services
> > support
> (http://www.ja-sig.org/wiki/display/CASUM/Configuring) or
> > whether that's irrelevant unless I'm looking to use the
> whitelisting
> > features..
> >
> > Thanks for your help..
> >
> > ..Sean.
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> <mailto:cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> ------------------------------------------------------------------------
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
More information about the cas-dev
mailing list