[cas-dev] Custom Attribute Resolver.. help needed.
Scott Battaglia
scott.battaglia at gmail.com
Thu May 22 13:16:44 EDT 2008
The second constructor has a list of attributes:
https://www.ja-sig.org/svn/cas3/trunk/cas-server-core/src/main/java/org/jasig/cas/services/DefaultServicesManagerImpl.java
On Thu, May 22, 2008 at 1:06 PM, Sean R. McNamara <
sean.r.mcnamara at dartmouth.edu> wrote:
> Scott,
>
> 3.2.
>
> ..Sean.
>
>
> Scott Battaglia wrote:
> > Sean,
> >
> > Which version of CAS are you working with?
> >
> > -Scott
> >
> > On Thu, May 22, 2008 at 12:23 PM, Sean R. McNamara
> > <sean.r.mcnamara at dartmouth.edu <mailto:sean.r.mcnamara at dartmouth.edu>>
> > wrote:
> >
> > Scott,
> >
> > Regarding the DefaultServicesManager, there are two things --
> > first, the
> > constructor doesn't take a list of Strings, it takes
> > ServiceRegistryDao
> > .. and secondly, it appears that the findServiceBy() method will
> > return
> > a default RegisteredService granting access to anything if the
> > Registry
> > is empty. However, it doesn't set anything regarding the
> > allowedAttributes. How would I pass a static list of allowed
> > attributes in this case?
> >
> > Thanks again for the help.. I'm still feeling my way around in the
> > dark here and I appreciate your time!
> >
> > ..Sean.
> >
> >
> > Scott Battaglia wrote:
> > > Sean,
> > >
> > > Two questions/comments:
> > >
> > > 1. Are you using the AttributePrincipal? My guess is you are.
> > If not,
> > > you should be ;-)
> > >
> > > 2. The attributes release is dependent on the services management
> > > tool. We've actually built a way to use it without using it (if
> that
> > > made sense). If you don't want to register all of your services in
> > > the tool, then you can configure in the XML configuration the
> > default
> > > attributes that get passed back (since everything matches the
> > default
> > > service if you have none configured). Take a look at the
> > Javadoc for
> > > the DefaultServicesManager. I believe the constructor takes a
> > list of
> > > Strings (which would be the attribute names)
> > >
> > > -Scott
> > >
> > > On Thu, May 22, 2008 at 11:29 AM, Sean R. McNamara
> > > <sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>
> > <mailto:sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>>>
> > > wrote:
> > >
> > > Hi all,
> > >
> > > I'm working to develop a custom attribute resolver, and am
> > more or
> > > less
> > > following the model given by
> > > CredentialsToLDAPAttributePrincipalResolver.java.
> > >
> > >
> > > I've built a custom Credentials -> Principal resolver,
> > > CredentialsToDNDFieldPrincipalResolver
> > > a custom PersonAttributeDao, DNDPersonAttributeDao,
> > >
> > > and have configured the deployerConfigContext.xml as follows:
> > >
> > > [.....]
> > > <property
> name="credentialsToPrincipalResolvers">
> > > <list>
> > > <bean
> > >
> > >
> >
> class="org.jasig.cas.authentication.principal.CredentialsToDNDFieldPrincipalResolver">
> > > <!-- The Principal
> > resolver
> > > form
> > > the credentials -->
> > > <property
> > > name="credentialsToPrincipalResolver">
> > > <bean
> > >
> >
> class="edu.dartmouth.cas.authentication.principal.DartmouthUsernamePasswordCredentialsToPrincipalResolver"
> > > />
> > >
> > > </property>
> > > <!-- The query made
> > to find the
> > > Principal ID. "%u" will be replaced by the resolved
> > Principal -->
> > > <property name="filter"
> > > value="%u" />
> > >
> > > <!-- The attribute
> > used to
> > > define the new Principal ID -->
> > >
> > > <property
> > > name="principalAttributeName" value="name" />
> > >
> > > <property
> > > name="attributeRepository">
> > > <ref
> > > bean="attributeRepository" />
> > > </property>
> > >
> > > </bean>
> > > [.....]
> > >
> > > <bean id="attributeRepository"
> > >
> > >
> >
> class="org.jasig.services.persondir.support.dnd.DNDPersonAttributeDao">
> > > <property name="fieldsToAttributes">
> > > <map>
> > > <entry key="lastname"
> > > value="lastname" />
> > > <entry key="firstname"
> > > value="firstname" />
> > > <entry key="name" value="name"
> />
> > > </map>
> > > </property>
> > > </bean>
> > >
> > >
> > >
> > > The code compiles, and according to some debug I've inserted
> > into the
> > > code, successfully builds the Principal and populates the
> > attributes,
> > > however, in casServiceValidationSuccess.jsp, when I attempt
> > to access
> > > the attributeMap as follows:
> > >
> > >
> >
> /<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> principal.id
> > <http://principal.id>
> > > <http://principal.id>)}</cas:user>/
> > > <c:forEach var="auth"
> > items="${assertion.chainedAuthentications}">
> > > <c:forEach var="attr" items="${auth.principal.attributes}" >
> > > <cas:attribute name="${fn:escapeXml(attr.key)}"
> > > value="${fn:escapeXml(attr.value)}"/>
> > > </c:forEach>
> > > </c:forEach>
> > >
> > > I only see the <cas:user>...</cas:user> data in my response.
> > I
> > > verified I'm modifying the correct .jsp, so, I know that's
> > not an
> > > issue.
> > >
> > >
> > > I'd appreciate any assistance anyone could offer. I'm a little
> > > stumped
> > > at this point. One thing I haven't done and I'm not clear
> > > whether or
> > > not is a necessary step to get this to work, is to enable
> > the Services
> > > support
> > (http://www.ja-sig.org/wiki/display/CASUM/Configuring) or
> > > whether that's irrelevant unless I'm looking to use the
> > whitelisting
> > > features..
> > >
> > > Thanks for your help..
> > >
> > > ..Sean.
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > <mailto:cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>>
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > > PGP Public Key Id: 0x383733AA
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080522/ebd8c87b/attachment-0001.html
More information about the cas-dev
mailing list