[cas-dev] Custom Attribute Resolver.. help needed.
Sean R. McNamara
sean.r.mcnamara at Dartmouth.EDU
Thu May 22 14:32:51 EDT 2008
That's kind of strange, 3.2 has @version $Revision: 42135 $ $Date:
2007-06-20 08:07:33 -0400 (Wed, 20 Jun 2007) $ of that file, which
definitely does not include the second constructor. Was that
something added for 3.2.1?
Scott Battaglia wrote:
> The second constructor has a list of attributes:
>
> https://www.ja-sig.org/svn/cas3/trunk/cas-server-core/src/main/java/org/jasig/cas/services/DefaultServicesManagerImpl.java
>
> On Thu, May 22, 2008 at 1:06 PM, Sean R. McNamara
> <sean.r.mcnamara at dartmouth.edu <mailto:sean.r.mcnamara at dartmouth.edu>>
> wrote:
>
> Scott,
>
> 3.2.
>
> ..Sean.
>
>
> Scott Battaglia wrote:
> > Sean,
> >
> > Which version of CAS are you working with?
> >
> > -Scott
> >
> > On Thu, May 22, 2008 at 12:23 PM, Sean R. McNamara
> > <sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>
> <mailto:sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>>>
> > wrote:
> >
> > Scott,
> >
> > Regarding the DefaultServicesManager, there are two things --
> > first, the
> > constructor doesn't take a list of Strings, it takes
> > ServiceRegistryDao
> > .. and secondly, it appears that the findServiceBy() method will
> > return
> > a default RegisteredService granting access to anything if the
> > Registry
> > is empty. However, it doesn't set anything regarding the
> > allowedAttributes. How would I pass a static list of allowed
> > attributes in this case?
> >
> > Thanks again for the help.. I'm still feeling my way
> around in the
> > dark here and I appreciate your time!
> >
> > ..Sean.
> >
> >
> > Scott Battaglia wrote:
> > > Sean,
> > >
> > > Two questions/comments:
> > >
> > > 1. Are you using the AttributePrincipal? My guess is you are.
> > If not,
> > > you should be ;-)
> > >
> > > 2. The attributes release is dependent on the services
> management
> > > tool. We've actually built a way to use it without using
> it (if that
> > > made sense). If you don't want to register all of your
> services in
> > > the tool, then you can configure in the XML configuration the
> > default
> > > attributes that get passed back (since everything matches the
> > default
> > > service if you have none configured). Take a look at the
> > Javadoc for
> > > the DefaultServicesManager. I believe the constructor takes a
> > list of
> > > Strings (which would be the attribute names)
> > >
> > > -Scott
> > >
> > > On Thu, May 22, 2008 at 11:29 AM, Sean R. McNamara
> > > <sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>
> > <mailto:sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>>
> > <mailto:sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>
> > <mailto:sean.r.mcnamara at dartmouth.edu
> <mailto:sean.r.mcnamara at dartmouth.edu>>>>
> > > wrote:
> > >
> > > Hi all,
> > >
> > > I'm working to develop a custom attribute resolver, and am
> > more or
> > > less
> > > following the model given by
> > > CredentialsToLDAPAttributePrincipalResolver.java.
> > >
> > >
> > > I've built a custom Credentials -> Principal resolver,
> > > CredentialsToDNDFieldPrincipalResolver
> > > a custom PersonAttributeDao, DNDPersonAttributeDao,
> > >
> > > and have configured the deployerConfigContext.xml as
> follows:
> > >
> > > [.....]
> > > <property
> name="credentialsToPrincipalResolvers">
> > > <list>
> > > <bean
> > >
> > >
> >
> class="org.jasig.cas.authentication.principal.CredentialsToDNDFieldPrincipalResolver">
> > > <!-- The Principal
> > resolver
> > > form
> > > the credentials -->
> > > <property
> > > name="credentialsToPrincipalResolver">
> > > <bean
> > >
> >
> class="edu.dartmouth.cas.authentication.principal.DartmouthUsernamePasswordCredentialsToPrincipalResolver"
> > > />
> > >
> > > </property>
> > > <!-- The query made
> > to find the
> > > Principal ID. "%u" will be replaced by the resolved
> > Principal -->
> > > <property
> name="filter"
> > > value="%u" />
> > >
> > > <!-- The attribute
> > used to
> > > define the new Principal ID -->
> > >
> > > <property
> > > name="principalAttributeName" value="name" />
> > >
> > > <property
> > > name="attributeRepository">
> > > <ref
> > > bean="attributeRepository" />
> > > </property>
> > >
> > > </bean>
> > > [.....]
> > >
> > > <bean id="attributeRepository"
> > >
> > >
> >
> class="org.jasig.services.persondir.support.dnd.DNDPersonAttributeDao">
> > > <property name="fieldsToAttributes">
> > > <map>
> > > <entry key="lastname"
> > > value="lastname" />
> > > <entry key="firstname"
> > > value="firstname" />
> > > <entry key="name"
> value="name" />
> > > </map>
> > > </property>
> > > </bean>
> > >
> > >
> > >
> > > The code compiles, and according to some debug I've
> inserted
> > into the
> > > code, successfully builds the Principal and populates the
> > attributes,
> > > however, in casServiceValidationSuccess.jsp, when I
> attempt
> > to access
> > > the attributeMap as follows:
> > >
> > >
> >
> /<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id
> <http://principal.id>
> > <http://principal.id>
> > > <http://principal.id>)}</cas:user>/
> > > <c:forEach var="auth"
> > items="${assertion.chainedAuthentications}">
> > > <c:forEach var="attr"
> items="${auth.principal.attributes}" >
> > > <cas:attribute name="${fn:escapeXml(attr.key)}"
> > > value="${fn:escapeXml(attr.value)}"/>
> > > </c:forEach>
> > > </c:forEach>
> > >
> > > I only see the <cas:user>...</cas:user> data in my
> response.
> > I
> > > verified I'm modifying the correct .jsp, so, I know that's
> > not an
> > > issue.
> > >
> > >
> > > I'd appreciate any assistance anyone could offer. I'm
> a little
> > > stumped
> > > at this point. One thing I haven't done and I'm
> not clear
> > > whether or
> > > not is a necessary step to get this to work, is to enable
> > the Services
> > > support
> > (http://www.ja-sig.org/wiki/display/CASUM/Configuring) or
> > > whether that's irrelevant unless I'm looking to use the
> > whitelisting
> > > features..
> > >
> > > Thanks for your help..
> > >
> > > ..Sean.
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu
> <mailto:cas-dev at tp.its.yale.edu> <mailto:cas-dev at tp.its.yale.edu
> <mailto:cas-dev at tp.its.yale.edu>>
> > <mailto:cas-dev at tp.its.yale.edu
> <mailto:cas-dev at tp.its.yale.edu> <mailto:cas-dev at tp.its.yale.edu
> <mailto:cas-dev at tp.its.yale.edu>>>
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > > PGP Public Key Id: 0x383733AA
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> <mailto:cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>>
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> <mailto:cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> ------------------------------------------------------------------------
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
More information about the cas-dev
mailing list