[cas-dev] Custom Attribute Resolver.. help needed.
Scott Battaglia
scott.battaglia at gmail.com
Tue May 27 08:59:29 EDT 2008
Yes, it was added in 3.2.1:
http://www.ja-sig.org/issues/browse/CAS-601
-Scott
On Thu, May 22, 2008 at 2:32 PM, Sean R. McNamara <
sean.r.mcnamara at dartmouth.edu> wrote:
> That's kind of strange, 3.2 has @version $Revision: 42135 $ $Date:
> 2007-06-20 08:07:33 -0400 (Wed, 20 Jun 2007) $ of that file, which
> definitely does not include the second constructor. Was that
> something added for 3.2.1?
>
>
> Scott Battaglia wrote:
> > The second constructor has a list of attributes:
> >
> >
> https://www.ja-sig.org/svn/cas3/trunk/cas-server-core/src/main/java/org/jasig/cas/services/DefaultServicesManagerImpl.java
> >
> > On Thu, May 22, 2008 at 1:06 PM, Sean R. McNamara
> > <sean.r.mcnamara at dartmouth.edu <mailto:sean.r.mcnamara at dartmouth.edu>>
> > wrote:
> >
> > Scott,
> >
> > 3.2.
> >
> > ..Sean.
> >
> >
> > Scott Battaglia wrote:
> > > Sean,
> > >
> > > Which version of CAS are you working with?
> > >
> > > -Scott
> > >
> > > On Thu, May 22, 2008 at 12:23 PM, Sean R. McNamara
> > > <sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>
> > <mailto:sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>>>
> > > wrote:
> > >
> > > Scott,
> > >
> > > Regarding the DefaultServicesManager, there are two things --
> > > first, the
> > > constructor doesn't take a list of Strings, it takes
> > > ServiceRegistryDao
> > > .. and secondly, it appears that the findServiceBy() method
> will
> > > return
> > > a default RegisteredService granting access to anything if the
> > > Registry
> > > is empty. However, it doesn't set anything regarding the
> > > allowedAttributes. How would I pass a static list of allowed
> > > attributes in this case?
> > >
> > > Thanks again for the help.. I'm still feeling my way
> > around in the
> > > dark here and I appreciate your time!
> > >
> > > ..Sean.
> > >
> > >
> > > Scott Battaglia wrote:
> > > > Sean,
> > > >
> > > > Two questions/comments:
> > > >
> > > > 1. Are you using the AttributePrincipal? My guess is you
> are.
> > > If not,
> > > > you should be ;-)
> > > >
> > > > 2. The attributes release is dependent on the services
> > management
> > > > tool. We've actually built a way to use it without using
> > it (if that
> > > > made sense). If you don't want to register all of your
> > services in
> > > > the tool, then you can configure in the XML configuration the
> > > default
> > > > attributes that get passed back (since everything matches the
> > > default
> > > > service if you have none configured). Take a look at the
> > > Javadoc for
> > > > the DefaultServicesManager. I believe the constructor takes
> a
> > > list of
> > > > Strings (which would be the attribute names)
> > > >
> > > > -Scott
> > > >
> > > > On Thu, May 22, 2008 at 11:29 AM, Sean R. McNamara
> > > > <sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>
> > > <mailto:sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>>
> > > <mailto:sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>
> > > <mailto:sean.r.mcnamara at dartmouth.edu
> > <mailto:sean.r.mcnamara at dartmouth.edu>>>>
> > > > wrote:
> > > >
> > > > Hi all,
> > > >
> > > > I'm working to develop a custom attribute resolver, and
> am
> > > more or
> > > > less
> > > > following the model given by
> > > > CredentialsToLDAPAttributePrincipalResolver.java.
> > > >
> > > >
> > > > I've built a custom Credentials -> Principal resolver,
> > > > CredentialsToDNDFieldPrincipalResolver
> > > > a custom PersonAttributeDao, DNDPersonAttributeDao,
> > > >
> > > > and have configured the deployerConfigContext.xml as
> > follows:
> > > >
> > > > [.....]
> > > > <property
> > name="credentialsToPrincipalResolvers">
> > > > <list>
> > > > <bean
> > > >
> > > >
> > >
> >
> class="org.jasig.cas.authentication.principal.CredentialsToDNDFieldPrincipalResolver">
> > > > <!-- The Principal
> > > resolver
> > > > form
> > > > the credentials -->
> > > > <property
> > > > name="credentialsToPrincipalResolver">
> > > > <bean
> > > >
> > >
> >
> class="edu.dartmouth.cas.authentication.principal.DartmouthUsernamePasswordCredentialsToPrincipalResolver"
> > > > />
> > > >
> > > > </property>
> > > > <!-- The query
> made
> > > to find the
> > > > Principal ID. "%u" will be replaced by the resolved
> > > Principal -->
> > > > <property
> > name="filter"
> > > > value="%u" />
> > > >
> > > > <!-- The attribute
> > > used to
> > > > define the new Principal ID -->
> > > >
> > > > <property
> > > > name="principalAttributeName" value="name" />
> > > >
> > > > <property
> > > > name="attributeRepository">
> > > > <ref
> > > > bean="attributeRepository" />
> > > > </property>
> > > >
> > > > </bean>
> > > > [.....]
> > > >
> > > > <bean id="attributeRepository"
> > > >
> > > >
> > >
> >
> class="org.jasig.services.persondir.support.dnd.DNDPersonAttributeDao">
> > > > <property name="fieldsToAttributes">
> > > > <map>
> > > > <entry key="lastname"
> > > > value="lastname" />
> > > > <entry key="firstname"
> > > > value="firstname" />
> > > > <entry key="name"
> > value="name" />
> > > > </map>
> > > > </property>
> > > > </bean>
> > > >
> > > >
> > > >
> > > > The code compiles, and according to some debug I've
> > inserted
> > > into the
> > > > code, successfully builds the Principal and populates the
> > > attributes,
> > > > however, in casServiceValidationSuccess.jsp, when I
> > attempt
> > > to access
> > > > the attributeMap as follows:
> > > >
> > > >
> > >
> >
> /<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> principal.id
> > <http://principal.id>
> > > <http://principal.id>
> > > > <http://principal.id>)}</cas:user>/
> > > > <c:forEach var="auth"
> > > items="${assertion.chainedAuthentications}">
> > > > <c:forEach var="attr"
> > items="${auth.principal.attributes}" >
> > > > <cas:attribute name="${fn:escapeXml(attr.key)}"
> > > > value="${fn:escapeXml(attr.value)}"/>
> > > > </c:forEach>
> > > > </c:forEach>
> > > >
> > > > I only see the <cas:user>...</cas:user> data in my
> > response.
> > > I
> > > > verified I'm modifying the correct .jsp, so, I know
> that's
> > > not an
> > > > issue.
> > > >
> > > >
> > > > I'd appreciate any assistance anyone could offer. I'm
> > a little
> > > > stumped
> > > > at this point. One thing I haven't done and I'm
> > not clear
> > > > whether or
> > > > not is a necessary step to get this to work, is to enable
> > > the Services
> > > > support
> > > (http://www.ja-sig.org/wiki/display/CASUM/Configuring) or
> > > > whether that's irrelevant unless I'm looking to use the
> > > whitelisting
> > > > features..
> > > >
> > > > Thanks for your help..
> > > >
> > > > ..Sean.
> > > >
> > > > _______________________________________________
> > > > cas-dev mailing list
> > > > cas-dev at tp.its.yale.edu
> > <mailto:cas-dev at tp.its.yale.edu> <mailto:cas-dev at tp.its.yale.edu
> > <mailto:cas-dev at tp.its.yale.edu>>
> > > <mailto:cas-dev at tp.its.yale.edu
> > <mailto:cas-dev at tp.its.yale.edu> <mailto:cas-dev at tp.its.yale.edu
> > <mailto:cas-dev at tp.its.yale.edu>>>
> > > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > -Scott Battaglia
> > > > PGP Public Key Id: 0x383733AA
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > _______________________________________________
> > > > cas-dev mailing list
> > > > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > <mailto:cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>>
> > > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > > >
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > <mailto:cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>>
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > > PGP Public Key Id: 0x383733AA
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080527/5f84b4d2/attachment-0001.html
More information about the cas-dev
mailing list