Username/password authentication
Scott Battaglia
scott.battaglia at gmail.com
Tue Dec 4 15:53:07 EST 2007
You should be editing the one in cas-server-webapp/pom.xml
-Scott
On Dec 4, 2007 3:52 PM, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> Which pom.xml did you edit?
>
>
> On Dec 4, 2007 3:24 PM, Jonathan Hayward http://JonathansCorner.com <christos.jonathan.hayward at gmail.com>
> wrote:
>
> > P.S.
> >
> > From a fresh computer I installed maven, downloaded a fresh copy of http://www.ja-sig.org/downloads/cas/cas-server-3.1.1-release.zip
> > , unzipped it, changed pom.xml by adding:
> >
> > <dependency>
> > <groupId>${project.groupId}</groupId>
> > <artifactId> cas-server-support-ldap</artifactId>
> > <version>${project.version}</version>
> > </dependency>
> >
> > and cas-server-3.1.1/cas-server-webapp/src/main/webapp/WEB-INF/deployeConfigContext.xml
> > by adding what's at the end of this e-mail, and then running:
> >
> > mvn -Dmaven.test.skip=true package install
> >
> > I got the cyclical dependency error I reported earlier. Is there
> > something wrong with the sanitized XML below that would have introduced a
> > dependency from cas-server-support-ldap onto itself?
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
> > http://www.springframework.org/dtd/spring-beans.dtd">
> > <!--
> > | deployerConfigContext.xml centralizes into one file some of
> > the declarative configuration that
> > | all CAS deployers will need to modify.
> > |
> > | This file declares some of the Spring-managed JavaBeans that
> > make up a CAS deployment.
> > | The beans declared in this file are instantiated at context
> > initialization time by the Spring
> > | ContextLoaderListener declared in web.xml. It finds this file
> > because this
> > | file is among those declared in the context parameter
> > "contextConfigLocation".
> > |
> > | By far the most common change you will need to make in this
> > file is to change the last bean
> > | declaration to replace the default
> > SimpleTestUsernamePasswordAuthenticationHandler with
> > | one implementing your approach for authenticating usernames
> > and passwords.
> > +-->
> > <beans>
> > <!--
> > | This bean declares our AuthenticationManager. The
> > CentralAuthenticationService service bean
> > | declared in applicationContext.xml picks up this
> > AuthenticationManager by reference to its id,
> > | "authenticationManager". Most deployers will be able
> > to use the default AuthenticationManager
> > | implementation and so do not need to change the class
> > of this bean. We include the whole
> > | AuthenticationManager here in the
> > userConfigContext.xml so that you can see the things you will
> > | need to change in context.
> > +-->
> > <bean id="authenticationManager"
> > class="
> > org.jasig.cas.authentication.AuthenticationManagerImpl">
> > <!--
> > | This is the List of
> > CredentialToPrincipalResolvers that identify what Principal is trying to
> > authenticate.
> > | The AuthenticationManagerImpl considers them
> > in order, finding a CredentialToPrincipalResolver which
> > | supports the presented credentials.
> > |
> > | AuthenticationManagerImpl uses these resolvers
> > for two purposes. First, it uses them to identify the Principal
> > | attempting to authenticate to CAS /login . In
> > the default configuration, it is the DefaultCredentialsToPrincipalResolver
> > | that fills this role. If you are using some
> > other kind of credentials than UsernamePasswordCredentials, you will need to
> > replace
> > | DefaultCredentialsToPrincipalResolver with a
> > CredentialsToPrincipalResolver that supports the credentials you are
> > | using.
> > |
> > | Second, AuthenticationManagerImpl uses these
> > resolvers to identify a service requesting a proxy granting ticket.
> > | In the default configuration, it is the
> > HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
> > | You will need to change this list if you are
> > identifying services by something more or other than their callback URL.
> > +-->
> > <property name="credentialsToPrincipalResolvers">
> > <list>
> > <!--
> > |
> > UsernamePasswordCredentialsToPrincipalResolver supports the
> > UsernamePasswordCredentials that we use for /login
> > | by default and produces
> > SimplePrincipal instances conveying the username from the credentials.
> > |
> > | If you've changed your
> > LoginFormAction to use credentials other than UsernamePasswordCredentials
> > then you will also
> > | need to change this bean
> > declaration (or add additional declarations) to declare a
> > CredentialsToPrincipalResolver that supports the
> > | Credentials you are using.
> > +-->
> > <bean
> > class="
> > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
> > <!--
> > |
> > HttpBasedServiceCredentialsToPrincipalResolver supports
> > HttpBasedCredentials. It supports the CAS 2.0 approach of
> > | authenticating services by SSL
> > callback, extracting the callback URL from the Credentials and representing
> > it as a
> > | SimpleService identified by
> > that callback URL.
> > |
> > | If you are representing
> > services by something more or other than an HTTPS URL whereat they are able
> > to
> > | receive a proxy callback, you
> > will need to change this bean declaration (or add additional declarations).
> > +-->
> > <bean
> > class="
> > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> > />
> > </list>
> > </property>
> >
> > <!--
> > | Whereas CredentialsToPrincipalResolvers
> > identify who it is some Credentials might authenticate,
> > | AuthenticationHandlers actually authenticate
> > credentials. Here we declare the AuthenticationHandlers that
> > | authenticate the Principals that the
> > CredentialsToPrincipalResolvers identified. CAS will try these handlers in
> > turn
> > | until it finds one that both supports the
> > Credentials presented and succeeds in authenticating.
> > +-->
> > <property name="authenticationHandlers">
> > <list>
> > <!--
> > | This is the authentication
> > handler that authenticates services by means of callback via SSL, thereby
> > validating
> > | a server side SSL certificate.
> > +-->
> > <bean
> > class="
> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> > />
> >
> > <!--
> > | This is the authentication
> > handler declaration that every CAS deployer will need to change before
> > deploying CAS
> > | into production. The default
> > SimpleTestUsernamePasswordAuthenticationHandler authenticates
> > UsernamePasswordCredentials
> > | where the username equals the
> > password. You will need to replace this with an AuthenticationHandler that
> > implements your
> > | local authentication
> > strategy. You might accomplish this by coding a new such handler and
> > declaring
> > |
> > edu.someschool.its.cas.MySpecialHandler here, or you might use one of
> > the handlers provided in the adaptors modules.
> > +-->
> > <bean class="
> > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler ">
> > <property name="filter"
> > value="sAMAccountName=%u" />
> > <property name="searchBase"
> > value="[DELETED]" />
> > <property name="contextSource"
> > ref="contextSource" />
> > <property
> > name="ignorePartialResultException" value="yes" /> <!-- fix because of how
> > AD returns results -->
> > </bean>
> >
> >
> > </list>
> > </property>
> > </bean>
> >
> > <bean id="contextSource" class="
> > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > <property name="anonymousReadOnly" value="false" />
> > <property name="pooled" value="true" />
> > <property name="urls">
> > <list>
> > <value>ldap://[DELETED]</value>
> > </list>
> > </property>
> > <property name="userName" value="[DELETED]" />
> > <property name="password" value="[DELETED]" />
> > <property name="baseEnvironmentProperties">
> > <map>
> > <entry>
> > <key><value>
> > java.naming.security.protocol</value></key>
> > <value>ssl</value>
> > </entry>
> > <entry>
> > <key><value>
> > java.naming.security.authentication</value></key>
> > <value>simple</value>
> > </entry>
> > </map>
> > </property>
> > </bean>
> >
> > </beans>
> >
> > On 12/4/07, Jonathan Hayward http://JonathansCorner.com <christos.jonathan.hayward at gmail.com >
> > wrote:
> > >
> > > I was working with a fresh copy, and got the following error after
> > > changing the root pom.xml file by inserting the requested dependency
> > > before the others. The error also occurs if I insert it at the end, and it
> > > builds if I comment the dependency out. cas-server-support-ldap only depends
> > > on the core.
> > >
> > > What would I have done to
> > >
> > > $ mvn -Dmaven.test.skip=true clean package install
> > > [INFO] Scanning for projects...
> > > [INFO]
> > > ------------------------------------------------------------------------
> > > [ERROR] BUILD FAILURE
> > > [INFO]
> > > ------------------------------------------------------------------------
> > > [INFO] The projects in the reactor contain a cyclic reference: Edge
> > > between 'Vertex{label='org.jasig.cas:cas-server-support-ldap ' }' and
> > > 'Vertex{label='org.jasig.cas:cas-server-support-ldap'}' introduces to
> > > cycle in the graph org.jasig.c
> > > as:cas-server-support-ldap --> org.jasig.cas:cas-server-support-ldap
> > > [INFO]
> > > ------------------------------------------------------------------------
> > > [INFO] For more information, run Maven with the -e switch
> > > [INFO]
> > > ------------------------------------------------------------------------
> > > [INFO] Total time: < 1 second
> > > [INFO] Finished at: Tue Dec 04 13:33:44 CST 2007
> > > [INFO] Final Memory: 1M/3M
> > > [INFO]
> > > ------------------------------------------------------------------------
> > >
> > > On Dec 4, 2007 12:44 PM, Scott Battaglia < scott.battaglia at gmail.com>
> > > wrote:
> > >
> > > > If its still authenticating username/username that means that your
> > > > deployerConfigContext.xml in
> > > > cas-server-webapp/src/main/webapp/WEB-INF has not been updated or you've
> > > > deployed an incorrect WAR file.
> > > >
> > > > -Scott
> > > >
> > > >
> > > > On Dec 4, 2007 11:41 AM, Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/><christos.jonathan.hayward at gmail.com >
> > > > wrote:
> > > >
> > > > > I had some initial issues with a web proxy handing Maven a "Please
> > > > > authenticate yourself" redirect when Maven tried to download its first XML
> > > > > file. Those are solved now.
> > > > >
> > > > > After that, I tried a rebuild, wiped Liferay's tmp directory, and
> > > > > bounced Liferay. It's still authenticating username/username rather than
> > > > > password/password.
> > > > >
> > > > >
> > > > > On Dec 3, 2007 10:03 PM, Scott Battaglia <
> > > > > scott.battaglia at gmail.com> wrote:
> > > > >
> > > > > > If you have correctly added the cas-server-support-ldap to the
> > > > > > cas-server-webapp/pom.xml all you should need to do is run
> > > > > > mvn -Dmaven.test.skip=true clean package install
> > > > > >
> > > > > > Then you'll find the war with the correct jars in
> > > > > > cas-server-webapp/target/cas.war
> > > > > >
> > > > > > You'll want to delete any cas directory in the Tomcat webapps
> > > > > > just to make sure your new one gets deployed correctly.
> > > > > >
> > > > > > -Scott
> > > > > >
> > > > > >
> > > > > > On Dec 3, 2007 5:44 PM, Jonathan Hayward
> > > > > > http://JonathansCorner.com <http://jonathanscorner.com/> <christos.jonathan.hayward at gmail.com>
> > > > > > wrote:
> > > > > >
> > > > > > > I had already placed that in the webapp pom.xml, modulo a
> > > > > > > variable interpolation for the groupId. I tried adding the jar to the CAS
> > > > > > > WEB-INF/lib directory; I can't tell any improvement in the behaviour.
> > > > > > >
> > > > > > > Are there other possibilities?
> > > > > > >
> > > > > > > On Dec 3, 2007 4:15 PM, Dale Ogilvie <
> > > > > > > Dale.Ogilvie at trimble.co.nz> wrote:
> > > > > > >
> > > > > > >
> > > > > > > > The missing class will be defined in
> > > > > > > > cas-server-support-ldap. Adding this dependency to the webapp
> > > > > > > > pom.xml should include it in the built cas.jar
> > > > > > > >
> > > > > > > > *-* <dependency>
> > > > > > > > * * <groupId> *org.jasig.cas*</groupId>
> > > > > > > > * * <artifactId> *cas-server-support-ldap*</artifactId>
> > > > > > > > * * <version> *${project.version}*</version>
> > > > > > > > </dependency>
> > > > > > > >
> > > > > > > > Or, as a quick fix you could copy
> > > > > > > > cas-server-support-ldap-3.1.1.jar to the cas WEB-INF/lib
> > > > > > > > directory on the app server.
> > > > > > > >
> > > > > > > >
> > > > > > > > ------------------------------
> > > > > > > > *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> > > > > > > > *On Behalf Of *Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/>
> > > > > > > >
> > > > > > > > * Sent:* Tuesday, 4 December 2007 10:30 a.m.
> > > > > > > > *To:* Yale CAS mailing list
> > > > > > > > *Subject:* Re: Username/password authentication
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > I ran through that and got an error on trying to log in to
> > > > > > > > CAS:
> > > > > > > >
> > > > > > > > CAS is Unavailable
> > > > > > > >
> > > > > > > > There was a fatal error initializing the CAS application
> > > > > > > > context. This is almost always because of an error in the Spring bean
> > > > > > > > configuration files. Are the files valid XML? Do the beans they refer to all
> > > > > > > > exist?
> > > > > > > >
> > > > > > > > Before placing CAS in production, you should change this
> > > > > > > > page to present a UI appropriate for the case where the CAS web application
> > > > > > > > is fundamentally broken. Perhaps "Sorry, CAS is currently unavailable." with
> > > > > > > > some links to your user support information.
> > > > > > > >
> > > > > > > > The Throwable encountered at context listener initialization
> > > > > > > > was:
> > > > > > > >
> > > > > > > >
> > > > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > > > not found; nested exception is
> > > > > > > > java.lang.ClassNotFoundException:
> > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > > >
> > > > > > > > The Throwable encountered at dispatcher servlet
> > > > > > > > initialization was:
> > > > > > > >
> > > > > > > >
> > > > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > > > not found; nested exception is
> > > > > > > > java.lang.ClassNotFoundException:
> > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > > > I built it incorporating changes from http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS
> > > > > > > > and http://www.ja-sig.org/wiki/display/CASUM/LDAP .
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Yale CAS mailing list
> > > > > > > > cas at tp.its.yale.edu
> > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > > > > ** To see an award-winning website with stories, essays,
> > > > > > > artwork,
> > > > > > > ** games, and a four-dimensional maze, why not visit my home
> > > > > > > page?
> > > > > > > ** All of this is waiting for you at http://JonathansCorner.com
> > > > > > > <http://jonathanscorner.com/>
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > -Scott Battaglia
> > > > > >
> > > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > > ** To see an award-winning website with stories, essays, artwork,
> > > > > ** games, and a four-dimensional maze, why not visit my home page?
> > > > > ** All of this is waiting for you at http://JonathansCorner.com<http://jonathanscorner.com/>
> > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > cas at tp.its.yale.edu
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > -Scott Battaglia
> > > >
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > >
> > >
> > > --
> > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > ** To see an award-winning website with stories, essays, artwork,
> > > ** games, and a four-dimensional maze, why not visit my home page?
> > > ** All of this is waiting for you at http://JonathansCorner.com
> > > <http://jonathanscorner.com/>
> > >
> >
> >
> >
> > --
> > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > ** To see an award-winning website with stories, essays, artwork,
> > ** games, and a four-dimensional maze, why not visit my home page?
> > ** All of this is waiting for you at http://JonathansCorner.com
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071204/47a13ab8/attachment-0001.html
More information about the cas
mailing list