/services authorization
Smith, Matt
matt.smith at uconn.edu
Mon Jul 9 11:05:02 EDT 2007
For the archives:
I was having trouble granting myself authorization to /services.
Here's how to do it, at least for testing purposes. The second step
here had me thumping my head soundly against the wall for a couple
hours.
1) Modify securityContext.xml. Find bean id="inMemoryDaoImpl", and add
your ID, something of the form "mas02041=notused,ROLE_ADMIN" .
2) Make sure that your server can establish an https callback to the
proxyValidate url, and that *the certificate protecting that url is
trusted by the acegi filter*. To ensure trust, either:
* Add your certificate to the global trust store (generally
$JAVA_HOME//jre/lib/security/cacerts), or
* Modify bean id="casProxyTicketValidator" in securityContext.xml to
include the location of your trusted keystore, containing your
certificate:
<property name="trustStore"><value>/path/to/.keystore</value></property>
Hope that helps somebody,
-Matt
--
Matthew J. Smith <matt.smith at uconn.edu>
University of Connecticut UITS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20070709/9cf68d8a/attachment.bin
More information about the cas
mailing list