The Question About Service Management
???
liweinan at chinaedu.net
Thu Feb 7 04:04:07 EST 2008
Hi Everyone,
Could anyone tell me something about how to use the service management?
I've read the ariticles in wiki and it saids the purpose of service
management is to
"control what services are allowed to authenticate via CAS, and in
particular what those services can do with CAS."
But there's seems no problem to use it without configuring it,
I can still use the yale client on SP(service provider) side to
authenticate user with CAS (IdP side),
though the SP wasn't added into CAS ServiceMangement console. Could
anyone give me some clues?
One more question, it seems configuring <bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
in deployerConfigContext.xml is not enough for me to logged into /manage
section.
Since I use JdbcDao as data source, when the CAS redirecting me back to
login page, and after I typed the username/password defined in
InMemoryDaoImpl, it will complained the "The credentials you provided
cannot be determined to be authentic."
To overcome the problem, I have to added into my database an account
which loginname/password is exactly the same with the one defined
in InMemoryDaoImpl, and then could I enter the management page. I wonder
if there's something wrong with my configuration?
The deployerConfigContext.xml I used is:
...
<bean
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select pass from usrs where
switch_to='O' and loginname=?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
</list>
</property>
</bean>
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0"><value>MD5</value></constructor-arg>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource"
destroy-method="close">
<property
name="driverClassName"><value>org.postgresql.Driver</value></property>
<property
name="url"><value>jdbc:postgresql://localhost:5432/edupass</value></property>
...
</bean>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
[my_account]=[my_password],ROLE_ADMIN
</value>
</property>
</bean>
And I haven't changed any default config in securityContext.xml:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"
p:authenticationManager-ref="casAuthenticationManager"
p:accessDecisionManager-ref="accessDecisionManager">
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=ROLE_ADMIN
</value>
</property>
</bean>
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/loggedout.html=#NONE#
/**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
For me to able to enter the /manage section, I have to add
[my_account],[my_password] into my database. It seems redundant.
The version I used is: JA-SIG Central Authentication Service 3.1.1
And our CAS website is:
http://edupass.chinaedu.net (it will be redirected to https)
Thanks for any help,
Li Wei Nan
More information about the cas
mailing list