The Question About Service Management

Scott Battaglia scott.battaglia at gmail.com
Thu Feb 7 13:52:48 EST 2008 

The default of the Services Management console tool is to behave as if it
wasn't enabled (since that is the default CAS 2.0 compliance mode).  The
first time you add a service to the list it will disable access.

The user details service contains the list of people are who are allowed to
use the Services Management tool.  The default version is an InMemory
version that just has a list (since you are delegating to CAS the password
is unimportant).  You can replace that UserDetailsService with any of the
ones included in Acegi (or write your own custom one).

-Scott

On Feb 7, 2008 4:04 AM, ??? <liweinan at chinaedu.net> wrote:

> Hi Everyone,
>    Could anyone tell me something about how to use the service management?
>    I've read the ariticles in wiki and it saids the purpose of service
> management is to
>   "control what services are allowed to authenticate via CAS, and in
> particular what those services can do with CAS."
>    But there's seems no problem to use it without configuring it,
>    I can still use the yale client on SP(service provider) side to
> authenticate user with CAS (IdP side),
>    though the SP wasn't added into CAS ServiceMangement console. Could
> anyone give me some clues?
>
>    One more question, it seems configuring   <bean id="userDetailsService"
> class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
>    in deployerConfigContext.xml is not enough for me to logged into
> /manage
> section.
>    Since I use JdbcDao as data source, when the CAS redirecting me back to
> login page, and after I typed the username/password defined in
>    InMemoryDaoImpl, it will complained the "The credentials you provided
> cannot be determined to be authentic."
>    To overcome the problem, I have to added into my database an account
> which loginname/password is exactly the same with the one defined
>    in InMemoryDaoImpl, and then could I enter the management page. I
> wonder
> if there's something wrong with my configuration?
>
>    The  deployerConfigContext.xml I used is:
>    ...
>     <bean
> class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
>                <property name="sql" value="select pass from usrs where
> switch_to='O' and loginname=?" />
>                    <property name="dataSource" ref="dataSource" />
>            <property name="passwordEncoder" ref="passwordEncoder" />
>     </bean>
>     </list>
>      </property>
>      </bean>
>
>      <bean id="passwordEncoder"
> class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
>          <constructor-arg index="0"><value>MD5</value></constructor-arg>
>      </bean>
>
>      <bean id="dataSource"
> class="org.springframework.jdbc.datasource.DriverManagerDataSource"
> destroy-method="close">
>         <property
> name="driverClassName"><value>org.postgresql.Driver</value></property>
>         <property
>
> name="url"><value>jdbc:postgresql://localhost:5432/edupass</value></property>
> ...
>      </bean>
>
>       <bean id="userDetailsService"
> class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
>                <property name="userMap">
>                        <value>
>                        [my_account]=[my_password],ROLE_ADMIN
>                    </value>
>                </property>
>        </bean>
>
>
>
>    And I haven't changed any default config in securityContext.xml:
>
>        <bean id="filterInvocationInterceptor"
> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"
>                p:authenticationManager-ref="casAuthenticationManager"
>                p:accessDecisionManager-ref="accessDecisionManager">
>                <property name="objectDefinitionSource">
>                <value>
>                        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
>                        PATTERN_TYPE_APACHE_ANT
>                /**=ROLE_ADMIN
>            </value>
>                </property>
>        </bean>
>
>        <bean id="filterChainProxy"
> class="org.acegisecurity.util.FilterChainProxy">
>                <property name="filterInvocationDefinitionSource">
>                        <value>
>                        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
>                        PATTERN_TYPE_APACHE_ANT
>                        /**/loggedout.html=#NONE#
>
>  /**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
>                </value>
>                </property>
>        </bean>
>
>    For me to able to enter the /manage section, I have to add
> [my_account],[my_password] into my database. It seems redundant.
>    The version I used is: JA-SIG Central Authentication Service 3.1.1
>    And our CAS website is:
>    http://edupass.chinaedu.net (it will be redirected to https)
>
> Thanks for any help,
> Li Wei Nan
>
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080207/651b9032/attachment.html

More information about the cas mailing list