CAS + JAAS on JBoss

Michal Margiel michal.margiel at gmail.com
Thu Mar 6 11:25:52 EST 2008 

Hello,

I have a big problem in using CAS with JAAS, I was looking for anything in
Internet but since i haven't found any thing that i could used I've decided
to write this.

I have such environment:

Jboss A - with application A

Jboss B  - with application B,

JBoss C - with CAS  server v 3.2

both appA and appB contains CAS java client 3.1.1, with filters on all
resources [1], besides that all resources are protected by JAAS [2].

Now I want to login to appA using CAS login screen (servC) and then
authorised  user using JAAS again on servA.

Further more in appA i have some links to appB (witch are also protected by
both CAS and JASS). I wanna use CAS (servC) to do SSO during going from appA
to appB and oposite.

The problem is that of course JAAS security has bigger priority then CAS
filter, so when I try to get some resources - i get 403 error code instead o
CAS login screen (which is pretty obvious).

We have some ideas how to omitt this problem (i.e. remove all <security>
things from web.xml), but all of them we consider as a "hack".

Is there any common way to integrate <security-constraint> (JAAS) section
with CAS? we think that our issue is really common in Java world so there
must by some simple solution.

Pleas help ;)

[1]

<filter>
  <filter-name>CAS Authentication Filter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter
</filter-class>
  <init-param>
  <param-name>casServerLoginUrl</param-name>
  <param-value>http://jbossC:8080/cas/login</param-value>
  </init-param>

  <init-param>
  <param-name>serverName</param-name>
  <param-value>http://jbossA:8180</param-value>
  </init-param>
  </filter>



  <filter>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
  </filter>

 <filter>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter
</filter-class>
 </filter>


  <filter-mapping>
  <filter-name>CAS Authentication Filter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>

  <filter-mapping>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
 <filter-mapping>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>


[2]
  <security-constraint>

  <web-resource-collection>


  <web-resource-name>protected-resources</web-resource-name>

  <url-pattern>/*</url-pattern>

  </web-resource-collection>

  <auth-constraint>
  <role-name>MyRole</role-name>
  </auth-constraint>

  </security-constraint>


-- 
Pozdrawiam
Michał Margiel

www.margiel.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080306/e89ed8d1/attachment.html

More information about the cas mailing list