sim51 / logisima-play-cas Goto Github PK
View Code? Open in Web Editor NEWCAS authentification module (SSO)
Home Page: http://www.bsimard.com
CAS authentification module (SSO)
Home Page: http://www.bsimard.com
This module is similar as secure module, but with a CAS server. Configure your application.conf with the rights properties and use the entity “@With(SecureCAS.class)” instead of “@With(Secure.class)”. That’s all folks !
Hello,
In the method filter() why using this ?
if (session.contains("username")) {
Why not using this code ?
if (Security.isConnected()) {
I'm trying to use CAS module in my applicatoin. I configured like in example from README.
I successfully redirected to CAS login page. But after LOGIN action i'm getting
RuntimeException occured : java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure to https://localhost:8443/cas/serviceValidate?service=http%3A%2F%2Flocalhost%3A9000%2Fauthenticate&ticket=ST-27-7MealT7CewdQcBzHm4qG-cas01.example.org
In {module:cas-3.1}/app/controllers/modules/cas/SecureCAS.java (around line 96)
92: Boolean isAuthenticated = Boolean.FALSE;
93: String ticket = params.get("ticket");
94: if (ticket != null) {
95: Logger.debug("[SecureCAS]: Try to validate ticket " + ticket);
96: CASUser user = CASUtils.valideCasTicket(ticket);
97: if (user != null) {
98: isAuthenticated = Boolean.TRUE;
99: session.put("username", user.getUsername());
100: // we invoke the implementation of onAuthenticate
101: Security.invoke("onAuthenticated", user);
stacktrace:
@6j5nc6099
Internal Server Error (500) for request GET /authenticate?ticket=ST-26-gLYCJQezIsinwDodBALH-cas01.example.org
Execution exception (In {module:cas-3.1}/app/controllers/modules/cas/SecureCAS.java around line 96)
RuntimeException occured : java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure to https://localhost:8443/cas/serviceValidate?service=http%3A%2F%2Flocalhost%3A9000%2Fauthenticate&ticket=ST-26-gLYCJQezIsinwDodBALH-cas01.example.org
play.exceptions.JavaExecutionException: java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure to https://localhost:8443/cas/serviceValidate?service=http%3A%2F%2Flocalhost%3A9000%2Fauthenticate&ticket=ST-26-gLYCJQezIsinwDodBALH-cas01.example.org
at play.mvc.ActionInvoker.invoke(ActionInvoker.java:237)
at Invocation.HTTP Request(Play!)
Caused by: java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure to https://localhost:8443/cas/serviceValidate?service=http%3A%2F%2Flocalhost%3A9000%2Fauthenticate&ticket=ST-26-gLYCJQezIsinwDodBALH-cas01.example.org
at play.libs.ws.WSAsync$WSAsyncRequest.get(WSAsync.java:223)
at play.modules.cas.CASUtils.valideCasTicket(CASUtils.java:214)
at controllers.modules.cas.SecureCAS.authenticate(SecureCAS.java:96)
at play.mvc.ActionInvoker.invokeWithContinuation(ActionInvoker.java:557)
at play.mvc.ActionInvoker.invoke(ActionInvoker.java:508)
at play.mvc.ActionInvoker.invokeControllerMethod(ActionInvoker.java:484)
at play.mvc.ActionInvoker.invokeControllerMethod(ActionInvoker.java:479)
at play.mvc.ActionInvoker.invoke(ActionInvoker.java:161)
... 1 more
Caused by: java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure to https://localhost:8443/cas/serviceValidate?service=http%3A%2F%2Flocalhost%3A9000%2Fauthenticate&ticket=ST-26-gLYCJQezIsinwDodBALH-cas01.example.org
at com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:297)
at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:104)
at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:428)
at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:414)
at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:381)
at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1307)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1186)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:814)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:422)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:553)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:84)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:471)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:332)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.net.ConnectException: Received fatal alert: handshake_failure to https://localhost:8443/cas/serviceValidate?service=http%3A%2F%2Flocalhost%3A9000%2Fauthenticate&ticket=ST-26-gLYCJQezIsinwDodBALH-cas01.example.org
at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:100)
... 22 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1447)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1415)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1581)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1011)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1118)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:814)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:422)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:84)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:471)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:332)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35)
... 3 more
12:00:31,391 ERROR ~
Hi,
I notice that Play! use "application.baseUrl" (see http://www.playframework.org/documentation/1.2.1/emails)
So in application.conf file "application.baseUrl" (for Play!) and "application.url" (for CAS module) are the same
In the CAS module, change CASUtils.getCasServiceUrl()
/1/ use Router.getFullUrl(...) instead of "application.url" and append authenticate url
/2/ or String casServiceUrl = Router.getFullUrl("/"); and append authenticate url
May be I'm wrong, I don't test it. But it will be great to not duplicate properties.
Regards,
Neoh
Between 3.0 and 3.1, in SecureCAS you have moved from using the flash scope to store the application url when you get bounced to CAS to using the cache. However, you seem to still be using flash in filter() (line 160 and 161). This means that when you pull the variable out of cache (line 109) it isn't there and the app always redirects to "/".
If it helps, I fixed this locally (crudely) by copying:
if (!Router.route(request).action.equals("modules.cas.SecureCAS.login")) {
// we put into session the url we come from
Cache.add("url_" + session.getId(), request.method == "GET" ? request.url : "/", "10min");
}
into line 162.
Thanks for this module - it's incredibly helpful!
Hi,
In the code, you have this line:
https://github.com/sim51/logisima-play-cas/blob/master/app/controllers/modules/cas/SecureCAS.java#L59
String are compared using == instead of equals, which will fail
By the way, when you leave to another page (CAS login page, different domain), then come back to your original page, won't your session id be different? We are having trouble with the CAS module that won't redirect to the original URL because it seems it can't find the key in the cache (even after the == fix)
Thanks,
Fabien
getServiceUrl() at CASUtils uses Router.getFullUrl to get the Service URL, this approach does not work in production environments that use a reverse proxy (i.e. Apache + Tomcat). In those cases the service URL has the proxified machine domain instead of the reverse proxy machine domain.
I believe this method should rely on the application.url configuration value.
When I Logout from another application, for example JBoss application I need to detect it on Play. Is there any SingleSignOutHandler? Because my Play session still exist
Hi,
Internal Server Error (500)
Template not found (In {module:cas-2.0-adeo}/app/controllers/modules/cas/SecureCAS.java around line 78)
The template modules/cas/SecureCAS/fail.html does not exist.
play.exceptions.TemplateNotFoundException: Template not found : modules/cas/SecureCAS/fail.html
at play.mvc.Controller.renderTemplate(Controller.java:595)
at play.mvc.Controller.renderTemplate(Controller.java:568)
at play.mvc.Controller.render(Controller.java:623)
I don't know how this occured.
Do I create a fail.html template ? Or is it missing in the module ?
Thanks
The invoke method in controllers.modules.cas.Security (version 3.1 of the module) relies on the following code to detect the user Security class:
Class security = null;
List<Class> classes = Play.classloader.getAssignableClasses(Security.class);
if (classes.size() == 0) {
security = Security.class;
}
else {
security = classes.get(0);
}
This algorithm only supports direct subclassing of the controllers.modules.cas.Security. That is a problem when some common behaviour is needed and code is refactored into an intermediate class. Current algorithm uses the first assignable class, however the getAssignableClasses does not return the deepest subclass first (actually I do not think that any order is guaranteed).
I cannot find any suitable methods in the Play API to avoid this problem. Maybe the solution is to be less "magical" and more explicit (maybe annotating the user Security class). Current code force the implementator of custom Security class to rely on composition instead of inheritance to especialize the code and that feels a bit ankward in this case.
Some ideas to share about this topic?
Hi,
In the Play! official website and when I use the "play install cas" command, the version is 1.0
Is there any reason to not flag the 3.0 as the default version ?
Thanks.
XML is not processed at all and a null value is returned.
Hi,
any chance to see this module ported to Play 2.0 ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.