Versions Compared

Old Version 6

changes.mady.by.user Matt Raible

Saved on

compared with

New Version 7

changes.mady.by.user Matt Raible

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Install CAS by copying its modules/cas.war to $CATALINA_HOME/webapps.
  2. Navigate to http://localhost:8080/cas and login with admin/admin.
  3. Configure Roller to talk to CAS by making the following modifications to security.xml:
    • In the filterChainProxy bean definition, replace "authenticationProcessingFilter,rememberMeProcessingFilter" with "casProcessingFilter".
    • In the authenticationManager bean, comment out the "ldapAuthProvider" and add <ref local="casAuthenticationProvider"/>.
    • Change the exceptionTranslationFilter to use "casProcessingFilterEntryPoint" for its "authenticationEntryPoint".
    • Add the following bean definitions for Acegi-CAS integration:
      Code Block
      
<!-- ======================== CENTRAL AUTHENTICATION SERVICE (CAS) ======================= -->
<bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureUrl" value="/roller-ui/login.rol?error=true"/>
    <property name="defaultTargetUrl" value="/"/>
    <property name="filterProcessesUrl" value="/roller_j_security_check"/>
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
    <property name="loginUrl" value="https://localhost:8443/cas/login"/>
    <property name="serviceProperties" ref="serviceProperties"/>
</bean>

<bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
    <property name="casAuthoritiesPopulator">
        <bean class="org.roller.ui.security.cas.RollerCasPopulator">
            <property name="userDetailsService" ref="jdbcAuthenticationDao"/>
        </bean> 
    </property>
    <property name="casProxyDecider" ref="casProxyDecider"/>
    <property name="ticketValidator" ref="casProxyTicketValidator"/>
    <property name="statelessTicketCache" ref="statelessTicketCache"/>
    <property name="key" value="my_password_for_this_auth_provider_only"/>
</bean>

<bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
    <property name="casValidate" value="https://localhost:8443/cas/proxyValidate"/>
    <property name="proxyCallbackUrl" value="http://localhost:8080/roller/casProxy/receptor"/>
    <property name="serviceProperties" ref="serviceProperties"/>
    <property name="trustStore" value="/Library/Java/Home/lib/security/cacerts"/>
</bean>

<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>

<bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
   <property name="cacheManager" ref="cacheManager"/>
   <property name="cacheName" value="ticketCache"/>
</bean>

<bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
    <property name="cache" ref="ticketCacheBackend"/>
</bean>

<bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>

<bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
    <property name="service" value="http://localhost:8080/roller/roller_j_security_check"/>
    <property name="sendRenew" value="false"/>
</bean>
    • Download roller-cas.jar and copy it to $CATALINA_HOME/webapps/roller/WEB-INF/libLook for the "CAS" beans near the bottom of the file) and uncomment the bean definitions to enable CAS integration.
    • Copy casclient.jar from the cas-client-java-2.1.1/dist directory to $CATALINA_HOME/webapps/roller/WEB-INF/lib.
    • Modify $CATALINA_HOME/conf/server.xml to enable https support. Below is an example.
      Code Block
          <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="/Users/mraible/.keystore" keystorePass="changeit"
               truststoreFile="/System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts"/>
    • Use the CAS SSL Guide to generate, export and import a certificate.
    • At this point, you should be able to start Tomcat and login to your blog. The login page should be from CAS rather than Roller and admin/admin should log you in successfully.

...