THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Install CAS by copying its modules/cas.war to $CATALINA_HOME/webapps.
- Navigate to http://localhost:8080/cas
and login with admin/admin.
- Configure Roller to talk to CAS by making the following modifications to security.xml:
- In the filterChainProxy bean definition, replace "authenticationProcessingFilter,rememberMeProcessingFilter" with "casProcessingFilter".
- In the authenticationManager bean, comment out the "ldapAuthProvider" and add <ref local="casAuthenticationProvider"/>.
- Change the exceptionTranslationFilter to use "casProcessingFilterEntryPoint" for its "authenticationEntryPoint".
- Add the following bean definitions for Acegi-CAS integration:
Code Block <!-- ======================== CENTRAL AUTHENTICATION SERVICE (CAS) ======================= --> <bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationFailureUrl" value="/roller-ui/login.rol?error=true"/> <property name="defaultTargetUrl" value="/"/> <property name="filterProcessesUrl" value="/roller_j_security_check"/> </bean> <bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> <property name="loginUrl" value="https://localhost:8443/cas/login"/> <property name="serviceProperties" ref="serviceProperties"/> </bean> <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider"> <property name="casAuthoritiesPopulator"> <bean class="org.roller.ui.security.cas.RollerCasPopulator"> <property name="userDetailsService" ref="jdbcAuthenticationDao"/> </bean> </property> <property name="casProxyDecider" ref="casProxyDecider"/> <property name="ticketValidator" ref="casProxyTicketValidator"/> <property name="statelessTicketCache" ref="statelessTicketCache"/> <property name="key" value="my_password_for_this_auth_provider_only"/> </bean> <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> <property name="casValidate" value="https://localhost:8443/cas/proxyValidate"/> <property name="proxyCallbackUrl" value="http://localhost:8080/roller/casProxy/receptor"/> <property name="serviceProperties" ref="serviceProperties"/> <property name="trustStore" value="/Library/Java/Home/lib/security/cacerts"/> </bean> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> <bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager" ref="cacheManager"/> <property name="cacheName" value="ticketCache"/> </bean> <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> <property name="cache" ref="ticketCacheBackend"/> </bean> <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/> <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties"> <property name="service" value="http://localhost:8080/roller/roller_j_security_check"/> <property name="sendRenew" value="false"/> </bean>
- Download roller-cas.jar and copy it to $CATALINA_HOME/webapps/roller/WEB-INF/libLook for the "CAS" beans near the bottom of the file) and uncomment the bean definitions to enable CAS integration.
- Copy casclient.jar from the cas-client-java-2.1.1/dist directory to $CATALINA_HOME/webapps/roller/WEB-INF/lib.
- Modify $CATALINA_HOME/conf/server.xml to enable https support. Below is an example.
Code Block <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/Users/mraible/.keystore" keystorePass="changeit" truststoreFile="/System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts"/>
- Use the CAS SSL Guide to generate, export and import a certificate.
- At this point, you should be able to start Tomcat and login to your blog. The login page should be from CAS rather than Roller and admin/admin should log you in successfully.
...