CAS 5.3: How to use Dynamic Unauthorized Redirect URL
36 views
Skip to first unread message
Terki Adel
May 11, 2021, 8:28:07 AM5/11/21
to CAS Developer
Hi there,
I'm trying to redirect the
webflow while accessing a service to an external module, and since i
need to add some additional parameters according to each authentication
context in the URL, i thought that by extending the DefaultRegisteredServiceAccessStrategy class with a method wich will change the unauthorizedRedirectUrl, would work, but it seems like it didn't pay attention to my changes
Here the code of my Custome Access Strategy
public class MyDefaultRegisteredServiceAccessStrategy extends DefaultRegisteredServiceAccessStrategy {
private String param1 = null;
private String param1 = null;
private String param2 = null;
private Map<String, Object> principalAttributes = new HashMap<String, Object>();
public URI getUnauthorizedRedirectUrl(){
URI unauthorizedRedirectUrlDyn = this.unauthorizedRedirectUrl;
try{
if( this.unauthorizedRedirectUrl != null ) {
unauthorizedRedirectUrlDyn = new URI( this.unauthorizedRedirectUrl.toString() + "?param1=" + this.param1 + "¶m2=" + this.param2 );
LOGGER.debug("getUnauthorizedRedirectUrl : ", unauthorizedRedirectUrlDyn);
}
}catch (URISyntaxException e){
//return this.unauthorizedRedirectUrl;
}
return unauthorizedRedirectUrlDyn;
}
*/
@Override
public boolean doPrincipalAttributesAllowServiceAccess(final String principal, final Map<String, Object> principalAttributes) {
this.param1 = principal;
this.param2 = (String) principalAttributes.get("ServiceTarget");
this.principalAttributes = principalAttributes;
if (this.rejectedAttributes.isEmpty() && this.requiredAttributes.isEmpty()) {
LOGGER.debug("Skipping access strategy policy, since no attributes rules are defined");
return true;
}
if (!enoughAttributesAvailableToProcess(principal, principalAttributes)) {
LOGGER.debug("Access is denied. There are not enough attributes available to satisfy requirements");
return false;
}
if (doRejectedAttributesRefusePrincipalAccess(principalAttributes)) {
LOGGER.debug("Access is denied. The principal carries attributes that would reject service access");
return false;
}
if (!doRequiredAttributesAllowPrincipalAccess(principalAttributes, this.requiredAttributes)) {
LOGGER.debug("Access is denied. The principal does not have the required attributes [{}] specified by this strategy", this.requiredAttributes);
return false;
}
return true;
}
}
private Map<String, Object> principalAttributes = new HashMap<String, Object>();
public URI getUnauthorizedRedirectUrl(){
URI unauthorizedRedirectUrlDyn = this.unauthorizedRedirectUrl;
try{
if( this.unauthorizedRedirectUrl != null ) {
unauthorizedRedirectUrlDyn = new URI( this.unauthorizedRedirectUrl.toString() + "?param1=" + this.param1 + "¶m2=" + this.param2 );
LOGGER.debug("getUnauthorizedRedirectUrl : ", unauthorizedRedirectUrlDyn);
}
}catch (URISyntaxException e){
//return this.unauthorizedRedirectUrl;
}
return unauthorizedRedirectUrlDyn;
}
*/
@Override
public boolean doPrincipalAttributesAllowServiceAccess(final String principal, final Map<String, Object> principalAttributes) {
this.param1 = principal;
this.param2 = (String) principalAttributes.get("ServiceTarget");
this.principalAttributes = principalAttributes;
if (this.rejectedAttributes.isEmpty() && this.requiredAttributes.isEmpty()) {
LOGGER.debug("Skipping access strategy policy, since no attributes rules are defined");
return true;
}
if (!enoughAttributesAvailableToProcess(principal, principalAttributes)) {
LOGGER.debug("Access is denied. There are not enough attributes available to satisfy requirements");
return false;
}
if (doRejectedAttributesRefusePrincipalAccess(principalAttributes)) {
LOGGER.debug("Access is denied. The principal carries attributes that would reject service access");
return false;
}
if (!doRequiredAttributesAllowPrincipalAccess(principalAttributes, this.requiredAttributes)) {
LOGGER.debug("Access is denied. The principal does not have the required attributes [{}] specified by this strategy", this.requiredAttributes);
return false;
}
return true;
}
}
And this where i defined my unauthorizedRedirectUrl :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
........
"id" : 1000,
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
........................
"accessStrategy": {
"@class" : "org.apereo.cas.services.MyDefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl" : "MyURL",
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"uid" : [ "java.util.HashSet", [ ".*" ] ]
}
}
}
"@class" : "org.apereo.cas.services.RegexRegisteredService",
........
"id" : 1000,
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
........................
"accessStrategy": {
"@class" : "org.apereo.cas.services.MyDefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl" : "MyURL",
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"uid" : [ "java.util.HashSet", [ ".*" ] ]
}
}
}
And also i wanted to know if the DefaultRegisteredServiceAccessStrategy class was loaded as a singleton or not ?
Reply all
Reply to author
Forward
0 new messages