Custom AUP Implementation
59 views
Skip to first unread message
Francisco Castel-Branco
Mar 11, 2020, 8:06:32 AM3/11/20
to cas-...@apereo.org
Hi,
I'm currently implementing dynamic Acceptable Usage Policies (AUP). They need to be loaded from some repository and need to be displayed on the webpage.
The project already verifies if a given user has unnaccepted policies to block him from proceeding with the login flow. But I also need to load one of the unaccepted policies and displaying it just like the normal AUP, but without being defined in messages.properties.
I need to display custom values in Thymeleaf, but I can't figure out where I can push the variables from the backend into Thyemeleaf. In Spring it would be arround the method map.addAttribute().
I had it working as a proof-of-concept with ajax requests, which is NOT secure because its client-side. CAS loads a page with jquery which loads one AUP from an API and populates an hidden input that contains the ID of said policy. (This is not secure at all, I know).
My source code for this module is based of the AUP.
Anyone knows how to do this? I tried to explore the source code, but with no luck.
--
Francisco Castel-Branco
Ray Bon
Mar 11, 2020, 11:43:07 AM3/11/20
to cas-...@apereo.org
Francisco,
I have not done anything like this, so this is a guess.
The login page has the ability to display per service customization,
https://apereo.github.io/cas/6.1.x/services/Service-Management.html (theme control).
Perhaps the process there can be used in AUP.
Ray
On Wed, 2020-03-11 at 12:06 +0000, Francisco Castel-Branco wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Francisco Castel-Branco
Mar 11, 2020, 12:36:13 PM3/11/20
to cas-...@apereo.org
Hi, Ray.
I understand why you referred theming per service. But what I really need is an additional step in the login flow. Every service should be blocked by this. This isn't an additional service, nor the text I want to display is static.
I am loading the text and ids from a database and I need to pass them from the java classes (where the flow is defined) to the HTML to display.
I am currently "forking" the default AUP to verify if there are any unnaccepted policies, as I previously stated.
I think it should be some parameter to pass when a view is loaded. Right now, I have this code that loads the view when a user needs to accept something:
/**
* Create verify action state.
*
* @param flow the flow
*/
protected void createVerifyActionState(final Flow flow) {
ActionState actionState = createActionState(flow, STATE_ID_AUP_CHECK, AUP_VERIFY_ACTION);
String target = getRealSubmissionState(flow).getTransition(TRANSITION_ID_SUCCESS).getTargetStateId();
TransitionSet transitionSet = actionState.getTransitionSet();
transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_AUP_ACCEPTED, target));
transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_AUP_MUST_ACCEPT, VIEW_ID));
}
This is straight copy and paste from https://github.com/apereo/cas/blob/master/support/cas-server-support-aup-webflow/src/main/java/org/apereo/cas/web/flow/AcceptableUsagePolicyWebflowConfigurer.java
My "real" question is, how can I add variables when loading the view VIEW_ID (which is a static string up above)
Thanks!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/30c960819f7e48abb34b409bf55ebb0233f267d5.camel%40uvic.ca.
--
Francisco Castel-Branco
Dmitriy Kopylenko
Mar 11, 2020, 1:12:30 PM3/11/20
to cas-...@apereo.org
The best way to implement AUP flow customizations would be through a pluggable Groovy script which CAS will use for 2 phases - verification and recording of acceptance fact:
So you could do the additional work needed to grab the dynamic data for AUP view and expose it right there in the ‘verify’ method, for example by throwing that data into a flowScope (note that you have access to SWF’s RequestContext via the first argument passed to that method)
Doing it in Groovy has few advantages - 1) You don’t have to mess around with CAS’ SWF internals which would not guarantee you the API compatibility with future versions, for example 2) Changes to externalized Groovy script would not require re-build/re-start cycle and would be picked up by CAS in real time.
HTH,
D.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMrou-P-Z-4J0wcW3QvpgFtROxBU_Qi1BO9bLd67ke%3DEoG2VQA%40mail.gmail.com.
Nono
Mar 11, 2020, 1:36:41 PM3/11/20
to CAS Community
Hello, we have done this :
We have a custom page that display the aup text : templates/casAcceptableUsagePolicyView.html
In the submit method of the AbstractPrincipalAttributeAcceptableUsagePolicyRepository, we call the rest api to validate the AUP and the method end like that :
It works well for us and there are only a few classes added to the war overlay, it's not too much of a burden when we upgrade cas to a new version
We have an independant rest api that manages the AUP
We have implemented a custom AbstractPrincipalAttributeAcceptableUsagePolicyRepository
In the verify method we check if the AUP has been accepted, if not, we put the AUP text in the flow scope, the text is retrieved from the rest api :
requestContext.getFlowScope().put("auptext", this.getLatestAupText(principal));
We have a custom page that display the aup text : templates/casAcceptableUsagePolicyView.html
<div class="aup-text-container"> <p th:utext="${auptext}"/></div>WebUtils.putAcceptableUsagePolicyStatusIntoFlowScope(requestContext, AcceptableUsagePolicyStatus.accepted(WebUtils.getPrincipalFromRequestContext(requestContext)));return true;It works well for us and there are only a few classes added to the war overlay, it's not too much of a burden when we upgrade cas to a new version
Hope this help !
Francisco Castel-Branco
Mar 16, 2020, 11:08:50 AM3/16/20
to cas-...@apereo.org
That was exactly what I was looking for, Nono!
I had already accomplish the submission of variables, so the first two examples worked right on!
Thanks a lot!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1036f444-e318-4798-80eb-a74521fcf0f1%40apereo.org.
--
Francisco Castel-Branco
Reply all
Reply to author
Forward
0 new messages