CAS 3.5 Service Registry Exception How-To

[Scott Green]

We are running CAS 3.5 (old I know... working on it). It is using SQL as a Service Registry.  I have added an application in, but I need to make an exception for a certain type of request for an automated system.  They have clients that have used the following XML"

Example (in their case, the SERVER.XML):

…

serverName= "https://servername.assetworks.com"                

except="^/token|^/identity|^/cmisatom|^/cmisbrowser|^/wsdl|^/ws|/roleList"  />

Can anyone help me with how I would accomplish this same type of exception handling in our environment?  Thank you in advance.

Scott

[Uxío]

Can you post web.xml configuration? Having CAS validation filter and such..?

Sent from my iPhone

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a161d8a6-139e-403d-9447-02c85f2710aa%40apereo.org.

[Scott Green]

<?xml version="1.0" encoding="ISO-8859-1" ?>

- <!--

    Licensed to Jasig under one or more contributor license
    agreements. See the NOTICE file distributed with this work
    for additional information regarding copyright ownership.
    Jasig licenses this file to you under the Apache License,
    Version 2.0 (the "License"); you may not use this file
    except in compliance with the License.  You may obtain a
    copy of the License at the following location:

      http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.

-->

- <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">

<display-name>Central Authentication System (CAS) 3.5.1</display-name>

- <context-param>

<param-name>contextConfigLocation</param-name>

<param-value>/WEB-INF/spring-configuration/*.xml /WEB-INF/deployerConfigContext.xml</param-value>

</context-param>

- <filter>

<filter-name>CAS Client Info Logging Filter</filter-name>

<filter-class>com.github.inspektr.common.web.ClientInfoThreadLocalFilter</filter-class>

</filter>

- <filter-mapping>

<filter-name>CAS Client Info Logging Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

- <filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

- <filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/status</url-pattern>

</filter-mapping>

- <filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/services/*</url-pattern>

</filter-mapping>

- <filter>

<filter-name>characterEncodingFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

- <filter-mapping>

<filter-name>characterEncodingFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

- <!--

    - Loads the CAS ApplicationContext.
    - The deployer choice here is how to handle Throwables thrown by Spring's
    - ContextLoaderListener.  The Spring ContextLoaderListener will throw an exception when the
    - application context cannot be loaded, say because the bean XML files are not valid XML or do not
    - refer to real classes and properties or because a bean configured via Spring throws an exception
    - at construction, property setting, or on an afterPropertiesSet() lifecycle method.
    -
    - If you'd like these errors to be fatal and prevent the CAS servlet context from loading at all,
    - use org.springframework.web.context.ContextLoaderListener.
    -
    - If you'd like these errors to result in all requests for CAS getting a "CAS is Unavailable" response,
    - use org.jasig.cas.web.init.SafeContextLoaderListener
  

-->

- <listener>

<listener-class>org.jasig.cas.web.init.SafeContextLoaderListener</listener-class>

</listener>

- <!--

    - This is the Spring dispatcher servlet which delegates all requests to the
    - Spring WebMVC controllers as configured in cas-servlet.xml.
    -
    - The choice made above about how to handle a broken ApplicationContext at
    - context initialization applies here as well, since this servlet is load-on-startup.
    -
    - If you'd like these errors to be fatal and prevent the CAS servlet from loading at all,
    - use org.springframework.web.servlet.DispatcherServlet.
    -
    - If you'd like these errors to result in all requests for CAS getting a "CAS is Unavailable" response,
    - use org.jasig.cas.web.init.SafeDispatcherServlet
  

-->

- <servlet>

<servlet-name>cas</servlet-name>

<servlet-class>org.jasig.cas.web.init.SafeDispatcherServlet</servlet-class>

- <init-param>

<param-name>publishContext</param-name>

<param-value>false</param-value>

</init-param>

<load-on-startup>1</load-on-startup>

</servlet>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/login</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/logout</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/validate</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/serviceValidate</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/samlValidate</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/proxy</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/proxyValidate</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/CentralAuthenticationService</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/add.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/viewStatistics.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/logout.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/loggedOut.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/manage.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/edit.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/openid/*</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/deleteRegisteredService.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/services/updateRegisteredServiceEvaluationOrder.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/status</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/authorizationFailure.html</url-pattern>

</servlet-mapping>

- <servlet-mapping>

<servlet-name>cas</servlet-name>

<url-pattern>/403.html</url-pattern>

</servlet-mapping>

- <session-config>

- <!--

 Default to 5 minute session timeouts 

-->

<session-timeout>5</session-timeout>

</session-config>

- <error-page>

<exception-type>org.springframework.context.ApplicationContextException</exception-type>

<location>/WEB-INF/view/jsp/brokenContext.jsp</location>

</error-page>

- <error-page>

<error-code>500</error-code>

<location>/WEB-INF/view/jsp/errors.jsp</location>

</error-page>

- <error-page>

<error-code>404</error-code>

<location>/</location>

</error-page>

- <error-page>

<error-code>403</error-code>

<location>/403.html</location>

</error-page>

- <welcome-file-list>

<welcome-file>index.jsp</welcome-file>

</welcome-file-list>

</web-app>

[Uxío Prego]

I assumed your CASified application was Java-like, and meant the CASified application web.xml.

But this can make the example. There are some <filter/> and <filter-mapping/> tags. CASified Java web applications work using a web.xml file alike.

If you are using your CASified application as such, it should have several CAS related filters, which have their filter mapping. You might be able to find a way to exclude the services you want to exclude, using web.xml rules and (hopefully not) additional Java code.

Regards,

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5ec7f96d-02da-4387-bbd5-68766131afb2%40apereo.org.

[Ray Bon]

Here are some examples:

  <filter-mapping>

    <filter-name>CAS Validation Filter Proxy</filter-name>

    <url-pattern>/proxy/proxyClient</url-pattern>

    <url-pattern>/proxy/pgtCallback</url-pattern>

  </filter-mapping>

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507128831 | CLE 023 | rb...@uvic.ca

[Ray Bon]

Here are some examples:

  <filter>

    <filter-name>CAS Authentication Filter Saml11</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    <init-param>

      <param-name>targetBeanName</param-name>

      <param-value>authenticationFilterSaml11</param-value>

    </init-param>

  </filter>

  <filter>

    <filter-name>CAS Validation Filter Proxy</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    <init-param>

      <param-name>targetBeanName</param-name>

      <param-value>ticketValidationFilterProxy</param-value>

    </init-param>

  </filter>

...

  <filter-mapping>

    <filter-name>CAS Validation Filter Proxy</filter-name>

    <url-pattern>/proxy/proxyClient</url-pattern>

    <url-pattern>/proxy/pgtCallback</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>CAS Authentication Filter Saml11</filter-name>

    <url-pattern>/protected/*</url-pattern>

  </filter-mapping>

Ray

On Wed, 2017-04-05 at 20:04 +0200, Uxío Prego wrote: