Cas 5.1.6 to 5.20 JSON Service Theme Parameter Not Working as Expected

[Mike Kromarek]

I recently upgraded from CAS 5.1.6 to 5.2.0 and noticed that the theme parameter in my JSON service definitions is being treated as if it is a reference to a groovy script and not the name of the theme to load.

-- cas.properties --

### -- Theme settings -- ###

cas.theme.paramName=theme

spring.thymeleaf.cache=false

spring.thymeleaf.prefix=classpath:/templates/

-- service definition (Example-10000006.json)  --

{

 "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://example.highline.edu/.*",

  "name" : "Example",

  "id" : 10000006,

  "theme": "canvas",

  "description" : "Example Service",

  "evaluationOrder" : 1,

  "usernameAttributeProvider" : {

    "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",

    "usernameAttribute" : "sAMAccountName"

  }

}

-- Relevent log section for accessing the service --

2017-12-10 04:54:39,434 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'>

2017-12-10 04:54:39,527 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2017-12-10 04:54:39,527 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2017-12-10 04:54:39,528 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2017-12-10 04:54:39,528 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2017-12-10 04:54:39,529 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <Service [id=10000006,name=Example,description=Example Service,serviceId=^https://example.highline.edu/.*,usernameAttributeProvider=usernameAttribute=sAMAccountName,<null>,theme=[canvas],evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@118e1bd0[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@581f099[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@1ad6e5d6[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@7231b0de[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2eaa006d,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@130075d3[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@198f4a12[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>] is configured to use a custom theme [[canvas]]>

2017-12-10 04:54:39,529 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <Executing groovy script to determine theme for [https://example.highline.edu/securityRealm/finishLogin]>

2017-12-10 04:54:39,530 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2017-12-10 04:54:39,530 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

If I set the theme default via the cas.properties file to canvas, it loads the correct theme (of course I don't want that theme to be the default every where) and if I set the theme property in my json service definition to point to a groovy script that just returns "canvas", the correct theme is loaded.

Is there a configuration setting I'm missing to have the default behavior for theme loading specified here https://apereo.github.io/cas/5.2.x/installation/User-Interface-Customization-Themes.html under "Themed Views", "Configuration".

Thank you

--Mike K

[Andy Ng]

I also encounter this problem, working on CAS 5.2.0-RC4 and not worked on CAS 5.2.0,

I think the problem lies in this file here: https://github.com/apereo/cas/blob/master/support/cas-server-support-themes/src/main/java/org/apereo/cas/services/web/RegisteredServiceThemeResolver.java

On line 134, final Resource resource = ResourceUtils.getRawResourceFrom(rService.getTheme());
- default will change the resource into a File Resource

On line 135, if (resource instanceof FileSystemResource && resource.exists()) {
- Resource will exists even if it does not actually exists

I don't have a concrete explanation, but maybe CAS 5.2.0 sees the file directory of our theme name, and misunderstood that resource exists?

Maybe it is a bug.

- Andy

[michael kromarek]

It would seem so.  It would also seem that even when pointing to a groovy script for the theme, that works for login, but even though the correct service is found on logout, it can't find the theme and goes with the default.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/322634bf-8403-43bf-b03d-cc66a4e1ebb8%40apereo.org.