Need help in authenticating without using login UI
|
|
Ram Mohan
|
Hi,
I am a newbie to CAS and security. In my case, CAS Server 3.3.2 + Acegi CAS Client is used for Authentication. I took up a task of providing API for username/password authentication i.e, MyClass.authenticate(Credentials credentials). I think I dont even need to generate a Service Ticket. TGT cookie is enough. For me, its simply looking like authentication without the login UI and sending the credentials as parameters in the request. am i going in the right direction? also, i think application of this sort would already have been implemented as this is a common scenario. Any pointers in this regard would be very helpful Thanks in advance, Ram -- |
||||||||||||||||
Andrew Feller
|
Some javascript/style in this post has been disabled (why?)
Two things: 1. I think you should spend some time reading about the CAS architecture so you how it works. CAS 1 architecture: http://www.jasig.org/cas/cas1-architecture CAS 2 architecture: http://www.jasig.org/cas/cas2-architecture Proxy authentication: http://www.jasig.org/cas/proxy-authentication The TGT is some information granted by the CAS server and retained by the user as proof the user logged in. The ST is some information granted by the CAS server, passed along by the user, and verified by CAS client protecting application to ensure user logged in. 2. Check out the RESTful API RESTful API: http://www.ja-sig.org/wiki/display/CASUM/RESTful+API HTH, A- On 6/15/09 8:51 AM, "Ram Mohan" <ram.mohan@...> wrote: Hi, -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- |
||||||||||||||||
|
Ram Mohan
|
Thanks Andrew,
I will go through them. -Ram On Mon, Jun 15, 2009 at 7:47 PM, Andrew Feller <[hidden email]> wrote:
-- |
||||||||||||||||
|
Andrew Feller
|
Some javascript/style in this post has been disabled (why?)
http://www.jasig.org/cas/protocol On 6/15/09 10:10 AM, "Ram Mohan" <ram.mohan@...> wrote: Thanks Andrew, -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- |
||||||||||||||||
|
Ram Mohan
|
Thanks Andrew for these pointers. they cleared my concepts about cas and how they handle security.
I have a new problem. I implemented a basic Java Restful Client. while trying to get the TGT, I am getting the following error java.lang.IllegalStateException: The Web form cannot be parsed as no fresh content is available. If this entity has been already read once, caching of the entity is required i thought i could be trying to generate a TGT for the user, who already have a active TGT. but, this wasn't the case. I am attaching the log and also the java client code. Can someone point me where i am going wrong. -Ram On Mon, Jun 15, 2009 at 8:48 PM, Andrew Feller <[hidden email]> wrote:
-- 2009-06-19 00:05:37,993 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Creating instance of bean 'ticketResource'> 2009-06-19 00:05:37,994 DEBUG [org.springframework.beans.factory.annotation.InjectionMetadata] - <Processing injected field of bean 'ticketResource': AutowiredFieldElement for private org.jasig.cas.CentralAuthenticationService org.jasig.cas.integration.restlet.TicketResource.centralAuthenticationService> 2009-06-19 00:05:37,994 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Returning cached instance of singleton bean 'centralAuthenticationService'> 2009-06-19 00:05:37,994 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Finished creating instance of bean 'ticketResource'> 2009-06-19 00:05:37,994 DEBUG [org.jasig.cas.integration.restlet.TicketResource] - <Obtaining credentials...> 2009-06-19 00:05:37,994 DEBUG [com.noelios.restlet.ext.spring.RestletFrameworkServlet] - <Could not complete request> java.lang.IllegalStateException: The Web form cannot be parsed as no fresh content is available. If this entity has been already read once, caching of the entity is required at com.noelios.restlet.util.FormUtils.parse(FormUtils.java:95) at com.noelios.restlet.Engine.parse(Engine.java:975) at org.restlet.data.Form.<init>(Form.java:74) at org.restlet.data.Form.<init>(Form.java:119) at org.restlet.data.Message.getEntityAsForm(Message.java:179) at org.jasig.cas.integration.restlet.TicketResource.acceptRepresentation(TicketResource.java:56) at org.restlet.resource.Resource.post(Resource.java:678) at org.restlet.resource.Resource.handlePost(Resource.java:527) at org.restlet.Finder.handle(Finder.java:344) at org.restlet.Filter.doHandle(Filter.java:137) at org.restlet.Filter.handle(Filter.java:180) at org.restlet.Router.handle(Router.java:471) at com.noelios.restlet.ext.servlet.ServletConverter.service(ServletConverter.java:130) at com.noelios.restlet.ext.spring.RestletFrameworkServlet.doService(RestletFrameworkServlet.java:92) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 2009-06-19 00:05:37,995 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@1abbec4]: ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/]; client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null]; user=[null]; time=[3ms]; status=[failed: java.lang.IllegalStateException: The Web form cannot be parsed as no fresh content is available. If this entity has been already read once, caching of the entity is required]> 2009-06-19 00:05:37,995 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@1cbda0a]: ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/]; client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null]; user=[null]; time=[3ms]; status=[failed: java.lang.IllegalStateException: The Web form cannot be parsed as no fresh content is available. If this entity has been already read once, caching of the entity is required]> 2009-06-19 00:05:38,026 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Creating instance of bean 'ticketGrantingTicketResource'> 2009-06-19 00:05:38,027 DEBUG [org.springframework.beans.factory.annotation.InjectionMetadata] - <Processing injected field of bean 'ticketGrantingTicketResource': AutowiredFieldElement for private org.jasig.cas.CentralAuthenticationService org.jasig.cas.integration.restlet.TicketGrantingTicketResource.centralAuthenticationService> 2009-06-19 00:05:38,027 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Returning cached instance of singleton bean 'centralAuthenticationService'> 2009-06-19 00:05:38,027 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Finished creating instance of bean 'ticketGrantingTicketResource'> 2009-06-19 00:05:38,027 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [null]> 2009-06-19 00:05:38,027 ERROR [org.jasig.cas.integration.restlet.TicketGrantingTicketResource] - <org.jasig.cas.ticket.InvalidTicketException> org.jasig.cas.ticket.InvalidTicketException at org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket(CentralAuthenticationServiceImpl.java:177) at org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket(CentralAuthenticationServiceImpl.java:245) at org.jasig.cas.integration.restlet.TicketGrantingTicketResource.acceptRepresentation(TicketGrantingTicketResource.java:67) at org.restlet.resource.Resource.post(Resource.java:678) at org.restlet.resource.Resource.handlePost(Resource.java:527) at org.restlet.Finder.handle(Finder.java:344) at org.restlet.Filter.doHandle(Filter.java:137) at org.restlet.Filter.handle(Filter.java:180) at org.restlet.Router.handle(Router.java:471) at com.noelios.restlet.ext.servlet.ServletConverter.service(ServletConverter.java:130) at com.noelios.restlet.ext.spring.RestletFrameworkServlet.doService(RestletFrameworkServlet.java:92) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 2009-06-19 00:05:38,028 DEBUG [com.noelios.restlet.ext.spring.RestletFrameworkServlet] - <Successfully completed request> 2009-06-19 00:05:38,028 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@1abbec4]: ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/null]; client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null]; user=[null]; time=[2ms]; status=[OK]> 2009-06-19 00:05:38,028 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@1cbda0a]: ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/null]; client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null]; user=[null]; time=[2ms]; status=[OK]> [Authenticator.java] package com.cxps.authenticator; import java.io.IOException; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpException; import org.apache.commons.httpclient.HttpStatus; import org.apache.commons.httpclient.methods.PostMethod; public class Authenticator { public final String CAS_CONTEXT = "cas-server-webapp-3.3"; public final String RESTLET_SERVLET = "/v1/tickets/"; private static HttpClient client = null; private static PostMethod method = null; public Authenticator(){ client = new HttpClient(); } public String getTGTString(String CASServiceURL, String username, String password){ String TGTString = null; int returnCode; CASServiceURL = CASServiceURL + "/"+ CAS_CONTEXT + RESTLET_SERVLET; PostMethod method = new PostMethod(CASServiceURL); //method.addParameter("username", username); //method.addParameter("password",password); method.addRequestHeader("Content-type", "application/x-www-form-urlencoded"); method.addRequestHeader("Accept", "text/plain"); try { returnCode = client.executeMethod(method); if (returnCode == HttpStatus.SC_NOT_IMPLEMENTED) { System.err.println("The Post method is not implemented by this URI"); } else { System.out.println("Return Code of the Post Method: "+ returnCode); System.out.println(method.getResponseBodyAsString()); //String location = method.getResponseHeader("location").toString(); //TGTString = location.substring(location.lastIndexOf('/')+1); System.out.println("The TGTString obtained is"+TGTString); } } catch (HttpException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } finally { method.releaseConnection(); } return TGTString; } public String getServiceTicket(String CASServiceURL, String TGT, String service){ String ServiceTicket = null; int returnCode; CASServiceURL = CASServiceURL + "/"+ CAS_CONTEXT + RESTLET_SERVLET + TGT; PostMethod method = new PostMethod(CASServiceURL); method.addParameter("service", service); method.addRequestHeader("Content-type", "application/x-www-form-urlencoded"); method.addRequestHeader("Accept", "text/plain"); try { returnCode = client.executeMethod(method); if (returnCode == HttpStatus.SC_NOT_IMPLEMENTED) { System.err.println("The Post method is not implemented by this URI"); } else { System.out.println("Return Code of the Post Method: "+ returnCode); ServiceTicket = method.getResponseBodyAsString(); System.out.println("The ST String obtained is: "+ ServiceTicket); } } catch (HttpException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } finally { method.releaseConnection(); } return ServiceTicket; } public static void main(String[] args){ Authenticator auth = new Authenticator(); String TGT = auth.getTGTString("https://localhost:8443/", "victor", "victor123$"); System.out.println("TGT string is "+ TGT); String ST = auth.getServiceTicket("https://localhost:8443/", TGT, "http://localhost:5000/Seer-Gab/noesis-process"); System.out.println("ServiceTicket is "+ ST); } } |
||||||||||||||||
| Free Embeddable Forum Powered by Nabble | Help |
