Jboss-CAS不带过滤器 [英] Jboss - CAS without filter

问题描述

我喜欢在其上部署了cas的jboss EAP 6和helloworld.我需要做的是在helloworld应用上强制进行身份验证，以某种方式不使用web.xml中的过滤器.在我的jboss中，我放置了一个安全域"myrealm":

I jave jboss EAP 6 with cas deployed on it and a helloworld as well. What I need to do is to force authentication on helloworld app, somehow without using filters in web.xml. In my jboss I've put a security domain "myrealm":

 <security-domain name="myrealm" cache-type="default">
                <authentication>
                    <login-module code="org.jasig.cas.client.jaas.CasLoginModule" flag="required">
                        <module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"/>
                        <module-option name="casServerUrlPrefix" value="https://135.243.36.205:8443/cas"/>
                        <module-option name="tolerance" value="20000"/>
                        <module-option name="defaultRoles" value="user"/>
                        <module-option name="roleAttributeNames" value="memberOf,eduPersonAffiliation,authorities"/>
                        <module-option name="principalGroupName" value="CallerPrincipal"/>
                        <module-option name="roleGroupName" value="Roles"/>
                        <module-option name="cacheAssertions" value="true"/>
                        <module-option name="cacheTimeout" value="480"/>
                    </login-module>
                </authentication>
            </security-domain>

，现在我只想强制此应用程序使用此领域.在我的应用程序的jboss-web.xml中，我有:

and now I just want to force this application to use this realm. In my application's jboss-web.xml, I have:

<?xml version="1.0" encoding="UTF-8"?>  
<jboss-web>  
    <security-domain>myrealm</security-domain>  
</jboss-web> 

我缺少什么，因为如果我访问我的应用程序时，它不会将我重定向到我的CAS登录页面，而只是转到index.html?

What am I missing, because if I access my application it doesn't redirect me to my CAS login page, it just goes to index.html?

推荐答案

您在jboss-web.xml中缺少Valve条目

You are missing an valve-Entry in your jboss-web.xml

<valve>
    <class-name>com.foo.MyAuthenticator
    </class-name>
</valve>

MyAuthenticator是org.apache.catalina.Authenticator的实现.

MyAuthenticator is an implementation of org.apache.catalina.Authenticator.

在我的环境中，我修改了

In my environment, I modified the FormAuthenticator to read the samlArtifactId and serviceUrl instead of username/password.

在您的web.xml中，您需要添加登录方法，即没有"Authenticator"的AuthenticatorName.如果您将身份验证者命名为MyAuthenticator，则需要添加:

In your web.xml you need to add the login-Method, which is the AuthenticatorName without "Authenticator". If you name your authenticator MyAuthenticator you need to add:

<login-config>
    <auth-method>MY</auth-method>
</login-config>

据我所知，jboss没有现成的身份验证器，因此您需要创建自己的身份验证器实现.或者，您可以使用过滤器，该过滤器也可以在jboss上使用.

As far as i know there is no existing authenticator for jboss, so you need to create your own authenticator implementation. Or you can use filters, which work also on jboss.

如果您需要编写自己的身份验证器，则应该熟悉 JAAS .您可以使用jasig类重用登录模块(您将其命名为"myrealm").开始阅读并理解

If you need to write your own authenticator, you should become familiar with JAAS. You can reuse the login-module (you named it my 'myrealm') with the jasig classes. Start to read and understand FormAuthenticator and then modify it, to read the serviceURL and SamlArtifact from the request instead of username password and pass the values to the callback handler.

这篇关于Jboss-CAS不带过滤器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！