Fórum

  1. Início
  2. Development
  3. Servlet in portlet: restricting access using CAS / accessing themedisplay

Servlet in portlet: restricting access using CAS / accessing themedisplay

thumbnail
Baptiste Grenier, modificado 14 Anos atrás.

Servlet in portlet: restricting access using CAS / accessing themedisplay

Regular Member Postagens: 100 Data de Entrada: 30/06/09 Postagens Recentes
Hi,
Using the Plugins SDK I've developed a portlet containing a servlet (outputting a JavaScript file) that is mapped into the web.xml of a portlet. They are both packaged in the same WAR.
The servlet works fine, but I would like to restrict access to it and to add logged-in user related information.
As I am using CAS (version 3.x) to authenticate the users I would like to now how I could restrict access (make private) to the servlet.

I tried to add the CAS filters from the portal's web.xml to the portlet's web.xml and then to add filter-mapping for the servlet but it was failing on deploy of the portlet (Filter start error I think).

I also tried to get themeDisplay from the request to be able to check if someone is signed-in but themeDisplay is desperately null.
I even tried to call my servlet through PortalDelegateServlet, the call did work, but themeDisplay is still null.
And as for now it didn't go through any authentication filter is looks normal to me.

I also think that I can't use the JSR286 serveResource to send the generated JavaScript as my servlet is intended to be linked from another external CAS-protected site and I need to have a clear and descent URL.

I've searched the forums/net but I wasn't able to find any information that could help me.

Please, does anybody have any idea on how to achieve this?

Regards,
Baptiste
thumbnail
Baptiste Grenier, modificado 14 Anos atrás.

RE: Servlet in portlet: restricting access using CAS / accessing themedispl

Regular Member Postagens: 100 Data de Entrada: 30/06/09 Postagens Recentes
I was able to fix the problem with the CAS mapping, now the servlet is protected by CAS after having added CAS filters to the web.xml of the portlet:

<filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>
  <filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
      <param-name>casServerLoginUrl</param-name>
      <param-value>https://plop.com/cas/login</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>localhost:8080</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
    <init-param>
      <param-name>casServerUrlPrefix</param-name>
      <param-value>https://plop.com/cas/login</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>localhost:8080</param-value>
    </init-param>
    <init-param>
      <param-name>redirectAfterValidation</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <listener>
</listener>


My previous problem seems to have been only related to missing libs, now it is working with the following ones:
  • opensaml-1.1b.jar
  • xmlsec.jar
  • cas-client-core-3.1.10.jar

As they were already copied to $TOMCAT_HOME/ROOT/WEB-INF/lib I was assuming that they were accessible from all the others webapps, but that's false.

From the servlet I am now able to access the logged-in user using the following code:

String remoteUser = request.getRemoteUser();
String screenName = NeuGRIDAutoLogin.normalizeScreenName(remoteUser);
long companyId = PortalUtil.getCompanyId(request);
user = UserLocalServiceUtil.getUserByScreenName(companyId, screenName);


But I am still missing previous information available in the ThemeDisplay object such as the edit my account url and others things that are quite painful to recreate.
So if someone does have an idea on how to retrieve a themeDisplay from my servlet... emoticon

Cheers,
Baptiste
Mazhar Anwar, modificado 14 Anos atrás.

RE: Servlet in portlet: restricting access using CAS / accessing themedispl

Regular Member Postagens: 125 Data de Entrada: 05/02/10 Postagens Recentes
Baptiste Grenier:
I was able to fix the problem with the CAS mapping, now the servlet is protected by CAS after having added CAS filters to the web.xml of the portlet:

<filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>
  <filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
      <param-name>casServerLoginUrl</param-name>
      <param-value>https://plop.com/cas/login</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>localhost:8080</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
    <init-param>
      <param-name>casServerUrlPrefix</param-name>
      <param-value>https://plop.com/cas/login</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>localhost:8080</param-value>
    </init-param>
    <init-param>
      <param-name>redirectAfterValidation</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/js/dashboard.js</url-pattern>
  </filter-mapping>
  <listener>
</listener>


My previous problem seems to have been only related to missing libs, now it is working with the following ones:
  • opensaml-1.1b.jar
  • xmlsec.jar
  • cas-client-core-3.1.10.jar

As they were already copied to $TOMCAT_HOME/ROOT/WEB-INF/lib I was assuming that they were accessible from all the others webapps, but that's false.

From the servlet I am now able to access the logged-in user using the following code:

String remoteUser = request.getRemoteUser();
String screenName = NeuGRIDAutoLogin.normalizeScreenName(remoteUser);
long companyId = PortalUtil.getCompanyId(request);
user = UserLocalServiceUtil.getUserByScreenName(companyId, screenName);


But I am still missing previous information available in the ThemeDisplay object such as the edit my account url and others things that are quite painful to recreate.
So if someone does have an idea on how to retrieve a themeDisplay from my servlet... emoticon

Cheers,
Baptiste


Hey Baptiste,
Rather than writing a different servlet, Cau you give a try to ServerResource() method of portlet API? I think you can achieve your functionlities without worrying about new servlet and CAS Integration and all and you can get all portlet request object in that method with ease.

Regards,
Mazhar
thumbnail
Baptiste Grenier, modificado 14 Anos atrás.

RE: Servlet in portlet: restricting access using CAS / accessing themedispl

Regular Member Postagens: 100 Data de Entrada: 30/06/09 Postagens Recentes
Mazhar Anwar:
Hey Baptiste,
Rather than writing a different servlet, Cau you give a try to ServerResource() method of portlet API? I think you can achieve your functionlities without worrying about new servlet and CAS Integration and all and you can get all portlet request object in that method with ease.

Regards,
Mazhar

Hey Mazhar,
Thanks for your input, I already took a look at the serveResource() method of the portlet API 2.0, but I need to be able to map the serveResource to a clean URL, and I am not aware of a way of creating a clean resourceURL.
To explain a bit more: my servlet is now generating JavaScript code that is linked from other web sites that are too protected by CAS. For now I am linking to the generated JavaScript file using a URL like: http://plop.com/menu-portlet/js/dashboard.js and I would like to keep that "clean" URL.

Is there a way to do such a thing ?
Amedeo Falanga, modificado 13 Anos atrás.

RE: Servlet in portlet: restricting access using CAS / accessing themedispl

New Member Postagens: 15 Data de Entrada: 25/10/10 Postagens Recentes
Hi,
I have problems configuring my portlet
can you post the CAS configuration of your portlet?

Thanks
cubillas