I am trying to authenticate a ticket against CAS. I have a working CAS server, and 2 services. Service A is an alfresco server, service B is my own Spring Web App.
I log into B and am redirecdted to CAS login, I login, and I am in Web App B just fine. All Happy.
I can SSO into Alfresco explorer just fine. (ie, I click on a link, and I am already loged in) All Happy.
In my web app B, I call a RESTful api in alfresco(A) and I am all sad.
I can put the REST url call into my browser and I get the expected result, and I am all confused.
How do I call this URL from my web app B? I add the ticket to the end of the URL like this:
https://example.org:8443/alfresco/service/workflow/getTaskList?userId=me&ticket=ST-6-ayiC6vVX3yEBQcFB12sj-xxx.org
My Web.xml is set up like this:
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://example.org:7443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://example.org:8443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://example.org:7443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://example.org:8443</param-value>
</init-param>
</filter>
<filter>
<filter-name>Alfresco CAS Authentication Filter</filter-name>
<filter-class>org.xxx.alfresco.repository.extension.web.app.servlet.CASAuthenticationFilter</filter-class>
</filter>
with my filter mappings for the webservices like this:
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/service/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/service/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Alfresco CAS Authentication Filter</filter-name>
<url-pattern>/service/*</url-pattern>
</filter-mapping>
But as I have debugging going on, I can see that I am not even getting to my CASAuthenticationFilter. The error is begin picked up by Cas20ProxyReceivingTicketValidationFilter. Here is the exception:
Feb 10, 2014 1:56:17 AM org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter doFilter
WARNING: org.jasig.cas.client.validation.TicketValidationException:
ticket 'ST-6-ayiC6vVX3yEBQcFB12sj-xxx.org' not recognized
Any Ideas?
Related
I inherited two legasy project of Alfresco (CE 5.2.e and 5.0.0) and have struggle with webdav. Connect is succesfull but as root dir is set "User Homes" for admin and "Home folder" for other users.I cant navigate enythere else. I need connect "Company Home" as root dir. I thing i miss some configuration but have no idea where to search.
I find only this blog https://hub.alfresco.com/t5/alfresco-content-services-hub/file-server-configuration/ba-p/291570 So I checked config <alf_install_dir>/tomcat/webapps/alfresco/WEB-INF/web.xml and it have all default values from installer set properly.
<context-param>
<param-name>store</param-name>
<param-value>workspace://SpacesStore</param-value>
</context-param>
<context-param>
<param-name>rootPath</param-name>
<param-value>/app:company_home</param-value>
</context-param>
<filter>
<filter-name>WebDAV Authentication Filter</filter-name>
<filter-class>org.alfresco.repo.web.filter.beans.BeanProxyFilter</filter-class>
<init-param>
<param-name>beanName</param-name>
<param-value>WebDavAuthenticationFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>WebDAV Authentication Filter</filter-name>
<url-pattern>/webdav/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WebDAV Authentication Filter</filter-name>
<url-pattern>/cmisatom/*</url-pattern>
</filter-mapping>
<!-- WebDAV session listener - ensures that no locked resources is left after session expires -->
<listener>
<listener-class>org.alfresco.repo.webdav.WebDAVSessionListener</listener-class>
</listener>
<servlet>
<servlet-name>WebDAV</servlet-name>
<servlet-class>org.alfresco.repo.webdav.WebDAVServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>WebDAV</servlet-name>
<url-pattern>/webdav/*</url-pattern>
</servlet-mapping>
I want to log in some users just with their login names (SSO). So I think http header authentication is the way to go.
I did everything what the doc says (http://help.adobe.com/en_US/connect/8.0/webservices/connect_8_webservi ces.pdf)
I added a line to custom.ini for HTTP_AUTH_HEADER (
HTTP_AUTH_HEADER=white50
)
My web.xml fil contains filter settings below.
I am requesting "https://example.com/api/xml?action=login&external-auth=use" with http header (white50=adobe_connect_loginname).
But I always get no-access error response from AC server. I could not authenticate user with its login name without password.
Could you help please.
web.xml:
<filter-name>HeaderAuthenticationFilter</filter-name>
<filter-class>com.macromedia.airspeed.servlet.filter.HeaderAuthentica tionFilter</filter-class>
<init-param>
<param-name>ignore-pattern-0</param-name>
<param-value>/api/</param-value>
</init-param>
<init-param>
<param-name>ignore-pattern-1</param-name>
<param-value>/common/</param-value>
</init-param>
<init-param>
<param-name>ignore-pattern-2</param-name>
<param-value>/servlet/gateway/</param-value>
</init-param>
<init-param>
<param-name>ignore-pattern-3</param-name>
<param-value>/servlet/mirror</param-value>
</init-param>
<init-param>
<param-name>ignore-pattern-4</param-name>
<param-value>/servlet/testbuilder</param-value>
</init-param>
<init-param>
<param-name>ignore-pattern-5</param-name>
<param-value>/main</param-value>
</init-param>
<filter-name>HeaderAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
This may not be your only problem, but the request you're testing with...
https://example.com/api/xml?action=login&external-auth=use
...will not be handled by the header authentication filter. It's configured to be ignored by this stanza in the web.xml:-
<param-name>ignore-pattern-0</param-name>
<param-value>/api/</param-value>
Try with the standard login page. If you still have troubles, it might be worth excerpting the relevant lines from the debug log.
I am using Spring MVC to handle my request and I need to send an String to do a search. I am sending, for example, Caçapava, but somewhere it was converting to this Caçapva, everywhere I was looking for my encoding is set to UTF-8. I am using Jackson to handle my JSON and ExtJs to build my view. My request is ok, so the problem is not with my ExtJs request.
Request parameters:
Query String Parameters
_dc:1363866108143
nomeCidade:Caçapava
page:1
start:0
limit:50
Anyone could help me?
Basically I use CharacterEncodingFilter to force Spring to use UTF-8 (web.xml):
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
But, it may also depend on your server. Here is the discussion for tomcat. And see here for URIEncoding parameter.
I have various modules in my Application such as Authentication , Tickets , Reports ---etc .
I want to apply Filters only to the Authentication Module and not to any other Modules .
I have written a Authentication filter , My question is that , how can i apply this Authentication Filter applicable only to Authentication Module .
<filter>
<filter-name>AuthenFilter</filter-name>
<filter-class>AuthenFilter</filter-class>
<init-param>
<param-name>test-param</param-name>
<param-value>Initialization Paramter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AuthenFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
What should be under the url-pattern tag so that its applicable only to the AuthenFilter Module
You should map your filter to particular URI, like this:
<filter-mapping>
<filter-name>AuthenFilter</filter-name>
<url-pattern>/modules/login</url-pattern>
</filter-mapping>
or
<filter-mapping>
<filter-name>AuthenFilter</filter-name>
<url-pattern>/modules/authentication/*</url-pattern>
</filter-mapping>
I'm trying to serve static content (a HTML form that calls a Jersey REST resource) from the same webapp as the servlet that handles the requests to the resource. As I understand I can filter requests to static content away from the Jersey servlet. My web.xml is as follows, but at the moment I am unable to access the static content nor the resource...both were working separately.
<filter>
<filter-name>my-filter</filter-name>
<filter-class>com.sun.jersey.spi.container.servlet.ServletContainer</filter-class>
<init-param>
<param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name>
<param-value>/*.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>my-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>my-service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.mydomain.ws.myservice</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>my-service</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
FWIW your original problem was probably because the param-value for the WebContentRegex was not a regular expression. Ok techincally it was, but it is not matching what you probably want. You should try something like /.*.html instead.
I setup my services such that the rest service are under their own subpath separate from the static content:
<servlet-mapping>
<servlet-name>ServletAdaptor</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>