Author: sohil.shah(a)jboss.com Date: 2007-05-25 12:40:42 -0400 (Fri, 25 May 2007) New Revision: 7342 Added: branches/2_6_CAS_Integration/identity/cas/config/ branches/2_6_CAS_Integration/identity/cas/config/context.xml branches/2_6_CAS_Integration/identity/cas/config/deployerConfigContext.xml Modified: branches/2_6_CAS_Integration/core/build.xml Log: CAS plugin deployment related cleanup Modified: branches/2_6_CAS_Integration/core/build.xml =================================================================== --- branches/2_6_CAS_Integration/core/build.xml 2007-05-25 15:49:41 UTC (rev 7341) +++ branches/2_6_CAS_Integration/core/build.xml 2007-05-25 16:40:42 UTC (rev 7342) @@ -749,6 +749,15 @@ <copy todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib" overwrite="true"> <fileset dir="../identity/cas/lib" includes="casclient.jar"/> </copy> + <copy todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/portal-server.war/WEB-INF" overwrite="true"> + <fileset dir="../identity/cas/config" includes="context.xml"/> + </copy> + <copy todir="${jboss.home}/server/${portal.deploy.dir}/cas.war/WEB-INF" overwrite="true"> + <fileset dir="../identity/cas/config" includes="deployerConfigContext.xml"/> + </copy> + <copy todir="${jboss.home}/server/${portal.deploy.dir}/cas.war/WEB-INF/lib" overwrite="true"> + <fileset dir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib" includes="portal-identity-lib.jar"/> + </copy> </target> <target name="deploy-cas-lenient" depends="deploy-explode"> <require file="${jboss.home}/server/${portal.deploy.dir}"/> @@ -756,5 +765,14 @@ <copy todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib" overwrite="true"> <fileset dir="../identity/cas/lib" includes="casclient-lenient.jar"/> </copy> + <copy todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/portal-server.war/WEB-INF" overwrite="true"> + <fileset dir="../identity/cas/config" includes="context.xml"/> + </copy> + <copy todir="${jboss.home}/server/${portal.deploy.dir}/cas.war/WEB-INF" overwrite="true"> + <fileset dir="../identity/cas/config" includes="deployerConfigContext.xml"/> + </copy> + <copy todir="${jboss.home}/server/${portal.deploy.dir}/cas.war/WEB-INF/lib" overwrite="true"> + <fileset dir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib" includes="portal-identity-lib.jar"/> + </copy> </target> </project> Added: branches/2_6_CAS_Integration/identity/cas/config/context.xml =================================================================== --- branches/2_6_CAS_Integration/identity/cas/config/context.xml (rev 0) +++ branches/2_6_CAS_Integration/identity/cas/config/context.xml 2007-05-25 16:40:42 UTC (rev 7342) @@ -0,0 +1,9 @@ +<?xml version="1.0"?> +<Context> + <Valve className="org.jboss.portal.identity.auth.CASAuthenticationValve" + casLogin="https://localhost/cas/login" + casValidate="https://localhost/cas/serviceValidate" + casServerName="localhost" + authType="FORM" + /> +</Context> Added: branches/2_6_CAS_Integration/identity/cas/config/deployerConfigContext.xml =================================================================== --- branches/2_6_CAS_Integration/identity/cas/config/deployerConfigContext.xml (rev 0) +++ branches/2_6_CAS_Integration/identity/cas/config/deployerConfigContext.xml 2007-05-25 16:40:42 UTC (rev 7342) @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> +<!-- + | deployerConfigContext.xml centralizes into one file some of the declarative configuration that + | all CAS deployers will need to modify. + | + | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. + | The beans declared in this file are instantiated at context initialization time by the Spring + | ContextLoaderListener declared in web.xml. It finds this file because this + | file is among those declared in the context parameter "contextConfigLocation". + | + | By far the most common change you will need to make in this file is to change the last bean + | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with + | one implementing your approach for authenticating usernames and passwords. + +--> +<beans> + <!-- + | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean + | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, + | "authenticationManager". Most deployers will be able to use the default AuthenticationManager + | implementation and so do not need to change the class of this bean. We include the whole + | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will + | need to change in context. + +--> + <bean id="authenticationManager" + class="org.jasig.cas.authentication.AuthenticationManagerImpl"> + <!-- + | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. + | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which + | supports the presented credentials. + | + | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal + | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver + | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace + | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are + | using. + | + | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. + | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. + | You will need to change this list if you are identifying services by something more or other than their callback URL. + +--> + <property name="credentialsToPrincipalResolvers"> + <list> + <!-- + | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login + | by default and produces SimplePrincipal instances conveying the username from the credentials. + | + | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also + | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the + | Credentials you are using. + +--> + <bean + class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> + <!-- + | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of + | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a + | SimpleService identified by that callback URL. + | + | If you are representing services by something more or other than an HTTPS URL whereat they are able to + | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). + +--> + <bean + class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> + </list> + </property> + + <!-- + | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, + | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that + | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn + | until it finds one that both supports the Credentials presented and succeeds in authenticating. + +--> + <property name="authenticationHandlers"> + <list> + <!-- + | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating + | a server side SSL certificate. + +--> + <bean + class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> + <property + name="httpClient" + ref="httpClient" /> + </bean> + + <!-- + | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS + | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials + | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your + | local authentication strategy. You might accomplish this by coding a new such handler and declaring + | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. + +--> + <bean + class="org.jboss.portal.identity.auth.CASAuthenticationHandler" /> + </list> + </property> + </bean> +</beans>