Skip to end of metadata
Go to start of metadata
Table of Contents

Required libraries at time of writing

  • cas-client-core-3.1.3.jar
  • commons-codec-1.4.jar
  • commons-logging-1.1.jar
  • opensaml-1.1.jar
  • xmlsec-1.4.0.jar
  • log4j-1.2.15.jar

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://cas.mydomain.com/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8084</param-value>
        </init-param>
        </filter>
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://cas.mydomain.com/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8084</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <!--
              Adjust to accommodate clock drift between client/server.
              Increasing tolerance has security consequences, so it is preferable to
              correct the source of clock drift instead.
            -->
            <param-name>tolerance</param-name>
            <param-value>5000</param-value>
        </init-param>
        </filter>
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <!-- Other filters as needed -->


    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--
      Other filter mappings as needed.
      Ordering of filter mappings is vitally important to proper CAS function.
    -->

    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
	<welcome-file>
            index.jsp
        </welcome-file>
    </welcome-file-list>
</web-app>

index.jsp

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.Iterator" %>
<%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>CAS Test</title>
    </head>
    <body>

    <h1>CAS Test</h1>

    <p><%= request.getRemoteUser() %></p>
<%

AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();

Map attributes = principal.getAttributes();

Iterator attributeNames = attributes.keySet().iterator();

out.println("<table>");

for (; attributeNames.hasNext();) {
out.println("<tr><th>");
String attributeName = (String) attributeNames.next();
      out.println(attributeName);
      out.println("</th><td>");
      Object attributeValue = attributes.get(attributeName);
      out.println(attributeValue);
      out.println("</td></tr>");
}

out.println("</table>");

%>
    </body>
</html>

Sample Project

A sample project that demonstrates the above example is available here.

  • No labels

2 Comments

  1. On Jboss, user principle is null with this filter, what am I doing wrong?

    1. If Jboss is like Tomcat, it may be because Jboss, by default, is set up to reject external headers like REMOTE_USER and accept it's own authentication.  We found that with tomcat, we had to set the AJP to turn off tomcat authentication in it's server.xml file:

      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
      tomcatAuthentication="false" />