Skip to end of metadata
Go to start of metadata
Table of Contents

CAS URLs

Open CAS_HOME/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties. It should look something like this:

You will need to change those URLs (most likely only by changing the hostname and port) to your CAS application's URLs.

ServicesRegistry and Database Connection

In the default deployment, you'll see (volatile data, cleared upon application restart):

This needs to be replaced, if you want the data to be persistent, with something such as the following procedures:

Icon

To have Hibernate automatically generate the proper Database configuration upon initial connection.  This key parameter needs to be included: <prop key="hibernate.hbm2ddl.auto">update</prop> as it is the below config.

  1. Change the bean serviceRegistryDao in deployerConfigContext.xmlto something like this. This is to persist the services data to the database of your favour using Hibernate.

    • The data source will need to be modified for your particular database (i.e. Oracle, MySQL, etc.), but the name "dataSource" should be preserved.
      MySQL example:

  2. Change the property hibernate.dialect in adequacy with your data base in cas.properties and deployerConfigContext.xml.
    MySQL example:
        In cas.properties

        In deployerConfigContext.xml

  3. Add the xml namespace "tx" to deployerConfigContext.xml

  4. Whatever dataSource you use, add the required dependencies to the pom.xml file for your CAS webapp (the default is cas-server-webapp/pom.xml), to include the relevant jars.
    Continuing the MySQL example

    NB. The given artifact version is to be used with CAS 3.4.2.1

  5. Package your webapp and go for a try.

 

 

Notes on the availability of Services Management Application Database

If the Services Management Application database happens to be unavailable you will still be able to perform service authorization.  CAS maintains an in-memory collection of services that is periodically refreshed from the database.  If the database is down, the periodic refresh process will fail.  But the in-memory data will continue to be available to support service authorization.

ServicesRegistry and MongoDb Integration

As an alternative to traditional RDBMS implementations of the service registry, a MongoDb implementation is available that is read-write, enabling fuller use of the CAS service registry management administrative UI web application and is transactional, while lower-ceremony and "lighter" than dealing with a traditional RDBMS.

See this link for additional instructions.


 

JSON ServicesRegistry

 

There exists a JSON-file based implementation of service registry, where service definitions may be defined in a flat JSON file and are loaded by CAS. The registry has the ability to auto-reload changes that are made to the file ad-hoc without requiring server restarts. Variations in the registry allow full use of the services management interface, to be able to write changes back out to the file.

 

See this link for additional instructions.

 

Securing the Services Management Application

In-Memory managed list of static users

The first step is to modify the cas.properties as above in order to actually authenticate via CAS (you can also replace the mechanism with another entry).
Once you've done that, you'll need to include the authorization information. The default securityContext.xml includes a hard-coded in-memory authorization DAO. For simple cases, this may be sufficient. You can add/remove entries by looking for the following in deployerConfigContext.xml:

where 'username' is the user you want to grant access. You can also replace the in-memory implementation with any of the provided Acegi choices. More information can be found on them at the Acegi Security web site.

Ldap-server managed list of users

If you wish allow access to the services management application via an LDAP group/server, replace the above configuration with the following:

Replace the samle attribute values with those that match your environment.

You will also need to ensure that the "spring-security-ldap" dependency is available to your build at runtime. Replace "spring.security.ldap.version"  with the appropriate spring-security-ldap release version number.

 

 

Your First Entry

If you're using CAS to authenticate against the Services Management application (as opposed to using some form-based mechanism, etc.) then your first entry in the Services Management application needs to be the Services Management application itself!

References

  1. Hibernate Dialect for different database
    http://www.roseindia.net/hibernate/firstexample.shtml
  2. Spring Framework's declarative transaction implementation
    http://www.springframework.org/docs/reference/transaction.html#transaction-declarative-first-example