Skip to end of metadata
Go to start of metadata
Table of Contents

When redirecting from the https CAS application back to an http service after authenticating successfully, IE6 presents the user with a security dialog saying "you are about to be redirected to a connection that is not secure, do you really want to do this?". We can avoid this by using javascript to perform the redirection in the client browser, instead of a server side redirect. This approach works fine for web pages, but does not work for protected image content, which will not execute the returned javascript, so we revert to a serverside redirect for this type of content.

1. Create WEB-INF/view/jsp/default/ui/redirect.jsp to perform the redirection using javascript

<%@page import="org.jasig.cas.authentication.principal.WebApplicationService" %>
<%@page import="org.jasig.cas.web.support.WebUtils" %>
<%@page import="java.net.URL" %>
<%
WebApplicationService service = (WebApplicationService) request.getAttribute("service");
String ticket  = (String) request.getAttribute("serviceTicketId");
String redirectURL = service.getResponse(ticket).getUrl();
boolean serverSideRedirect = false;
// if redirect is for an image, js or css file
URL url = new URL(redirectURL);
String path = url.getPath();
int dotPos = path.lastIndexOf("."); // returns -1 if not found
if( dotPos != -1 )
{
    String ext = path.substring(dotPos).toLowerCase();
    serverSideRedirect = ".gif".equals(ext) || ".jpg".equals(ext) || ".png".equals(ext) || ".js".equals(ext) || ".css".equals(ext);
}
if( serverSideRedirect )
{
    // Serverside redirect using HTTP 302
    response.sendRedirect(redirectURL);
}
else
{
    // Client side redirect using javascript
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head>
    <script type="text/javascript" language="javascript">
      <!--
        window.location.replace ("<%=redirectURL%>");
      -->
    </script>
    <title>Redirect</title>
  </head>
  <body></body>
</html>
<%
}
%>

2. Make a redirect view available to CAS by adding it to WEB-INF/classes/default_view.properties

### Redirect view (logged in, javascript redirect to service)
redirectView.(class)=org.springframework.web.servlet.view.JstlView
redirectView.url=/WEB-INF/view/jsp/default/ui/redirect.jsp

 3. Modify WEB-INF/login-webflow.xml to make the redirect end state use the new view

<end-state id="redirect" view="redirectView" />




  • No labels