Versions Compared

Old Version 9

changes.mady.by.user Massimiliano Turri

Saved on

compared with

New Version 10

changes.mady.by.user Massimiliano Turri

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

where serverName and serverPort are the name and port on which Tomcat is running. The above instructions add the CAS authenticator to the Tomcat context and add the GroupManager Realm for authorization.

...

The SRS Cas Proxy Authenticator 

...

In the above example we used the class org.jasig.cas.client.tomcat.v6.Cas20ProxyCasAuthenticator as Valve. As part of the configuration we have to pass the serverName. For most applications that are to accessed using IIS this is fine as the serverName is shared by many servers (like glast-ground.slac.stanford.edu). For applications like probe that need to be accessed directly on the server, this configuration would require to have duplicate configurations like the one above each on the server on which probe is running.

To avoid duplication of configuration we ended up writing our own class: org.srs.cas.client.tomcat.v6.Cas20ProxyCasAuthenticator. This class is a copy of the jasig class org.jasig.cas.client.tomcat.v6.Cas20ProxyCasAuthenticator (it could not be extended as this class is final).

This SRS copy of the Cas Proxy Authenticator parses the serverName and replaces evironment varialbes. The configuration of the Valve now looks like:

Code Block

 <Valve
 className="org.srs.cas.client.tomcat.v6.Cas20ProxyCasAuthenticator"
 encoding="UTF-8"
 casServerLoginUrl="https://glast-ground.slac.stanford.edu/cas-srs/login"
 casServerUrlPrefix="https://glast-ground.slac.stanford.edu/cas-srs/"
 myServerName="${HOST}.slac.stanford.edu:8080"
 />

Also notice that the serverName property has not become myServerName (the method getServerName is also final and inherited from the parent).

...

The GroupManager Realm org.srs.cas.tomcat.integration.GroupManagerRealm

...

  • Choose which GroupManager to use. This can be chosen at the Tomcat level by setting the System property experiment.groupmanager.url. The default is *http://srs.slac.stanford.edu/GroupManager*Image Removed.
  • Choose which experiment to use; the experiment by default is SRS. This default can be overwritten at the Tomcat level by setting the System property* org.srs.web.base.experiment*. Finally the experiment can also be specified at the role level; we accept roles in the form EXPERIMENT:ROLE. For roles that match this pattern a user will be checked for role ROLE against experiment EXPERIMENT.

...