Re: [cas-user] Tomcat CAS Client Filter Only Working at / (Root)

Tue, 26 Nov 2024 09:07:34 -0800 

Ray,
That's what I had originally. It all works if my filter is applied to "/*" but if I use subpath for the webapp installed in tomcat "/ldapconn/*" 

it appears to not get invoked/triggered etc.

I will sanity check my eyes again today.

C

On 2024-11-25 3:42 PM, Ray Bon wrote:

Colin,

I have this filter order (I should have included this earlier):

Authentication
Validation
Wrapper


Filters are applied in the order they are listed in web.xml. There is 
no mechanism to skip nor go backwards.

One must authenticate before validate.

Note: if you want to use a logout filter, it would precede authenticate.

Ray

On Mon, 2024-11-25 at 14:38 -0500, Colin Ryan wrote:


        

You don't often get email from col...@caveo.ca. Learn why this is 
important <https://aka.ms/LearnAboutSenderIdentification>

        

Ray,

Changed to the following:


<filter-mapping>
   <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
     <filter-name>CAS Validation Filter</filter-name>
     <url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>

<filter-mapping>
     <filter-name>CAS Authentication Filter</filter-name>
     <url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>


Same issue

Thanks
On 2024-11-25 1:55 PM, Ray Bon wrote:

Colin,


The filters are ordered. Authentication filter must be listed before 
validation filter.


Ray

On Fri, 2024-11-22 at 13:40 -0500, Colin Ryan wrote:

[You don't often get email from col...@caveo.ca. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]


Folks,

CAS Client 3.6.4

Filter is starting in the logs, but I only want CAS to be in play for 1
specific WebApp installed on this Tomcat 9 instance.

If I change the url-patterns in the web.xml file to "/*" everything
works, but if I try to scope CAS down to the specific App the filter's
appear to never be "invoked". I have a simple .jsp file in
/ldapconn/casverify.jsp for confirming CAS. If I in a freshly started
browser go to

/ldapconn/casverify.jsp I do not get redirected to CAS for
authentication and get errors obviously in my JSP.

Even if I go to CAS directly and login and then go to
/ldapconn/casverify.jsp I get the same error.

If I change the url-patterns to just "/*" it all works as expected.


Here is my web.xml


<!-- CAS Validation Filter -->
<filter>
   <filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
<param-name>casServerUrlPrefix</param-name>

<param-value>Warning this link may be malicious, it actually goes 
to the site "ssoservice.mydomain.net" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376066536%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OfsE9HMJzlE4fkcoP83ShfURURxqDMcJ6wksYw%2Ft7wk%3D&reserved=0 
<https://ssoservice.mydomain.net/cas></param-value>

   </init-param>
<init-param>
     <param-name>serverName</param-name>

<param-value>Warning this link may be malicious, it actually goes 
to the site "ldapconn.mydomain.net:8080" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376086761%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pChxlFSf6aasE1D4Lq037Rv6nzPIU4WHqjPAtS0i%2FdE%3D&reserved=0 
<http://ldapconn.mydomain.net:8080/></param-value>

   </init-param>
</filter>

<!-- Cas Filter/Wrapper -->

  <filter>
   <filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
   <init-param>
<param-name>casServerUrlPrefix</param-name>

<param-value>Warning this link may be malicious, it actually goes 
to the site "ssoservice.mydomain.net" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376097782%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=XS%2BgBACgj1tp16bY3db3ohSw94WajWupQnxRXB3ehEs%3D&reserved=0 
<https://ssoservice.mydomain.net/cas></param-value>

   </init-param>
<init-param>
     <param-name>serverName</param-name>

<param-value>Warning this link may be malicious, it actually goes 
to the site "ldapconn.mydomain.net:8080" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376110255%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=adVzJR7CAYa7QVdyIIey%2B3iJNmJVikxwj5%2Bn%2BpNMPCc%3D&reserved=0 
<http://ldapconn.mydomain.net:8080/></param-value>

   </init-param>
</filter>

<!-- CAS Wrapper -->

<filter>
   <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter-mapping>
     <filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>


<filter-mapping>
     <filter-name>CAS Validation Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>



<filter-mapping>
   <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
   <url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>


--

- Website: Warning this link may be malicious, it actually goes to 
the site "apereo.github.io" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376121285%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xuxlHxU%2BKrXYJA3i%2BlDGbDBY0DqpnwpnRqDfbUTwzz4%3D&reserved=0 
<https://apereo.github.io/cas>
- List Guidelines: Warning this link may be malicious, it actually 
goes to the site "goo.gl" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376132089%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ghQQ69ubKIsO564UuW8kOjc44w0pEuvhW8tSD98monc%3D&reserved=0 
<https://goo.gl/1VRrw7>
- Contributions: Warning this link may be malicious, it actually 
goes to the site "goo.gl" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376142745%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ZEJVa97c2Fq1tA7WrXU2p5whAp%2B6TVkp%2BBWUJ8avVnQ%3D&reserved=0 
<https://goo.gl/mh7qDG>

---

You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email tocas-user+unsubscr...@apereo.org.
To view this discussion visit Warning this link may be malicious, 
it actually goes to the site "groups.google.com" while 
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2Fc9057747-931f-4578-9459-e049e5c80ff2%2540caveo.ca&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376153359%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=7QMR5RrzsGcphF8UDr9VjHGc8sQ6p2ggdX6S15%2BrUWM%3D&reserved=0 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9057747-931f-4578-9459-e049e5c80ff2%40caveo.ca>.




--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---

You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca?utm_medium=email&utm_source=footer>.


--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/752e1e5b-fcdb-4dc9-aec8-87172a0edee7%40caveo.ca.






















					Reply via email to