2

I want to do a Cas Authentication from Standalone-Application but it fails on getting the Ticket from server. Can anyone provide me example code for a method that returns the ticket as String so i can use it for the Authentication. As you see the only Parameter should be the URL from the server. Thats waht i have yet(i know casToken is initialized on null an it doesnt work).

protected String getCasTicket(String serviceUrl) {

        String casToken = null;

        if (casToken == null){

            logger.error("Failed to get CAS-Token!");

        }else{
            logger.info("Got CAS-Token successful!");
        }

        return casToken;
}

1 Answers1

0
public class CasAuthenticationServlet extends HttpServlet {
...
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    // NOTE: The CasAuthenticationToken can also be obtained using
    // SecurityContextHolder.getContext().getAuthentication()
    final CasAuthenticationToken token = (CasAuthenticationToken) request.getUserPrincipal();
    // proxyTicket could be reused to make calls to the CAS service even if the
    // target url differs
    final String proxyTicket = token.getAssertion().getPrincipal().getProxyTicketFor(targetUrl);

    // Make a remote call using the proxy ticket
    final String serviceUrl = targetUrl+"?ticket="+URLEncoder.encode(proxyTicket, "UTF-8");
    String proxyResponse = CommonUtils.getResponseFromServer(serviceUrl, "UTF-8");
...
}

CasAuthenticationProvider constructs a CasAuthenticationToken including the details contained in the TicketResponse and the GrantedAuthoritys. Control then returns to CasAuthenticationFilter, which places the created CasAuthenticationToken in the security context.

Cas Example: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/sample-apps.html#cas-sample

EDIT:

Please refer https://www.javaworld.com/article/3313114/what-is-a-java-servlet-request-handling-for-java-web-applications.html for creating a servlet

Mebin Joe
  • 2,172
  • 4
  • 16
  • 22
  • At first Thank you! I found a very similar example but i dont know how to set up the HttpServletRequest and HttpServletResponse so when calling the method i can type in these Parameters. –  Jul 26 '19 at 09:10
  • @XaNaX420 Edited the answer. add a servlet doGet() method (as an HTTP end point for fetching token) or implement a filter to check authentication for all requests. I understand you are using a standalone Java application and not a Web application. But somehow you need to hit an external service to retrieve the token. I suggest you to read how to call a servlet from Java application. https://stackoverflow.com/questions/4349854/calling-a-servlet-from-a-java-application – Mebin Joe Jul 26 '19 at 09:27
  • So if i understood correctly the class you wrote is the Servlet i have to hit? –  Jul 26 '19 at 11:28
  • @XaNaX420 yes. You can have any webservice written with the above code and that's the way to have an HttpRequest and HttpResponse – Mebin Joe Jul 28 '19 at 04:55
  • Hi again im getting an error from the Servlet. Error:(21, 46) java: cannot access org.springframework.security.authentication.AbstractAuthenticationTokenclass file for org.springframework.security.authentication.AbstractAuthenticationToken not found. But i dont use AbstractAuthenticationToken?? –  Jul 30 '19 at 14:05
  • @XaNaX420 are you using spring-security ? – Mebin Joe Jul 31 '19 at 06:39
  • Yes i use Spring Security –  Aug 06 '19 at 11:03