Page Operations
Browse Space
Added by Sebastian Gonzalez Oyuela, last edited by Sebastian Gonzalez Oyuela on Aug 12, 2011
()
Labels:
Introduction
JOSSO Generic JEE Agent works differently that other platform specific agents. In this case, JOSSO cannot create a security domain for the container because there is no (widely adopted) standard mechanism for this. In the future, with the adoption of JSR-196 in JEE containers, a standard mechanism will be provided.
Setting up a JOSSO Generic JEE agent is the same as Jossifying a JEE Application for a Generic container.
Add JOSSO componentes to your application
JOSSO Jars and 3rd party jars, add them to your application at WEB-INF/lib
aopalliance-1.0.jar
axis-1.4.jar
axis-ant-1.4.jar
axis-jaxrpc-1.4.jar
axis-saaj-1.4.jar
axis-wsdl4j-1.5.1.jar
commons-codec-1.3.jar
commons-digester-1.2.jar
commons-discovery-0.4.jar
commons-logging-1.0.4.jar
commons-logging-api-1.0.4.jar
commons-modeler-1.1.jar
josso-agent-1.8.6-SNAPSHOT.jar
josso-common-1.8.6-SNAPSHOT.jar
josso-core-1.8.6-SNAPSHOT.jar
josso-protocol-client-1.8.6-SNAPSHOT.jar
josso-servlet-agent-1.8.6-SNAPSHOT.jar
josso-ws-1.8.6-SNAPSHOT.jar
spring-aop-2.5.5.jar
spring-beans-2.5.5.jar
spring-context-2.5.5.jar
spring-core-2.5.5.jar
xbean-spring-3.4.3.jar
Add JOSSO Agent configuration
Copy josso-agent-config.xml to WEB-INF/classes
Configure JOSSO Filters
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <!-- JOSSO web.xml sample descriptor for deploying on Generic JEE Containers --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <web-app> <display-name>JOSSO Partner Application</display-name> <!-- This filter will provide security context, if present --> <filter> <filter-name>JOSSOGenericServletFilter</filter-name> <description>JOSSO Generic Servlet Container filter</description> <filter-class>org.josso.servlet.agent.GenericServletSSOAgentFilter</filter-class> </filter> <!-- This filter will automatically request user authentication --> <filter> <filter-name>JOSSOWebAccessControlServletFilter</filter-name> <description>JOSSO Generic Web Acces Control servlet filter</description> <filter-class>org.josso.agent.http.WebAccessControlFilter</filter-class> </filter> <!-- User information will be available when accessing this URLs --> <filter-mapping> <filter-name>JOSSOGenericServletFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- User must be authenticated to access this URLs --> <filter-mapping> <filter-name>JOSSOWebAccessControlServletFilter</filter-name> <url-pattern>/protected-managed.jsp</url-pattern> </filter-mapping> <welcome-file-list id="WelcomeFileList"> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
Configure JOSSO Agent
Copy the agent configuration file into the WEB-INF/classes folder.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:ns2="http://www.springframework.org/schema/osgi" xmlns:ns3="http://www.springframework.org/schema/tool" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd"> <bean class="org.josso.servlet.agent.GenericServletSSOAgent" name="josso-tc60-agent"> <!-- ============================================ --> <!-- Genreral options --> <!-- ============================================ --> <property name="sessionAccessMinInterval"> <value>1000</value> </property> <property name="disableJaas"> <value>true</value> </property> <property name="isStateOnClient"> <value>true</value> </property> <!-- ============================================ --> <!-- JOSSO Login URL (for JOSSO SP Initiated SSO) --> <!-- ============================================ --> <property name="gatewayLoginUrl"> <value>http://josso-host/josso/signon/login.do</value> </property> <!-- ============================================ --> <!-- JOSSO Login URL (for JOSSO SP Initiated SLO) --> <!-- ============================================ --> <property name="gatewayLogoutUrl"> <value>http://josso-host/josso/signon/logout.do</value> </property> <!-- ==================================== --> <!-- JOSSO back channel endpoints (SOAP) --> <!-- ==================================== --> <property name="gatewayServiceLocator"> <bean class="org.josso.gateway.WebserviceGatewayServiceLocator"> <!-- Uncomment to SSL transport in back channel <property name="transportSecurity"> <value>CONFIDENTIAL</value> </property> --> <property name="endpoint"> <value>josso-host</value> </property> </bean> </property> <property name="parametersBuilders"> <list> <bean class="org.josso.agent.http.AppIdParametersBuilder"/> </list> </property> <property name="automaticLoginStrategies"> <list> <bean class="org.josso.agent.http.DefaultAutomaticLoginStrategy"> <property name="mode"> <value>REQUIRED</value> </property> <property name="ignoredReferrers"> <list> <!--Always ignore this referrers --> <value>http://josso-host/IDBUS/</value> </list> </property> </bean> </list> </property> <property name="configuration"> <bean class="org.josso.agent.SSOAgentConfigurationImpl"> <property name="ssoPartnerApps"> <list> <!-- ================================================ --> <!-- Partner application configuration: --> <!-- --> <!-- id: the application id, as configured in JOSSO --> <!-- Identity Provider --> <!-- --> <!-- vhost: must be the hostname that users see when --> <!-- accessiong the applicationiCongo --> <!-- application configuration: --> <!-- --> <!-- context: the web application context, use '/' --> <!-- for applications running in the root ctx --> <!-- --> <!-- ================================================ --> <bean class="org.josso.agent.SSOPartnerAppConfig"> <property name="id"> <value>partnerapp</value> </property> <property name="vhost"> <!-- Uncomment with the proper value for your environment --> <value>partnerapp-host</value> </property> <property name="context"> <value>/partnerapp</value> </property> </bean> </list> </property> </bean> </property> </bean> </beans>
Access SSO User information
<%-- ~ JOSSO: Java Open Single Sign-On ~ ~ Copyright 2004-2009, Atricore, Inc. ~ ~ This is free software; you can redistribute it and/or modify it ~ under the terms of the GNU Lesser General Public License as ~ published by the Free Software Foundation; either version 2.1 of ~ the License, or (at your option) any later version. ~ ~ This software is distributed in the hope that it will be useful, ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~ Lesser General Public License for more details. ~ ~ You should have received a copy of the GNU Lesser General Public ~ License along with this software; if not, write to the Free ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~ --%> <%@ page import="org.josso.agent.Constants" %> <%@ page import="java.util.Enumeration" %> <%@ page import="org.josso.agent.http.JOSSOSecurityContext" %> <%@ page import="org.josso.agent.http.WebAccessControlUtil" %> <%@ page import="org.josso.gateway.identity.SSOUser" %> <%@ page import="org.josso.gateway.SSONameValuePair" %> <%-- ~ JOSSO: Java Open Single Sign-On ~ ~ Copyright 2004-2008, Atricore, Inc. ~ ~ This is free software; you can redistribute it and/or modify it ~ under the terms of the GNU Lesser General Public License as ~ published by the Free Software Foundation; either version 2.1 of ~ the License, or (at your option) any later version. ~ ~ This software is distributed in the hope that it will be useful, ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~ Lesser General Public License for more details. ~ ~ You should have received a copy of the GNU Lesser General Public ~ License along with this software; if not, write to the Free ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. --%> <%-- Created by IntelliJ IDEA. User: sgonzalez Date: Nov 28, 2007 Time: 3:24:34 PM To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <% // Obtain a JOSSO security context instance, if none is found is because user has not been authenticated. JOSSOSecurityContext ctx = WebAccessControlUtil.getSecurityContext(request); if (ctx == null) { // User has not been authenticated, ask him to login, this will trigger the login process, storing current URL and // Redirecting user to JOSSO Gateway Login page : WebAccessControlUtil.askForLogin(request, response); } else if (!ctx.isUserInRole("role1")) { // User has been authenticated but does not have role1, return a 403 FORBIDDEN error. response.sendError(HttpServletResponse.SC_FORBIDDEN); } else { // Print out the page %> <html> <head><title>Simple JOSSO protected page in delegated mode</title></head> <body> <h3>This is a simple JSP that will only bee accesible if user has been authenticated and is member of group <b>role1</b></h3> <p>SSO User information:</p> <% SSOUser ssoUser = ctx.getCurrentPrincipal(); for (SSONameValuePair property : ssoUser.getProperties()) { out.println(" <li> <b>" + property.getName() + "=</b>" + property.getValue() +"</li>"); } %> <p>Http Headers are :</p> <% out.println("<ul>"); java.util.Enumeration names = request.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); Enumeration values = request.getHeaders(name); while (values.hasMoreElements()) { String value = (String)values.nextElement(); out.println(" <li> <b>" + name + "=</b>" + value +"</li>"); } } out.println("</ul>"); %> </body> </html> <% } %>
|