3 Replies Latest reply on Oct 14, 2009 10:13 AM by choilee

    Strange result of Seam CAS SSO integration

    alartin
    alartin Sep 23, 2009 7:50 AM

      I use Seam 2.2.0.GA and CAS Client 3.1.8, CAS Server 3.3.1.
      It seems I can do SSO between two seam apps: app1 and app2. But When using CAS SSO, seam app is broken by some strange results.
      Seam app1 is a simple CRUD app generated by seam-gen. When not using CAS SSO, you can sort the entity list in the XXXList.xhtml, you can create a new entity in the XXXEdit.xhtml and when you finish editing, you will be redirected to display page. But when using CAS SSO, it produces strange results:
      1. XXXList.xhtml datatable sort function does not work any more.
      2. After creating a new entity, you are not directed to the display page, you still stay at the editing page and can see a message of sucessful creation.
      3. When you go to XXXList.xhtml and you can see the new created entity, but after you click View/Edit link, it shows a page without any information even the entity's id is in the request parameters(in the Browser's URL bar), seems like what you can see when creating a new entity. I am sure that the entity is persisted in the database. It seems that it can not resolve request parameters anymore.
      Here are my app1's web.xml:



       <!-- CAS:Java Client 3.1.8  -->
    <!--
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            classpath:casContext.xml
        </param-value>
    </context-param>
    -->
    <filter>
        <filter-name>CasAuthenticationFilter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://localhost:8443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>CasValidationFilter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://localhost:8443/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    
    <filter>
        <filter-name>CasSingleSignOutFilter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>

    <!-- CAS: Java Client Filter Mappings -->
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CasValidationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <filter-mapping>
        <filter-name>CasSingleSignOutFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


      pages.xml:



      <page view-id="*" action="#{ssoAuthenticator.checkLogin}">



      Two classes: SSOAuthenticator and SSOPages are from the suggestion of CAS site: My Link


      When I remove the CAS SSO, app1 works fine as before.  

      • 477 Views
      • Tags:
        • 1. Re: Strange result of Seam CAS SSO integration
          alartin
          alartin Sep 24, 2009 7:38 AM (in response to alartin)

          It seems that after CAS SSO filter, the Seam pages.xml and xxx.page.xml can not be resolved correctly cause I found the request parameters are passed as before. Can somebody help? Thanks a lot.

            • Actions
          • 2. Re: Strange result of Seam CAS SSO integration
            alartin
            alartin Sep 24, 2009 10:01 AM (in response to alartin)

            After some debugging, I confirm that Seam did not handle navigation properly:


            2009-09-24 15:48:00,566 INFO  [com.mydomain.app1.sso.SSOAuthenticator] *** Check login: was logged in as admin
2009-09-24 15:48:00,566 DEBUG [javax.enterprise.resource.webcontainer.jsf.application] No navigation rule found for null outcome and viewId /Employee.xhtml Explicitly remain on the current view 
2009-09-24 15:48:00,566 DEBUG [org.jboss.seam.Component] trying to inject with hierarchical context search: servletContexts
2009-09-24 15:48:00,566 INFO  [com.mydomain.app1.sso.RequestAction] *** QueryString: /app1/Employee.seam employeeId=1
2009-09-24 15:48:00,566 DEBUG [javax.enterprise.resource.webcontainer.jsf.application] No navigation rule found for null outcome and viewId /Employee.xhtml Explicitly remain on the current view 
2009-09-24 15:48:00,566 DEBUG [org.jboss.seam.jsf.SeamPhaseListener] committing transaction after invoking page actions
2009-09-24 15:48:00,566 DEBUG [org.jboss.seam.transaction.UTTransaction] committing JTA transaction
2009-09-24 15:48:00,566 DEBUG [org.jboss.seam.jsf.SeamPhaseListener] beginning transaction before continuing render



            After I login as admin, I create a new entity of Employee and save it in the database(it is really persisted), It should redirect me to the Employee.xhtml with employeeId(1 in this case), the log info shows that the query string is no problem, but still no navigation rule found. Why? I got really confused by Seam's strange behaviors! Why Seam lost navigation ability after using CAS SSO Filters?

              • Actions
            • 3. Re: Strange result of Seam CAS SSO integration
              choilee Oct 14, 2009 10:13 AM (in response to alartin)
              try change ur sso config to this...


                   <filter>
                        <filter-name>CAS Authentication Filter</filter-name>
                        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
                        <init-param>
                             <param-name>casServerLoginUrl</param-name>
                             <param-value>https:/t/est.org:8443/cas/login</param-value>
                        </init-param>
                      <init-param>
                          <param-name>renew</param-name>
                          <param-value>false</param-value>
                      </init-param>

                      <init-param>
                             <param-name>serverName</param-name>
                             <param-value>http://test.org:8080</param-value>
                        </init-param>
                   </filter>
                   <filter>
                        <filter-name>CAS Validation Filter</filter-name>
                        <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
                        <init-param>
                             <param-name>casServerUrlPrefix</param-name>
                             <param-value>https://test.org:8443/cas</param-value>
                        </init-param>
                        <init-param>
                             <param-name>redirectAfterValidation</param-name> 
                             <param-value>true</param-value>
                        </init-param>
                        <init-param>
                             <param-name>useSession</param-name> 
                             <param-value>true</param-value>
                        </init-param>     
                        <init-param>
                             <param-name>serverName</param-name>

                             <param-value>http://test.org:8080</param-value>
                        </init-param>
                   </filter>
                   <filter>
                        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
                   </filter>
                   <filter>
                        <filter-name>CAS Assertion Thread Local Filter</filter-name>
                        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
                   </filter>

                   <!-- And now, the single sign-out filters -->
                   <filter>
                        <filter-name>CAS Single Sign Out Filter</filter-name>
                        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
                   </filter>



              <!-- Filter mappings in the correct order -->

                   <filter-mapping>
                        <filter-name>CAS Single Sign Out Filter</filter-name>
                        <url-pattern>/*</url-pattern>
                   </filter-mapping>
                   <filter-mapping>
                        <filter-name>CAS Authentication Filter</filter-name>
                        <url-pattern>/*</url-pattern>
                   </filter-mapping>
                   <filter-mapping>
                        <filter-name>CAS Validation Filter</filter-name>
                        <url-pattern>/*</url-pattern>
                   </filter-mapping>
                   <filter-mapping>
                        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                        <url-pattern>/*</url-pattern>
                   </filter-mapping>
                   <filter-mapping>
                        <filter-name>CAS Assertion Thread Local Filter</filter-name>
                        <url-pattern>/*</url-pattern>
                   </filter-mapping>
                   <listener>
                        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
                   </listener>

                • Actions