2

I'm trying to integrate CAS auth in our web services and use the Jasig CAS server (v. 4.2) which is Spring-based webapp.

Unfortunately, Jasig CAS server can only use service ID for redirection after successful login. It is unacceptable, because CAS server is located behind reverse proxy and we dont' use DNS. So, login URL looks like:

http://a.b.c.d/cas/login?service=http://x.x.x.x/context-path/auth-entry-point

where

  • a.b.c.d - external (proxy) IP address
  • x.x.x.x - internal (service / CAS client) IP address

I've read Jasig docs, but found no way to obfuscate service URL. For now i'm trying to implement custom logic. I want to pass redirect url as separate param:

http://a.b.c.d/login?service=<serviceUID_like_YYY-YYY-YYY>&redirect=<base64_encoded_URL>

.. and use this param for redirection instead of service ID.

According to doc Jasig CAS uses Spring Webflow to implement login scenario (login-webflow.xml). And that's the place where redirection caused:

<end-state id="redirectView" view="externalRedirect:#{requestScope.response.url}"/>

Since i'm not familiar with Spring Weblow the question is:

How can i receive "redirect" URL param, decode and use it for redirection?

P.S. Sorry for my bad english, i hope it's at least parseable :-)

JDoeNext
  • 41
  • 3

1 Answers1

2

Ok, it was quite simple. For anyone who interested:

Create custom service bean under org.jasig.cas.* package:

package org.jasig.cas.usercustom;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.Base64Utils;

@Component("userCustomRedirectHelper")
public class RedirectHelper {

    final static Logger logger = LoggerFactory.getLogger(RedirectHelper.class);

    public String decodeURLFromString(String src) {
        String url = new String(Base64Utils.decodeFromString(src));
        logger.debug("Redirect URL: " + src);
        return url;
    }
}

Modify login-webflow.xml as follows:

<on-start>
    <!-- get redirect param, decode and place into flowScope -->
    <evaluate expression="userCustomRedirectHelper.decodeURLFromString(requestParameters.redirect)" result="flowScope.customRedirectURL" />
</on-start>

<!-- redirect -->
<end-state id="redirectView" view="externalRedirect:#{flowScope.customRedirectURL}"/>
JDoeNext
  • 41
  • 3