• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Mail
  • Advanced
  • activity.name

  • People Directory
• Log In

1. Dashboard
2. > CAS Clients
3. > …
4. > Clients
5. > Java Client
6. > Yale Java Client
7. > Using the CAS JSP tags

• Log In

Using the CAS JSP tags

Added by Andrew Petro, last edited by Scott Battaglia on Feb 01, 2007  (view change)

Table of Contents Clients .Net Cas Client .Net Http module Acegi as CAS Client ASP.NET Forms Authentication AuthCAS CAS + Seam Web Applications CAS and JSR-168 CASBar- Toolbar for Firefox 2 CAS Client for Java 3.0 CAS Client for Java 3.1 CASP CAS Proxying with ASP.Net Forms Authentication ColdFusion client script Copy of CAS Client for Java 3.0 ISAPI Filter Java Client JSP Client mod_auth_cas MOD_CAS mod_python auth module PAM Module Perl Client phpCAS Prado client RPM Modules Ruby on Rails CAS Client Seraph as CAS Client Soulwing CAS Client Symfony CAS Client VBScript Virginia Tech CAS Clients WebObjects Client Yale CAS client distribution CASifying Applications CASifying Apache OFBiz CASifying Joomla 1.5 CASifying OpenCms CASifying SharePoint & ASP.NET Web Sites Confluence as CAS Client EZPublish Fisheye and Crucible Roller weblogger Tomcat uPortal Client WordPress Client Zimbra Zope client School Contributed Clients Virginia Tech Yale University

CAS Tag Library The CAS Tag Library is a another way to authenticate users' access to JSP pages. JSP Tags cannot be used in servlets, so if you need CAS protection within a servlet environment, you can use either the CAS Filter or the CAS Java objects (see below); the former is recommended. To use the tag library, once casclient.jar is installed in your web application's /WEB-INF/lib directory, you need to add the following to the top of a JSP page you wish to protect: <%@ taglib uri="http://www.yale.edu/its/tp/cas/version2" prefix="cas" %> <cas:auth var="netID" scope="session"> <cas:loginUrl>https://secure.its.yale.edu/cas/login</cas:loginUrl> <cas:validateUrl>https://secure.its.yale.edu/cas/proxyValidate</cas:validateUrl> <cas:authorizedProxy>https://authorized-proxy1</cas:authorizedProxy> <cas:authorizedProxy>https://authorized-proxy2</cas:authorizedProxy> ... <cas:service>http://service-url</cas:service> </cas:auth> ... <html> <body> <p>Welcome, <%= session.getAttribute("netID") %>!</p> </body> </html> The user will not see any part of the page past the <cas:auth /> tags until he/she has logged in. If the user hasn't logged in yet, a redirect to the CAS login page will be performed. Also provided with the CAS Tag Library is a logout tag: <%@ taglib uri="http://www.yale.edu/its/tp/cas/version2" prefix="cas" %> <%-- first destroy the web application's session --%> <% session.invalidate(); %> <%-- then logout of CAS --%> <cas:logout var="netID" scope="session" logoutUrl="https://secure.its.yale.edu/cas/logout" />

Labels parameters

Labels

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Comments (2)

 

• Hide Comments Show Comments
• Collapse All Collapsing… Expanding… Expand All

1. 

   Jun 29, 2006

   Jason Shao says:

   I had to add <% session.getServletContext().setAttribute("edu.yale.its.tp.cas.se...

   I had to add - <% session.getServletContext().setAttribute("edu.yale.its.tp.cas.serverName",request.getServerName()); %> to get this to work. I'm using a locally modded Yale CAS 2.0.4 (I think) though, so it could be different in later versions.

   • Permalink

   1. 

      Mar 23, 2007

      Andrew Petro says:

      Note that setting the serverName from the request's serverName header is not sec...

      Note that setting the serverName from the request's serverName header is not secure, adding vulnerability to illicit proxies as described in the CASFilter FAQ.

      • Permalink

Powered by a free Atlassian Confluence Open Source Project License granted to Java Architectures Special Interest Group. Evaluate Confluence today.

• Powered by Atlassian Confluence 2.9, the Enterprise Wiki.
• Printed by Atlassian Confluence 2.9, the Enterprise Wiki.
• Bug/feature request –
• Atlassian news –
• Contact administrators