LogiSima Play Cas Authentification
This module allows you to set up an authentication with a CAS server and to managed authorization. It is based on the Secure module.
Enable LogiSima Play CAS
For play < 1.2
In the conf/application.conf file, enable the LogiSima Play CAS module with this line :
# The logisima play cas module
module.cas=${play.path}/modules/cas-3.1
For play < 1.2
In the conf/dependencies.yml file, enable the LogiSima Play CAS module depency with this adding this line :
require:
- play -> cas 3.1
Import default routes
In the conf/route file, import the default routes by adding this line :
# Import Secure routes
* / module:cas
Module configuration
Configuration for CAS autentification
In the conf/application.conf file, you have to specified cas login, validate and logout urls like this :
cas.validateUrl=https://www.logisima.com/cas/serviceValidate
cas.loginUrl=https://www.logisima.com/cas/loginUrl
cas.logoutUrl=https://www.logisima.com/cas/logoutUrl
application.baseUrl=http://localhost:9000
cas.gateway=false
Configuration for Proxy CASification
In the conf/application.conf file, you have to specified cas.proxyUrl (and optionnaly application.url.ssl) :
cas.proxyUrl=https://www.logisima.com/cas/proxy
application.baseUrl.ssl=https://localhost:8943
NB: “application.baseUrl.ssl” is useful to specify the SSL url of your application. By default, module generate the url with “application.baseUrl” property, and replace http by https
Configuration Mock CAS server
If you don’t want to have a CAS Server on your computer for development purpose,you can activate the CAS Mock Server (Only avaible in DEV mode). To do this, add this line in your appication.conf :
cas.mockserver=true
play.pool=2
Then you will be redirect to the Mock Server, not CAS Server, and you can authenticate with login = password.
NB: play.pool configuration is due that the application do a request to itself. In dev mode and by default, there is only one thread, so the only thread do the request to the application itsefl, and there is no free thread to do the response !
Protect a controller / action
Protect a controller for logged user
To protect a controller, you just have to add this annotation : @With(SecureCAS.class).
Exemple:
@With(SecureCAS.class)
public class Application extends Controller {
public static void index() {
render();
}
}
Protect a controller for a profile
You have to use the @Check annotation to protect a controller for all user with profile "role1"
Exemple:
@With(SecureCAS.class)
@Check(“role1”)
public class Application extends Controller {
public static void index() {
render();
}
}
This annotation will call your own implementation of “Security.check”. You have to create a class that extend “Security” class and to implement your own check function !
Protect an action for a profile
You have to use the @Check annotation to protect a controller for all user with profile "role1"
Exemple:
@With(SecureCAS.class)
public class Application extends Controller {
@Check(“role1”)
public static void index() {
render();
}
}
Add authentification mechanisme
Once your application retrivied the username (login), you have to check the user’s information with your own mechanism. To do this, you just have to create a class in the controllers package that extends the controllers.SecureCAS.Security, and implement the following method :
public static boolean authentify(String username, String password).
Exemple :
package controllers;
public class Security extends SecureCAS.Security {
public static boolean authenticate(String username, String password) {
User user = User.find(“byEmail”, username).first();
return user != null && user.password.equals(password);
}
}
Retrieving the connected user
In your application, if you want to know who is connected (the username /login), you can call the static method Security.connected().
Retrieving a Proxy Ticket
If you have configured the module for proxy-casification, you can retrivied a proxy ticket by calling this static method : CASUtils.getProxyTicket(username, proxyApplicationUrl), where :
- username is the login of the user
- proxyApplicationUrl is the url of the proxy application (application to witch you give the PT)
Exemple :
String myPT = CASUtils.getProxyTicket(Security.connected(), “http://localhost:8080/foo”)