New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add 'unauthorizedRedirectUrl' usable for pac4j module #3138
Conversation
Thanks very much for the change. A number of comments:
|
|
try { | ||
final TicketGrantingTicket tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult); | ||
WebUtils.putTicketGrantingTicketInScopes(context, tgt); | ||
} catch (final PrincipalException e) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably should be catching Exception
. Right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I catch only the exception I need in that case and I redirect it to the proper page, if I catch more, I am not sure the page will represent really the exception. As you wish, tell me and I'll make it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool. Thanks for the note. This is fine as is.
final TicketGrantingTicket tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult); | ||
WebUtils.putTicketGrantingTicketInScopes(context, tgt); | ||
} catch (final PrincipalException e) { | ||
LOGGER.warn("Could not grant service ticket [{}]. Routing to [{}]", e.getMessage(), CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The log message here is incorrect. You're not granting service tickets here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kind of copy that part, but the message from "RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService" is 'LOGGER.warn("Cannot grant access to service [{}] because it is not authorized for use by [{}].", service.getId(), principalId);', It was pretty close for me which comes from the initial error.
I will remove and add a simpler one.
final ActionState actionState = createActionState(flow, "P4jFailure", | ||
createEvaluateAction(CasWebflowConstants.ACTION_ID_AUTHENTICATION_EXCEPTION_HANDLER)); | ||
|
||
actionState.getEntryActionList().add(createEvaluateAction("initialFlowSetupP4jAction")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The action name must be changed too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
setStartState(flow, actionState); | ||
} | ||
|
||
private void createAuthnFailureAction(final Flow flow){ | ||
final ActionState actionState = createActionState(flow, "P4jFailure", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The action id must be changed too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -66,9 +70,23 @@ private void createClientActionActionState(final Flow flow) { | |||
actionState.getTransitionSet().add(createTransition(CasWebflowConstants.TRANSITION_ID_ERROR, getStartState(flow).getId())); | |||
actionState.getTransitionSet().add(createTransition(DelegatedClientAuthenticationAction.STOP, | |||
DelegatedClientAuthenticationAction.STOP_WEBFLOW)); | |||
createTransitionForState(actionState, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, "P4jFailure"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The failure event id must be changed too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Sounds like a better idea to me. Override bits that you need, if any, while delegating much of the work to the InitialAction class. Thanks for your help. |
I tried to override, but private method gives a little less flexibility. It means it didn't change that much the class except we know where it comes from. :) |
…jInitialFlowSetupAction with InitialFlowSetupAction
No. It simply means you need to take the method off of private. Otherwise, there'd be no point in extending the class. |
Changes have been applied |
Looks great. Thank you. Please post the same changeset for the master branch |
I made the changes on master #3172 |
|
@cifren what's the status of this PR (and the one for the master)? I guess you just miss some dependencies to make the build pass. Did you test it? |
I didn't take the time to do it and I went traveling... I'll take care of it in the next days |
Excellent! Keep me posted if you need some additional help with testing. |
Yes tell me how to test it ? How should I do ? On my part, I use the gradle overlay, I test all my files by putting them into src. After that I have copied one by one those files into the repository apereo/cas, for me everything was good. I suppose that is not the way I should process... Must I generate a war from that modified apereo/cas and copy it over the overlay ? |
It depends a bit on the changes: for limited changes, I generally copy/paste the CAS classes in my overlay to change them and test things quickly. Then, I copy the changes into the CAS sources. It seems it's what you do. Or for more global changes, I make the changes in the CAS source code, rebuild and install only the necessary modules, rebuild my overlay (based on the related SNAPSHOT) and test the changes. |
If I only copy the files how can I test like @mmoayyed does ? How would you "rebuild and install only the necessary modules" in CAS project ? |
Ok never mind the last question, I cloned CAS project and I ran "./gradlew -q :support:cas-server-support-pac4j-authentication:build" and gave me the jar Is it working now ? |
By "rebuild and install", I mean "./gradlew clean build install -p module", with "-p" to just build a module and not the whole project which takes too much time. So here is the process for big changes (like this one):
Is it clear now? |
Yes thank you very much for this explaination, the solution I found kind of did the same. I could not make the overlay work with my solution, but it should be ok, the compilation worked. |
Your test should go further than just "the compilation worked", but I guess you test the change in some CAS overlay, don't you? |
Sorry, it took me a while to get time to work on it. I made it perfect (as much as I could) I ran the checkstyle, javadoc and created a jar that I sent to an overlay and all is working fine !! Is it good on your part ? |
re-open the pull request please, merge with 5.2.x and get the build to pass. repeat the same exact exercise for master. Happy to merge then. (We should try to merge both at the same time to avoid feature imbalance) |
@leleuj speaking of which btw, a couple of oauth-related tests are failing in 5.2.x as a result of the last change done to scope redirect urls to codes, etc. Would you mind taking a look, and fixing those? |
@mmoayyed Sure, I'll do that on Friday. I'll certainly cut the pac4j v3 release as well, I know you were expecting it very soon... |
Excellent. We have been banging on RC1 for a while with no issues yet and have several projects running on CAS 5.3 RC4 which includes that as well. Thanks for the notice. Look forward to the final release. I might selfishly ask that you cut an RC2 first so that we can test any upcoming changes and then align the final release of pac4j with CAS 5.3. But, of course, do whatever makes better sense. |
How to re-open the pull request ? Should I create a new one ? I did a git rebase 5.2.x is it good ? |
Yes, that is perfect. Thank you. |
I dont have the "Reopen and comment" button, I am not sure why |
You may want to start a new pull request. It looks the underlying branch was either force-pushed or recreated somehow. |
See #3293 |
P4j had a crash when trying to use the service option 'unauthorizedRedirectUrl'.
I had to :
How to test it :
What should happen :
What is happening :
Where to find the example code used in this modifications :