JASIG CAS with JBOSS AS 7 application - jboss7.x

Is there any example how to integrate JASIG CAS with my JBOSS AS 7 application?
So what I have
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://localhost:8443/JAdaptiv/default.action</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
jboss-web.xml:
<jboss-web>
<security-domain>CasSecurityDomain</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
standalone.xml:
<security-domain name="CasSecurityDomain">
<authentication>
<login-module code="org.jasig.cas.client.jaas.CasLoginModule" flag="required">
<module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"/>
<module-option name="casServerUrlPrefix" value="https://localhost:8443/cas"/>
<module-option name="tolerance" value="20000"/>
<module-option name="defaultRoles" value="user"/>
<module-option name="roleAttributeNames" value="memberOf,eduPersonAffiliation,authorities"/>
<module-option name="principalGroupName" value="CallerPrincipal"/>
<module-option name="roleGroupName" value="Roles"/>
<module-option name="cacheAssertions" value="true"/>
<module-option name="cacheTimeout" value="480"/>
</login-module>
</authentication>
</security-domain>
When i'm trying to get rest
http://localhost:8080/myapp/rest/bpm/processdefinitions
I got error message.
JBWEB000065: HTTP Status 403 - JBWEB000015: Access to the requested resource has been denied
Whats wrong?

Related

JasperServer blocked by CORS policy: No 'Access-Control-Allow-Origin'

I'm trying to enable CORS policy in the jasperserver.
I'm using angular HTTPClient to call the API coming from the jasperserver.
Things that I have tried so far.
Modifying the apache-tomcat apache-tomcat\conf\web.xml file
and addding the code below.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern> /* </url-pattern>
</filter-mapping>
which is from the apache-tomcat site.
Also tried to modify the jasperserver\WEB-INF\Web.xml file
and adding the code below
<filter>
<filter-name>CorsFilter2</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
And still no luck and encountering this error.
After struggling for a couple of hours with this, i have it figured out.
You have to disable Jasper's built in CorsFilter altogether, along with adding/mapping your own filter in your tomcat's /webapps/jasperserver/WEB-INF/web.xml. No intervention is needed in the global tomcat web.xml.
<!-- Comment the built-in filter out.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>com.jaspersoft.jasperserver.api.security.csrf.CorsFilter</filter-class>
</filter>
-->
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<!-- Tomcat 8.5+ doesn't allow '*' any longer in conjuction with 'cors.support.credentials' set to true.
Instead, a specific comma separated list has to be set here. See https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 -->
<param-value>http://localhost:9000</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<!--- If requests contain an authorization header, it has to be added here as well -->
<param-value>
Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Remote-Domain,Authorization
</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
.......
<!-- Ensure your newly introduced mapping is first in line -->
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Also comment out any existing mappings for the built-in filter -->
<!--
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*.woff</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*.ttf</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*.svg</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*.eot</url-pattern>
</filter-mapping>
-->

Authentication of java melody integration with LDAP

I am using the following filter in the web.xml of my application, with it I am able to get authentication over java melody page.
How can I integrate this authentication with LDAP? When I login at localhost:8080/application/monitoring, it will ask credentials and they should be validated against LDAP.
Is it possible to achieve this?
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>10\.10\.10\..*|10\.10\.10\.10|10\.10\.10\..*</param-value>
</init-param>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1, user2:pwd2</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
The following is the configuration that needs to be done in web.xml and
1.server.xml in case of tomcat
2.jetty.xml in case of jetty
web.xml code:
==============
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>127.0.0.1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Monitoring</realm-name>
</login-config>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Monitoring</web-resource-name>
<url-pattern>/monitoring</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<!-- if SSL enabled (SSL and certificate must then be configured in the
server) <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
In Tomcat:
===========
Add the following realm in tomcat_home/conf/server.xml
=======================================================
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://ldapip:ldapport/" userSubtree="true"
userBase="ou=xyz,dc=abc,dc=com" userSearch="(uid={0})"
roleBase="ou=Group,dc=abc,dc=com" roleName="cn"
roleSearch="(memberUid={0})" roleSubtree="true"/>
In Jetty:
===========
Add this code in jetty.xml
<Configure id='wac' class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/abc</Set>
<Set name="war"><Property name="jetty.webapps" default="."/>/abc.war</Set>
<Set name="extractWAR">true</Set>
<Set name="securityHandler">
<New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">Monitoring</Set>
<Set name="loginModuleName">ldaploginmodule</Set>
</New>
</Set>
</New>
</Set>
</Configure>
create a file login.conf file in etc folder of jetty_base directory:
ldaploginmodule {
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="ldapip"
port="ldapport"
authenticationmenthod="simple"
forceBindingLogin="true"
userBaseDn="ou=People,dc=abc,dc=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userObjectClass="posixAccount"
roleBaseDn="ou=Group,dc=abc,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="memberUid"
roleObjectClass="posixGroup";
};

Primefaces fileupload uploads only files < 30kb

I'm having problems with my chat project, which i'm building for learning purposes. I'm having a weird little problem with PrimeFaces fileUpload component. It is working fine for a file not larger than 30kb (for larger file it throws HTTP error 400).I'm using PrimeFaces 5.3, Apache commons-io 2.3, Commons-fileupload 1.3. Because this is my learning project, i have uploaded it on public git repository, which is, for better understanding of the problem, accessible here: https://bitbucket.org/salkovich123/testfileupload.git
The fileUpload component is located in file register.xhtml.
I am also sharing my web.xml file here:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.UPLOADER</param-name>
<param-value>auto</param-value>
</context-param>
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>
org.primefaces.webapp.filter.FileUploadFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
This are the header details, which throws HTTP error 400 (bad request)
UPDATE #1
This is most definetly some kind of jQuery problem, because error is thrown in browser console, and no other server side methods are called after thrown error

Change the URL mapping -Javamelody

I'm using Javamelody in my application. I need only root users to access the statistics. Javamelody by default you can access
http://localhost/webapp/monitoring
I need to change it to
http://localhost/webapp/monitor/monitoring
I have done the following filter mapping
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>monitoring-path</param-name>
<param-value>/admin/monitoring</param-value>
</init-param>
</filter>

Update items for selectOneMenu

I'm trying to get the items for a selectOneMenu updated after a file has bee uploaded. To do it, I load the select items at the file upload listener and set the id for the selectOneMenu in the update attribute for the fileUpload component, but the file upload listener is not even called.
I've reproduced the error in a small project I uploaded here http://www.filedropper.com/file-upload
I'm working with PrimeFaces 3.5 on a JBoss AS7.1.3
I can't find what I'm missing. Any ideas?
Thanks in advance
This is the resulting web.xml, including the missing faces servlet declaration and mapping that solved my problem.
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<description>File Upload</description>
<!-- This was missing -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<!-- File upload -->
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>glass-x</param-value>
</context-param>
</web-app>