Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-23187

Allow login filters to be configured outside of the login tool. Useful for CAS/Shibboleth and other types of sign on extensions.



    • Type: (Deprecated) Contributed Patch
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.0
    • Component/s: Login
    • Labels:


      In order to wire up CAS or shibboleth or other SSO/container integrations in Sakai. Typically, you need to add some filters to the login tools web.xml. This means you have to modify the web.xml to maintain your integrations. This complicates the deployment process and creates management issues between local mods and community code. It would be better if the filter config could be external to the tool itself.

      This patch address this issue. It builds on Spring's DelegatingFilterProxy

      You simply configure and wire your filters in a Spring config file following the docs for DelegatingFilterProxy, and place a files called xlogin-context.xml in your sakai home directory. There is a new spring context listener that will find it and create a spring context and wire up those filters to the webapp. In this way implementors can keep their local CAS config external to the webapp.

      With INFO turned on for login tool, if you have a xlogin-context.xml startup will look like this:

      2013-01-29 23:50:30,273 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from file [/Users/jbush/Dev/tools/apache-tomcat-7.0.27-cle28/sakai/xlogin-context.xml]
      2013-01-29 23:50:30,362 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.sakaiproject.login.tool.ContainerLogin - init()
      2013-01-29 23:50:30,363 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.sakaiproject.login.tool.SkinnableLogin - init()

      Without one it will look like this:

      2013-01-29 23:52:00,957 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.sakaiproject.login.springframework.SakaiHomeContextLoader - org.apache.catalina.core.ApplicationContextFacade@1f16ae0 startup is skipping introspection of the resource: /Users/jbush/Dev/tools/apache-tomcat-7.0.27-cle28/sakai/xlogin-context.xml because it does not exist.
      2013-01-29 23:52:00,965 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.sakaiproject.login.springframework.SafeDelegatingFilterProxy - can't find a valid Spring context or a bean with name: org.springframework.security.util.FilterChainProxy so no filter proxying for you!
      2013-01-29 23:52:00,965 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.sakaiproject.login.tool.ContainerLogin - init()
      2013-01-29 23:52:00,967 INFO ContainerBackgroundProcessor[StandardEngine[Catalina]] org.sakaiproject.login.tool.SkinnableLogin - init()

      In addition this will help anyone attempting to get CAS setting correct, as you can modify the xlogin-context.xml file in the sakai.home folder, and then touch the sakai-login-tool/WEB-INF/web.xml to recycle the app. This is a much faster way to fiddle then recycling the whole tomcat.

      You will still have to add any dependencies, into the webapp. At rSmart we simply always include the cas and shibboleth jars our login tool. Alternatively as a community we might want some maven build profiles included to help with that.

        Gliffy Diagrams



            1. SAK-23187.patch
              12 kB
            2. xlogin-context.patch
              2 kB
            3. xlogin-context.xml
              3 kB

              Issue Links



                  jbush John Bush
                  jbush John Bush
                  0 Vote for this issue
                  8 Start watching this issue



                      Git Integration