Commit b749abc5 authored by Misagh Moayyed's avatar Misagh Moayyed
Browse files

removed restlet

parent 859fbc1f
......@@ -107,7 +107,6 @@ in the overlay (1):
| | cas-servlet.xml
| | cas.properties
| | deployerConfigContext.xml
| | restlet-servlet.xml
| | web.xml
| |
| +---spring-configuration
......
---
layout: default
title: CAS - CAS REST Protocol (Deprecated)
---
#REST Protocol
The REST protocol allows one to model applications as users, programmatically acquiring service tickets to authenticate to other applications. This means that other applications would be able to use a CAS client to accept Service Tickets rather than to rely upon another technology such as client SSL certificates for application-to-application authentication of requests. This is achieved by exposing a way to RESTfully obtain a Ticket Granting Ticket and then use that to obtain a Service Ticket.
<div class="alert alert-danger"><strong>Deprecated Module!</strong><p>Note that the instructions in this document refer to a deprecated REST module. Please <a href='REST-Protocol.html'>use this document instead</a> if you plan to turn on the CAS server's REST API.</p></div>
<div class="alert alert-warning"><strong>Usage Warning!</strong><p>The REST endpoint may become a tremendously convenient target for brute force dictionary attacks on CAS server. Enable support only soberly and with due consideration of security aspects.</p></div>
#Components
By default the CAS RESTful API is configured in the `restlet-servlet.xml`, which contains the routing for the tickets. It also defines the resources that will resolve the URLs. The `TicketResource` defined by default (which can be extended) accepts username/password.
Support is enabled by including the following in your `pom.xml` file:
{% highlight xml %}
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-integration-restlet</artifactId>
<version>${cas.version}</version>
</dependency>
{% endhighlight %}
REST support is currently provided internally by the [Restlet framework](http://restlet.org/).
#Configuration
To turn on the protocol, add the following to the `web.xml`:
{% highlight xml %}
<servlet>
<servlet-name>restlet</servlet-name>
<servlet-class>org.restlet.ext.spring.RestletFrameworkServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>restlet</servlet-name>
<url-pattern>/v1/*</url-pattern>
</servlet-mapping>
{% endhighlight %}
#Protocol
##Request a Ticket Granting Ticket
###Sample Request
{% highlight bash %}
POST /cas/v1/tickets HTTP/1.0
username=battags&password=password&additionalParam1=paramvalue
{% endhighlight %}
###Sample Response
####Successful Response
{% highlight bash %}
201 Created
Location: http://www.whatever.com/cas/v1/tickets/{TGT id}
{% endhighlight %}
####Unsuccessful Response
If incorrect credentials are sent, CAS will respond with a 400 Bad Request error (will also respond for missing parameters, etc.). If you send a media type it does not understand, it will send the 415 Unsupported Media Type.
##Request a Service Ticket
###Sample Request
{% highlight bash %}
POST /cas/v1/tickets/{TGT id} HTTP/1.0
service={form encoded parameter for the service url}
{% endhighlight %}
###Sample Response
####Successful Response
{% highlight bash %}
200 OK
ST-1-FFDFHDSJKHSDFJKSDHFJKRUEYREWUIFSD2132
{% endhighlight %}
####Unsuccessful Response
CAS will send a 400 Bad Request. If an incorrect media type is sent, it will send the 415 Unsupported Media Type.
##Logout
{% highlight bash %}
DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie HTTP/1.0
{% endhighlight %}
......@@ -4,14 +4,21 @@ title: CAS - CAS REST Protocol
---
# REST Protocol
The REST protocol allows one to model applications as users, programmatically acquiring service tickets to authenticate to other applications. This means that other applications would be able to use a CAS client to accept Service Tickets rather than to rely upon another technology such as client SSL certificates for application-to-application authentication of requests. This is achieved by exposing a way to RESTfully obtain a Ticket Granting Ticket and then use that to obtain a Service Ticket.
The REST protocol allows one to model applications as users, programmatically acquiring
service tickets to authenticate to other applications. This means that other applications would be able
to use a CAS client to accept Service Tickets rather than to rely upon another technology such as
client SSL certificates for application-to-application authentication of requests. This is achieved
by exposing a way to RESTfully obtain a Ticket Granting Ticket and then use that to obtain a Service Ticket.
<div class="alert alert-warning"><strong>Usage Warning!</strong><p>The REST endpoint may become a tremendously convenient target for brute force dictionary attacks on CAS server. Enable support only soberly and with due consideration of security aspects.</p></div>
<div class="alert alert-info"><strong>Restlet Module</strong><p>If you are looking for the Restlet implementation of the CAS REST API, you will find the instructions <a href="REST-Protocol-Deprecated.html">here in this document</a>.</p></div>
<div class="alert alert-warning"><strong>Usage Warning!</strong><p>The REST endpoint may
become a tremendously convenient target for brute force dictionary attacks on CAS server. Enable support
only soberly and with due consideration of security aspects.</p></div>
# Components
By default the CAS REST API is configured to add routing for the tickets. It also defines the resources that will resolve the URLs. The `TicketResource` defined by default (which can be extended) accepts username/password.
By default the CAS REST API is configured to add routing for the tickets. It
also defines the resources that will resolve the URLs. The `TicketResource` defined by
default (which can be extended) accepts username/password.
Support is enabled by including the following in your `pom.xml` file:
......@@ -38,22 +45,6 @@ To turn on the protocol, add the following to the `web.xml`:
</servlet-mapping>
{% endhighlight %}
...or delete the `web.xml` in the overlay altogether if there are no other customizations there as this mapping is provided by CAS' webapp module's `web.xml` out of the box.
Please note that if there are local customizations in overlay's `web.xml`, the following `contextConfigLocation` `<context-param>` must also be added in order to enable the new REST module: `classpath*:/META-INF/spring/*.xml`. So the entire context-param block would look like this:
{% highlight xml %}
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-configuration/*.xml
/WEB-INF/deployerConfigContext.xml
classpath*:/META-INF/spring/*.xml
</param-value>
</context-param>
{% endhighlight %}
#Protocol
##Request a Ticket Granting Ticket
......@@ -77,7 +68,9 @@ Location: http://www.whatever.com/cas/v1/tickets/{TGT id}
####Unsuccessful Response
If incorrect credentials are sent, CAS will respond with a 400 Bad Request error (will also respond for missing parameters, etc.). If you send a media type it does not understand, it will send the 415 Unsupported Media Type.
If incorrect credentials are sent, CAS will respond with a 400 Bad Request error
(will also respond for missing parameters, etc.). If you send a media type
it does not understand, it will send the 415 Unsupported Media Type.
##Request a Service Ticket
......@@ -97,7 +90,8 @@ service={form encoded parameter for the service url}
ST-1-FFDFHDSJKHSDFJKSDHFJKRUEYREWUIFSD2132
{% endhighlight %}
####Unsuccessful Response
CAS will send a 400 Bad Request. If an incorrect media type is sent, it will send the 415 Unsupported Media Type.
CAS will send a 400 Bad Request. If an incorrect media type is
sent, it will send the 415 Unsupported Media Type.
##Logout
......
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd">
<context:annotation-config/>
<bean id="root" class="org.restlet.ext.spring.SpringRouter" p:attachments-ref="attachmentsMap"/>
<util:map id="attachmentsMap">
<entry key="/tickets">
<bean class="org.restlet.ext.spring.SpringFinder">
<lookup-method name="create" bean="ticketResource"/>
</bean>
</entry>
<entry key="/tickets/{ticketGrantingTicketId}">
<bean class="org.restlet.ext.spring.SpringFinder">
<lookup-method name="create" bean="ticketGrantingTicketResource"/>
</bean>
</entry>
</util:map>
<bean id="ticketResource" class="org.jasig.cas.integration.restlet.TicketResource" scope="prototype"/>
<bean id="ticketGrantingTicketResource" class="org.jasig.cas.integration.restlet.TicketGrantingTicketResource"
scope="prototype"/>
</beans>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment