Versions Compared

Old Version 7

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version 8

changes.mady.by.user Andrew Petro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

For instance, this mapping in attribute-map.xml would instruct the SP to map the user's favorite fruit user attribute to an HTTP header named "favFruit".

Code Block
xmlxml
titleConfiguring the SP to map the user's FavoriteFruit user attribute to a header named "favFruit"
xml
<Attribute name="https://example.org/myAttributes/FavoriteFruit" id="favFruit"/>

...

This filter is declared in web.xml like this:

xml
Code Block
xml
titleConfiguring a filter to capture selected HTTP headers and feed them to the Person Directory DAO
xml
<filter>
    <filter-name>HttpHeaderFilter</filter-name>
    <filter-class>edu.jhu.services.persondir.support.http.HttpHeaderFilter</filter-class>
    <init-param>
        <param-name>personDirectoryContextLocation</param-name>
        <param-value>properties/contexts/personDirectoryContext.xml</param-value>
    </init-param>
</filter>
...
<filter-mapping>
    <filter-name>HttpHeaderFilter</filter-name>
    <servlet-name>Login</servlet-name>
</filter-mapping>

The data access object itself is declared something like this:

Code Block
xmlxml
titleDeclaring a HTTP header as a source of a user attribute
xml
<bean id="httpHeaderAttributeSource" class="edu.jhu.services.persondir.support.http.HttpHeaderPersonAttributeDao">
  <constructor-arg>
    <value>edu.jhu.services.persondir.support.http.HttpHeaderPersonAttributeDao</value>
  </constructor-arg>
  <property name="columnsToAttributes">
    <map>
      <entry key="favFruit">
        <value>favorite_fruit</value></entry>
    </map>
  </property>
</bean>

...

This source of user attributes can be declared alongside sources such as RDBMS queries and LDAP queries.

Code Block
xmlxml
titleConfiguring HTTP headers as source of attributes alongside other sources
xml
<bean id="mergedPersonAttributeDao" class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
  <property name="personAttributeDaos">
    <list>
      <ref bean="uPortalJdbcAttributeSource"/>
      <ref bean="uPortalLdapAttributeSource"/>
      <ref bean="httpHeaderAttributeSource"/>
    </list>
  </property>
  <property name="merger">
    <bean class="org.jasig.services.persondir.support.merger.MultivaluedAttributeMerger"/>
  </property>
</bean>

...

JSR-168 portlets can read values of their declared user attributes at runtime via a JSR-168 API:

java
Code Block
java
titleReading a portlet user attribute at runtime in a JSR-168 portlet
java
// in the course of handling a PortletRequest named 'request'
Map userInfo = (Map) request.getAttribute(PortletRequest.USER_INFO);
String surname = (String) userInfo.get("favorite_color");
// presumably, do something interesting based on the user's favorite color...

...

Note
iconfalse
titleExample of the Service URL representing a JSR-168 portlet and the CAS protocol

Suppose that in the portal at https://portal.example.edu/Image Removed there is a portlet web application OrderStatusPortlet.war such that, to the extent that this portlet application is also a servlet application, it answers at https://portal.example.edu/OrderStatusPortlet/Image Removed .

The Service URL of this portlet is therefore https://portal.example.edu/OrderStatusPortlet/Image Removed . The portal will use its Proxy Granting Ticket to obtain a Proxy Ticket for the purpose of authenticating to https://portal.example.edu/OrderStatusPortlet/Image Removed , which it will then present to the portlet as the special JSR-168 user attribute "casProxyTicket".

The Portlet will then validate this ticket with CAS, specifying at validation that it would itself like to obtain a Proxy Granting Ticket and providing to CAS a callback URL at which it would like to receive that Proxy Granting Ticket. CAS calls back to a URL like

https://portal.example.edu/OrderStatusPortlet/proxyTicketReceptorImage Removed

providing a Proxy Granting Ticket which authenticates the chain of user-portal-portlet. The portlet then uses this Proxy Granting Ticket to obtain Proxy Tickets for the purpose of authenticating to specific backing services.

...

A JSR-168 portlet so provisioned would then read the SAML assertion as a user attribute at runtime via the JSR-168 user attribute API:

Code Block
javajava
titleReading the 'samlAssertion' portlet user attribute at runtime in a JSR-168 portlet
java
// in the course of handling a PortletRequest named 'request'
Map userInfo = (Map) request.getAttribute(PortletRequest.USER_INFO);
String surname = (String) userInfo.get("samlAssertion");
// make use of this Assertion to authenticate to backing services via the Portlet Client Library to be designed below...

...