Community contributed extensions

LogiSima Play Cas Authentification



This module allows you to set up an authentication with a CAS server and to managed authorization. It is based on the Secure module.

Enable LogiSima Play CAS


For play < 1.2



In the conf/application.conf file, enable the LogiSima Play CAS module with this line :



	
    # The logisima play cas module
    module.cas=${play.path}/modules/cas-3.1

For play < 1.2



In the conf/dependencies.yml file, enable the LogiSima Play CAS module depency with this adding this line :



	
        require:    
    	  - play -> cas 3.1

Import default routes



In the conf/route file, import the default routes by adding this line :



	
	# Import Secure routes
	*    /    module:cas

Module configuration


Configuration for CAS autentification



In the conf/application.conf file, you have to specified cas login, validate and logout urls like this :



	
	cas.validateUrl=https://www.logisima.com/cas/serviceValidate
	cas.loginUrl=https://www.logisima.com/cas/loginUrl
	cas.logoutUrl=https://www.logisima.com/cas/logoutUrl
	application.baseUrl=http://localhost:9000
	cas.gateway=false

Configuration for Proxy CASification



In the conf/application.conf file, you have to specified cas.proxyUrl (and optionnaly application.url.ssl) :



	
		cas.proxyUrl=https://www.logisima.com/cas/proxy
		application.baseUrl.ssl=https://localhost:8943

NB: “application.baseUrl.ssl” is useful to specify the SSL url of your application. By default, module generate the url with “application.baseUrl” property, and replace http by https

Configuration Mock CAS server



If you don’t want to have a CAS Server on your computer for development purpose,you can activate the CAS Mock Server (Only avaible in DEV mode). To do this, add this line in your appication.conf : 



	
		cas.mockserver=true
		play.pool=2


Then you will be redirect to the Mock Server, not CAS Server, and you can authenticate with login = password.



NB: play.pool configuration is due that the application do a request to itself. In dev mode and by default, there is only one thread, so the only thread do the request to the application itsefl, and there is no free thread to do the response !


Protect a controller / action


Protect a controller for logged user



To protect a controller, you just have to add this annotation : @With(SecureCAS.class).




Exemple:



	
	@With(SecureCAS.class)
	public class Application extends Controller {
	    
	    public static void index() {
	        render();
	    }
	    
	}

Protect a controller for a profile



You have to use the @Check annotation to protect a controller for all user with profile "role1"




Exemple:



	
	@With(SecureCAS.class)
	@Check(“role1”)
	public class Application extends Controller {
	    
	    public static void index() {
	        render();
	    }
	    
	}

This annotation will call your own implementation of “Security.check”. You have to create a class that extend “Security” class and to implement your own check function !

Protect an action for a profile



You have to use the @Check annotation to protect a controller for all user with profile "role1"




Exemple:



	
	@With(SecureCAS.class)
	public class Application extends Controller {
	    
	    @Check(“role1”)
	    public static void index() {
	        render();
	    }
	    
	}

Add authentification mechanisme



Once your application retrivied the username (login), you have to check the user’s information with your own mechanism. To do this, you just have to create a class in the controllers package that extends the controllers.SecureCAS.Security, and implement the following method :


public static boolean authentify(String username, String password).




Exemple : 



	
	package controllers;
	 
	public class Security extends SecureCAS.Security {
	    
	    public static boolean authenticate(String username, String password) {
	        User user = User.find(“byEmail”, username).first();
	        return user != null && user.password.equals(password);
	    }    
	    
	}

Retrieving the connected user


In your application, if you want to know who is connected (the username /login), you can call the static method Security.connected().

Retrieving a Proxy Ticket



If you have configured the module for proxy-casification, you can retrivied a proxy ticket by calling this static method : CASUtils.getProxyTicket(username, proxyApplicationUrl), where :




Exemple :



	
	String myPT = CASUtils.getProxyTicket(Security.connected(), “http://localhost:8080/foo”)