Ray,
In my log4j2.xml I have this
<AsyncLogger
name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
level="debug"/>
<AsyncLogger
name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
level="debug"/>
When access is granted I have this in my logs
8430:2019-06-03 14:13:39,963 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Initiating attributes release phase for principal [student1.stu] accessing
service [https://castete.univ.com/cas/status/dashboard] defined by
registered service [^https://castete.univ.com/cas/status/dashboard
(\z|/.*)]...>
8431:2019-06-03 14:13:39,972 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Locating principal attributes for [student1.stu]>
8432:2019-06-03 14:13:39,973 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Using principal attribute repository
[DefaultPrincipalAttributesRepository()] to retrieve attributes>
8433:2019-06-03 14:13:39,974 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Found principal attributes [{supannAliasLogin=[student1.stu],
udlAccountStatus=[Active]}] for [student1.stu]>
8434:2019-06-03 14:13:39,976 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
attributes for [student1.stu]>
8435:2019-06-03 14:13:39,977 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Attribute policy [ReturnAllAttributeReleasePolicy] allows release of
[{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
[student1.stu>
8436:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Attempting to merge policy attributes and default attributes>
8437:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Checking default attribute policy attributes>
8438:2019-06-03 14:13:39,985 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Located application context. Retrieving default attributes for release, if
any>
8439:2019-06-03 14:13:39,988 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes for release are: [[]]>
8440:2019-06-03 14:13:39,993 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes found to be released are [{}]>
8441:2019-06-03 14:13:39,993 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Adding default attributes first to the released set of attributes>
8442:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Adding policy attributes to the released set of attributes>
8443:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Finalizing attributes release phase for principal [student1.stu] accessing
service [https://castete.univ.com/cas/status/dashboard] defined by
registered service [^https://castete.univ.com/cas/status/dashboard
(\z|/.*)]...>
8444:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Final collection of attributes allowed are:
[{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]>
8430:2019-06-03 14:13:39,963 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Initiating attributes release phase for principal [student1.stu] accessing
service [https://castete.univ.com/cas/status/dashboard] defined by
registered service [^https://castete.univ.com/cas/status/dashboard
(\z|/.*)]...>
8431:2019-06-03 14:13:39,972 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Locating principal attributes for [student1.stu]>
8432:2019-06-03 14:13:39,973 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Using principal attribute repository
[DefaultPrincipalAttributesRepository()] to retrieve attributes>
8433:2019-06-03 14:13:39,974 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Found principal attributes [{supannAliasLogin=[student1.stu],
udlAccountStatus=[Active]}] for [student1.stu]>
8434:2019-06-03 14:13:39,976 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
attributes for [student1.stu]>
8435:2019-06-03 14:13:39,977 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Attribute policy [ReturnAllAttributeReleasePolicy] allows release of
[{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
[student1.stu]>
8436:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Attempting to merge policy attributes and default attributes>
8437:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Checking default attribute policy attributes>
8438:2019-06-03 14:13:39,985 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Located application context. Retrieving default attributes for release, if
any>
8439:2019-06-03 14:13:39,988 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes for release are: [[]]>
8440:2019-06-03 14:13:39,993 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes found to be released are [{}]>
8441:2019-06-03 14:13:39,993 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Adding default attributes first to the released set of attributes>
8442:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Adding policy attributes to the released set of attributes>
8443:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Finalizing attributes release phase for principal [student1.stu] accessing
service [https://castete.univ.com/cas/status/dashboard] defined by
registered service [^https://castete.univ.com/cas/status/dashboard
(\z|/.*)]...>
8444:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Final collection of attributes allowed are:
[{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]>
But when I try to test my waiting/blocked acc access is denied. In my logs
I just have ldaptive DEBUG
2019-06-03 14:50:45,673 INFO [org.ldaptive.auth.Authenticator] -
<Authentication succeeded for dn: uid=82853,ou=accounts,dc=univ,dc=com>
2019-06-03 14:50:45,673 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1390045036::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1074313305::config=[org.ldaptive.ConnectionConfig@1599162410::ldapUrl=ldap://ldap.univ.com,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@1022689743::credentialConfig=null,
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@5afc0982,
hostnameVerifierConfig=null, enabledCipherSuites=null,
enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true,
useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@202489594::bindDn=uid=reverseproxy,ou=ldapusers,dc=univ,dc=com,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@59d4b74a],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@156261501::metadata=[ldapUrl=ldap://ldap.univ.com,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1341079820::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@6a7e6832,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@390a5cde],
result=true, resultCode=SUCCESS, message=null, controls=null] for
dn=uid=82853,ou=accounts,dc=univ,dc=com with
request=[org.ldaptive.auth.AuthenticationRequest@1020927553::user=[org.ldaptive.auth.User@86711528::identifier=student1.stu,
context=null], returnAttributes=[udlAccountStatus, supannAliasLogin],
controls=null]>
2019-06-03 14:50:45,675 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: student1.stu
WHAT: Supplied credentials:
[UsernamePasswordCredential(username=student1.stu)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Mon Jun 03 14:50:45 CEST 2019
CLIENT IP ADDRESS: 134.206.4.15
SERVER IP ADDRESS: 194.254.129.15
=============================================================
>
2019-06-03 14:50:45,677 WARN
[org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Cannot
grant access to service [https://castete.univ.com/cas/status/dashboard]
because it is not authorized for use by [student1.stu].>
2019-06-03 14:50:45,678 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: student1.stu
WHAT: [result=Service Access
Denied,service=https://castete.univ.com/cas/sta...,principal=SimplePrincipal(id=student1.stu,
attributes={udlAccountStatus=[Active],
supannAliasLogin=[student1.stu]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Jun 03 14:50:45 CEST 2019
CLIENT IP ADDRESS: 134.206.4.15
SERVER IP ADDRESS: 194.254.129.15
=============================================================
Dont know if I have configured logs correctly because I dont see whats
happening when access is denied...
thanks for your time...
Debian,
Ray,
>
> Thanks a lot for your response.
> If it is neither 'blocked' nor 'waiting' access should be granted
>
> Debian,
>
> Debian,
>>
>> To know what is happening in your code, add logging statements!!!
>>
>> If you modify your code, you have to remember to un-modify it. Too easy
>> to forget a change and release to production.
>>
>> I have not used groovy scripting in CAS. Can you write unit tests? This
>> will let you know that your logic is correct.
>> Logging and unit tests can both be permanent in your code base. Logging
>> can be adjusted at runtime (log4j2.xml) in case an unexpected behaviour
>> shows up.
>>
>> If you are going to test runtime behaviour (different redirects) you should
>> have need test users with appropriate attributes (at least 3 in your
>> case). Or modify one user at the attribute store.
>>
>> Testing is important! Make sure you have all the parts you need.
>>
>> As far as why the code is not working, is it possible that
>> getUnauthorizedRedirectUrl is called before
>> doPrincipalAttributesAllowServiceAccess? You can check this with logging
>> (easy way) or trace the method calls in CAS source (more challenging).
>>
>> In getUnauthorizedRedirectUrl, there is no default case. What happens if
>> it is neither 'Blocked' nor 'Waiting'?
>>
>> Ray
>>
>> On Wed, 2019-05-29 at 01:37 -0700, Debian HNT wrote:
>>
>> Hi Ray,
>>
>> I'm trying to implement dynamic url redirect, here's my code :
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>> import java.net.URI
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> final String accountStatus
>>
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attribu$
>> if(attributes.get('udlAccountStatus').contains('Active')) {
>> this.accountStatus == 'Active'
>> return true
>> } else if
>> (attributes.get('udlAccountStatus').contains('Waiting')) {
>> this.accountStatus == 'Waiting'
>> return false
>> } else if
>> (attributes.get('udlAccountStatus').contains('Blocked')) {
>> this.accountStatus == 'Blocked'
>> return false
>>
>> } else {
>> return false
>> }
>> }
>>
>> @Override
>> java.net.URI getUnauthorizedRedirectUrl() {
>> if (this.accountStatus == 'Blocked') {
>> return new URI('https://cas-univ.com/blocked.html')
>> } else if (this.accountStatus == 'Waiting') {
>> return new URI('https://cas-univ.com/waiting.html')
>> }
>> }
>> }
>>
>> For Active account it works, but when I try waiting or blocked account,
>> my access is denied (CAS message, no erros logs). I don't have a
>> blocked/waiting account so I set my code like this to try :
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attribu$
>> if(attributes.get('udlAccountStatus').contains('Active')) {
>> this.accountStatus == 'Waiting'
>> return false
>> } else if
>> (attributes.get('udlAccountStatus').contains('Waiting)) {
>> this.accountStatus == 'Waiting'
>> return false
>> } else if
>> (attributes.get('udlAccountStatus').contains('Blocked')) {
>> this.accountStatus == 'Blocked'
>> return false
>>
>> } else {
>> return false
>> }
>> }
>> @Override
>> java.net.URI getUnauthorizedRedirectUrl() {
>> if (this.accountStatus == 'Blocked') {
>> return new URI('https://cas-univ.com/blocked.html')
>> } else if (this.accountStatus == 'Waiting') {
>> return new URI('https://cas-univ.com/waiting.html')
>> }
>> }
>> }
>>
>> any suggest? is my code correct?
>>
>>
>> Thanks in advance..
>>
>>
>> Hi Ray,
>>
>> Thanks for your response and idea, I managed to make it work !
>>
>> Best regards,
>>
>> Debian,
>>
>> 'Principal' is what the logged in user is called. Think of it as a box
>> containing id, attributes, etc.
>>
>> Ray
>>
>> On Mon, 2019-05-27 at 04:31 -0700, Debian HNT wrote:
>>
>>
>> Hi Ray,
>>
>> It is a message that CAS is displaying "Service access denied due to
>> missing privileges."
>>
>>
>> Here's the logs
>>
>> 2019-05-27 13:02:15,646 WARN
>> [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
>> <Unauthorized service access for principal; CAS will be redirecting to [
>> https://castete.univ.com/aide/blocked.html]>
>> 2019-05-27 13:02:53,173 WARN
>> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Cannot
>> grant access to service [https://castete.univ.com/cas/status/dashboard]
>> because it is not authorized for use by [student.stu].>
>> 2019-05-27 13:02:53,174 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> WHO: audit:unknown
>> WHAT: [result=Service Access Denied,service=
>> https://castete.univ.com/cas/sta...,principal=SimplePrincipal(id=
>> student.stu, attributes={udlAccountStatus=[Active], supannAliasLogin=
>> [student.stu]}),requiredAttributes={}]
>> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
>> APPLICATION: CAS
>> WHEN: Mon May 27 13:02:53 CEST 2019
>>
>> I feel like the code doesnt work because my student.stu has his
>> udlAccountStatus to Active so I should access to the service?
>> Can you explain me the "String principal"? not sure if I understand
>> correctly...
>>
>> thanks for your time,
>>
>> Debian,
>>
>> When you say 'access is denied', is that a message that CAS is displaying
>> or is that your service (admusers.properties sounds like your service)?
>>
>> Check CAS logs to see what is happening (you may need to add logging to
>> you custom code).
>>
>> Ray
>>
>> On Fri, 2019-05-24 at 00:01 -0700, Debian HNT wrote:
>>
>> Hello Ray,
>>
>> Thanks for your answer, the conf seems to be ok, I can access to the log
>> in page of the service but when I try to connect with my ID, the access is
>> denied.
>> Before using groovy script I was able to access the service... I've
>> checked my admusers.properties and my account is set to ROLE_ADMIN
>>
>> The boolean isServiceAccessAllowed is "return true"
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> Thanks in advance
>>
>> Debian,
>>
>> Skip the for loop. If you know the attribute key, check it directly
>> (sorry about the use of map in my previous example):
>>
>> if ('Active' == attributes.get('udlAccountStatus'))
>>
>>
>> Also, from a programming perspective, entrySet returns a
>> Set<Map.Entry<String, Object>>.
>>
>> Ray
>>
>> On Thu, 2019-05-23 at 06:59 -0700, Debian HNT wrote:
>>
>> Ray,
>>
>> Excuse me for the inconvenience but I still have errors...
>>
>> I've tried your syntax
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == map.get('udlAccountStatus')) {return true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>>
>> I have this error
>> 2019-05-23 15:46:04,201 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No such property: map for class: GroovyRegisteredAccessStrategy>
>> groovy.lang.MissingPropertyException: No such property: map for class:
>> GroovyRegisteredAccessStrategy
>>
>> I've tried this
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == entry.getKey('udlAccountStatus')) {return
>> true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>> but I have this error
>> 2019-05-23 15:38:52,086 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No signature of method: java.util.LinkedHashMap$Entry.getKey() is
>> applicable for argument types: (java.lang.String) values: [udlAccountStatus]
>> Possible solutions: getKey(), getAt(java.lang.String), notify(), grep(),
>> every(), every(groovy.lang.Closure)>
>>
>> When I try to use the Possible solutions with getKey()
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == getKey('udlAccountStatus')) {return true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>> I have this error
>>
>> 2019-05-23 15:45:03,124 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No signature of method: GroovyRegisteredAccessStrategy.getKey() is
>> applicable for argument types: (java.lang.String) values: [udlAccountStatus]
>> Possible solutions: getAt(java.lang.String), notify(), getOrder(),
>> grep(), every(), every(groovy.lang.Closure)>
>>
>>
>> any suggestions?
>>
>> Thanks in advance...
>>
>> Debian,
>>
>> I should have looked closer at your method logic.
>> From the method name I suspect that method checks an attribute to
>> determine service access. This is what you originally proposed 'attribute =
>> Active'.
>>
>> You will need to know what attributes you have. You can add logging to
>> the method or increase logging in general:
>>
>> <!-- DEBUG Found principal attributes [...] for [username]
>> Attribute policy [???] allows release of [...] for
>> [username]
>> Final collection of attributes allowed are: [...] -->
>> <AsyncLogger
>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>
>> level="debug"/>
>>
>> I also have this in my logging config:
>>
>> <!-- DEBUG Skipping access strategy policy - when no attributes
>> rules are defined
>> These required attributes [...] are examined against
>> [...] before service can proceed - when attrubutes are defined -->
>> <AsyncLogger
>> name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>> level="warn"/>
>>
>> Because CAS can perform the access / deny part of your requirements.
>> Service configuration can set an attribute and a value that a user must
>> have to allow access.
>> Since you are trying to modify the redirect URL (you have a third
>> option), you might have to modify the web flow.
>>
>> In general, for your method you will have a check like this
>>
>> if ('Active' == map.get('attribute')) {return true}
>>
>> Ray
>>
>> On Wed, 2019-05-22 at 00:49 -0700, Debian HNT wrote:
>>
>> Ray,
>> Thanks for your answer!
>>
>> I've changed the variable to attributes but it doesnt repair the issue.
>> I dont understand how to set principal to my attribute : account and how
>> to configure the map to active/blocked/waiting?
>> I'm not sure if I cleary understand the function...
>>
>> Thank u in advance...
>>
>>
>> Debian,
>>
>> In doPrincipal..., you are using a variable called 'map' but the variable
>> is 'attributes'.
>>
>> Ray
>>
>> On Tue, 2019-05-21 at 02:22 -0700, Debian HNT wrote:
>>
>> Hello guys,
>>
>> I'm still trying to configure a groovy script for access strategy but I
>> have some errors
>>
>> Here's my access-strategy.groovy
>>
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : map.entrySet()){
>> if (entry.getKey().equals(principal)){
>> return true
>> }
>> }
>> return false
>> }
>> }
>>
>> @Override
>> java.net.URI getUnauthorizedRedirectUrl(){
>> return "https://blocked-acc.html";
>> }
>> }
>>
>>
>>
>> org.springframework.webflow.
>>
>> execution.
>>
>> ActionExecutionException: Exception thrown executing
>> org.apereo.cas.web.flow.login.
>>
>> InitialFlowSetupAction@
>>
>> 2357e4bc in state 'null' of flow 'login' -- action execution attributes were
>> 'map[[empty]]'
>>
>>
>> Caused by: java.lang.NullPointerException
>>
>> at org.apereo.cas.services.
>>
>> GroovyRegisteredServiceAccessS
>>
>> trategy.
>>
>> isServiceAccessAllowed(
>>
>> GroovyRegisteredServiceAccessS
>>
>> trategy.java:49)
>>
>> at org.apereo.cas.web.flow.login.
>>
>> InitialFlowSetupAction.
>>
>> configureWebflowContextForServ
>>
>> ice(InitialFlowSetupAction.
>>
>> java:62)
>>
>> at org.apereo.cas.web.flow.login.
>>
>> InitialFlowSetupAction.
>>
>> doExecute(
>>
>> InitialFlowSetupAction.java:
>>
>> 51)
>>
>> at org.springframework.webflow.
>>
>> action.AbstractAction.execute(
>>
>> AbstractAction.java:188)
>>
>> at sun.reflect.
>>
>> GeneratedMethodAccessor447.
>>
>> invoke(Unknown Source)
>>
>> at sun.reflect.
>>
>> DelegatingMethodAccessorImpl.
>>
>> invoke(
>>
>> DelegatingMethodAccessorImpl.
>>
>> java:43)
>>
>> at java.lang.reflect.Method.
>>
>> invoke(Method.java:498)
>>
>> at org.springframework.util.
>>
>> ReflectionUtils.invokeMethod(
>>
>> ReflectionUtils.java:216)
>>
>> at org.springframework.cloud.
>>
>> context.scope.GenericScope$
>>
>> LockedScopedProxyFactoryBean.
>>
>> invoke(GenericScope.java:470)
>>
>> at org.springframework.aop.
>>
>> framework.
>>
>> ReflectiveMethodInvocation.
>>
>> proceed(
>>
>> ReflectiveMethodInvocation.
>>
>> java:179)
>>
>> at org.springframework.aop.
>>
>> framework.JdkDynamicAopProxy.
>>
>> invoke(JdkDynamicAopProxy.
>>
>> java:213)
>>
>> at com.sun.proxy.$Proxy376.
>>
>> execute(Unknown Source)
>>
>> at org.springframework.webflow.
>>
>> execution.ActionExecutor.
>>
>> execute(ActionExecutor.java:
>>
>> 51)
>>
>> ... 100 more
>>
>>
>>
>>
>> I'd like to set some attributes required and redirection url.
>>
>> For example if the account attribute = Active, i'll be able to join the
>> service
>>
>> but
>>
>> if the account attribute = blocked, i'll be redirect to
>> https://blocked-acc.html <https://blocked.acc.html>
>>
>> or
>>
>> if the account attribute = waiting, i'll be redirect to
>> https://waiting-acc/html <https://waiting.acc/html>
>>
>> I'm new to groovy and I dont understand the issue, May I have some help
>> pls?
>>
>> Regards,
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ad364e66-9587-4e80-bb6e-ce587dcfece6%40apereo.org.
