[opencms-dev] The module of OpenCms7.0.5-CAS3.3.1-LDAP has been released

Shi Yusen shiys at langhua.cn
Tue Apr 14 00:30:38 CEST 2009 

Hi list,

I'm glad to announce a new module release for OpenCms7.0.5, CAS 3.3.1
and OpenLDAP.

The module is tested in Fedora 10, Tomcat 5.5.27, MySQL 5.0.67, OpenCms
7.0.5, CAS 3.3.1, OpenLDAP 2.4.12 and OpenJDK 1.6.0.


What's new:
1. Two new authorization handler are added in this release to support
CAS or LDAP based authorization. The handlers can create/adjust a user's
groups(OU)/roles by groupOfNames(groupsOfUniqueNames)/roleOccupant or
alias.

2. CAS 2.0 protocal is supported. And when using CAS handlers, OpenCms
will not visit LDAP anymore. This change will make it possible for those
who want to use a database for CAS authz/authn. The user's information
will be got from the /serviceValidate (or your customized servlet) and
attributes. The attributes can be put by PersonDirectory or its
extension.

CAS + LDAP authz & authn:
Client                  OpenCms                  CAS       LDAP
  |          a url         |                      |         |
  |----------req---------->|check permission      |         |
  |                     allowed?                  |         |
  |<---------res-----------|yes                   |         |
  |               not allowd. guest?              |         |
  |<---------res-----------|not guest             |         |
  |                a guest. has ticket?           |         |
  |                        |      to /login       |         |
  |               no ticket|---------req--------->|         |
  |<-----------------res--------------------------|         |
  |           username/password                   |         |
  |------------------req------------------------->|         |
  |                        |                      |<-authz->|
  |                        |                  logged in?    |
  |<-----------------res--------------------------|no       |
  |                        |    forward the url   |         |
  |                        |<--------res----------|yes      |
  |              a guest. has ticket?             |         |
  |                     yes|                      |         |
  |                   has CmsUser?                |         |
  |                      no|   /serviceValidate   |         |
  |                        |----------req-------->|         |
  |                        |                      |<-find-->|
  |                        |<---------res---------|         |
  |                 store user info               |         |
  |         the url        |                      |         |
  |<----------res----------|not a guest           |         |


How to get it:
You can get this module from Langhua SVN:
http://www.langhua.cn/langhua/modules/ldap/branch/opencms7.0.5-cas3.3.1-ldap/
Username: anon
Password: anon

Or ViewVC:
http://www.langhua.cn/viewvc/svn/modules/ldap/branch/opencms7.0.5-cas3.3.1-ldap/


Enjoy it,

Shi Yusen/Beijing Langhua Ltd.

More information about the opencms-dev mailing list