My company uses Apereo CAS as a single sign on server. It also protects our files from being download unless a user is logged in. I have a number of background tasks that run that need to make some HTTP calls to one of our systems to pages that are protected by CAS
Whats the answer?
I decided to go with Basic Authentication. You cannot use the proxy mechanism since you don;t have a logged in user.
Enable Basic Authentication on Server
You will need to rebuild your CAS overlay war. Add the following dependency to your pom.xml file.
<dependency>
<groupid>org.apereo.cas</groupid>
<artifactid>cas-server-support-basic</artifactid>
<version>${cas.version}</version>
</dependency>
Java Utility Class
This class sets up a Apache Http Client. It is also used to set the headers on the request. I found that preemptively sending the Basic Authentication headers was the way to get it to work.
package org.yfu.security;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import org.apache.http.HttpHeaders;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.CookieStore;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.AbstractHttpMessage;
public class CasBasicAuthUtil {
private String username;
private String password;
public CasBasicAuthUtil(String username, String password) {
super();
this.username = username;
this.password = password;
}
public HttpClient getHttpClient() throws ClientProtocolException, IOException,
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
// Create a local instance of cookie store
CookieStore cookieStore = new BasicCookieStore();
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CredentialsProvider provider = new BasicCredentialsProvider();
UsernamePasswordCredentials credentials
= new UsernamePasswordCredentials(username, password);
provider.setCredentials(AuthScope.ANY, credentials);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(
sslsf)
.setDefaultCredentialsProvider(provider)
.setDefaultCookieStore(cookieStore).build();
return httpclient;
}
public void addHeaders(AbstractHttpMessage request) {
String auth = username + ":" + password;
byte[] encodedAuth = Base64.getEncoder().encode(
auth.getBytes(Charset.forName("ISO-8859-1")));
String authHeader = "Basic " + new String(encodedAuth);
request.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
}
}
How to use the Utility
CasBasicAuthUtil casUtil = new CasBasicAuthUtil("Usename", "Password");
HttpClient client = casUtil.getHttpClient();
final String url = getDocUrl(fileId);
cat.debug(url);
HttpGet httpGet = new HttpGet(url);
casUtil.addHeaders(httpGet);
HttpResponse response = client.execute(httpGet);
final int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 200) {
// we got the file. Do something with it.
}