CSS

Tuesday, January 30, 2018

Programatically get files protected by a CAS SSO Server

My company uses Apereo CAS as a single sign on server.  It also protects our files from being download unless a user is logged in.  I have a number of background tasks that run that need to make some HTTP calls to one of our systems to pages that are protected by CAS

Whats the answer?

I decided to go with Basic Authentication.  You cannot use the proxy mechanism since you don;t have a logged in user.

Enable Basic Authentication on Server

You will need to rebuild your CAS overlay war. Add the following dependency to your pom.xml file.

<dependency>
  <groupid>org.apereo.cas</groupid>
  <artifactid>cas-server-support-basic</artifactid>
  <version>${cas.version}</version>
</dependency> 


Java Utility Class

This class sets up a Apache Http Client.  It is also used to set the headers on the request.  I found that preemptively sending the Basic Authentication headers was the way to get it to work.

package org.yfu.security;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

import org.apache.http.HttpHeaders;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.CookieStore;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.AbstractHttpMessage;

public class CasBasicAuthUtil {
 
 private String username;
 private String password;
 
 

 public CasBasicAuthUtil(String username, String password) {
  super();
  this.username = username;
  this.password = password;
 }

 public HttpClient getHttpClient() throws ClientProtocolException, IOException, 
                  NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
  // Create a local instance of cookie store
  CookieStore cookieStore = new BasicCookieStore();
   SSLContextBuilder builder = new SSLContextBuilder();
      builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
      SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
              builder.build());
      CredentialsProvider provider = new BasicCredentialsProvider();
      UsernamePasswordCredentials credentials
       = new UsernamePasswordCredentials(username, password);
      provider.setCredentials(AuthScope.ANY, credentials);
      CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(
              sslsf)
        .setDefaultCredentialsProvider(provider)
        .setDefaultCookieStore(cookieStore).build();
  
  

  
  return httpclient;
  
  
  
 }
 
 public void addHeaders(AbstractHttpMessage request) {
  String auth = username + ":" + password;
  byte[] encodedAuth = Base64.getEncoder().encode(
    auth.getBytes(Charset.forName("ISO-8859-1")));
  String authHeader = "Basic " + new String(encodedAuth);
  request.setHeader(HttpHeaders.AUTHORIZATION, authHeader);

 }
 
}

How to use the Utility


                CasBasicAuthUtil casUtil = new CasBasicAuthUtil("Usename", "Password");
  HttpClient client = casUtil.getHttpClient();
  final String url = getDocUrl(fileId);
  cat.debug(url);
  HttpGet httpGet = new HttpGet(url);
  casUtil.addHeaders(httpGet);
  HttpResponse response = client.execute(httpGet);
  final int statusCode = response.getStatusLine().getStatusCode();
  if (statusCode == 200) {
   //  we got the file.  Do something with it.
  }