Skip to main content

CAS Proxy Ticket Utility for Alfresco Share Dashlets

Alfresco Share dashlet controllers can be used to call internal (Alfresco Repository) as well as external restful web services. In our environment our external restful web services are protected by CAS. In order to authenticate calls from Alfresco Share dashlets, CAS proxy authentication protocol is used. You can find much about CAS, its supported clients and protocols on their web site at http://www.jasig.org/cas.

Cas ProxyAuthentication requires proxy tickets to be submitted with each service call. Therefore, proxy ticket must be generated and attached to each http call from an Alfresco Share dashlet. Here is snippet of a controller from one of our dashlets. 

var hoursServiceUrl = remote.getEndpointURL("casProtectedService") + "/users/" + user.name + "/hours.json";
var proxyTicket = proxyTicketUtil.proxyTicket(hoursServiceUrl);

var hoursUrl = hoursServiceUrl + "?ticket=" + proxyTicket;
var hoursConnector = remote.connect("casProtectedService");
var hoursResults = hoursConnector.call(hoursUrl);

In the above code you can see that Remote object from Alfresco is used to create a service URL. Then this service url is used to create a proxyTicket. The proxyTicketUtil object is a root object I created and exposed in Alfresco that handles generation of proxy tickets based on provided service urls.

Here is the full definition of this object.

package com.test.cas;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.util.AssertionHolder;
import org.springframework.extensions.webscripts.processor.BaseProcessorExtension;

public class ProxyTicketUtil extends BaseProcessorExtension {

    private static Log logger = LogFactory.getLog(ProxyTicketUtil.class);

    public String proxyTicket(String service) {
        logger.info("getting proxy ticket");
        return AssertionHolder.getAssertion().getPrincipal().getProxyTicketFor(service);
    }
}

Alfreco Spring Surf extensions can be used to exbose JAVA beans as root server side JavaScript object. To learn more about BaseProcessExtension check out Alfresco wiki and Spring Surf documentation.

Since Alfresco itself is CAS protected I am using CAS client libraries to generate the proxy ticket.

Once this bean is created it must be configured in Alfresco so that it can be converted into server side root JavaScript object. You can use Alfresco's web-extension folder and add the following bean definition into custom-slingshot-application-context.xml.

<bean id="proxyTicketUtil" parent="baseScriptExtension"
        class="com.test.cas.ProxyTicketUtil">
  <property name="extensionName"><value>proxyTicketUtil</value></property>
</bean>


You will need to re-start Alfresco in oder for these changes to take affect.

Comments