[CAS 5.3 : Wanna use Dynamic Unauthorized Redirect URL]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[CAS 5.3 : Wanna use Dynamic Unauthorized Redirect URL]

Terki Adel

Hi there,

I'm trying to redirect the webflow while accessing a service to an external module, and since i need to add some additional parameters according to each authentication context in the URL,  i thought that by extending the DefaultRegisteredServiceAccessStrategy class with a method wich will change the unauthorizedRedirectUrl, would work, but it seems like it didn't pay attention to my changes

Here the code of my Custome Access Strategy

public class MyDefaultRegisteredServiceAccessStrategy extends DefaultRegisteredServiceAccessStrategy {

    private String param1 = null;

    private String param2 = null;

    private Map<String, Object> principalAttributes = new HashMap<String, Object>();

    public URI getUnauthorizedRedirectUrl(){
        URI unauthorizedRedirectUrlDyn = this.unauthorizedRedirectUrl;
      if( this.unauthorizedRedirectUrl != null ) {   
          unauthorizedRedirectUrlDyn = new URI( this.unauthorizedRedirectUrl.toString() + "?param1=" + this.param1 + "&param2=" + this.param2 );
           LOGGER.debug("getUnauthorizedRedirectUrl : ", unauthorizedRedirectUrlDyn);
    }catch (URISyntaxException e){
        //return this.unauthorizedRedirectUrl;
    return unauthorizedRedirectUrlDyn;
    public boolean doPrincipalAttributesAllowServiceAccess(final String principal, final Map<String, Object> principalAttributes) {

    this.param1 = principal;
    this.param2 = (String) principalAttributes.get("ServiceTarget");

    this.principalAttributes = principalAttributes;

        if (this.rejectedAttributes.isEmpty() && this.requiredAttributes.isEmpty()) {
            LOGGER.debug("Skipping access strategy policy, since no attributes rules are defined");
            return true;
        if (!enoughAttributesAvailableToProcess(principal, principalAttributes)) {
            LOGGER.debug("Access is denied. There are not enough attributes available to satisfy requirements");
            return false;
        if (doRejectedAttributesRefusePrincipalAccess(principalAttributes)) {
            LOGGER.debug("Access is denied. The principal carries attributes that would reject service access");
            return false;
        if (!doRequiredAttributesAllowPrincipalAccess(principalAttributes, this.requiredAttributes)) {
            LOGGER.debug("Access is denied. The principal does not have the required attributes [{}] specified by this strategy", this.requiredAttributes);
            return false;
        return true;

And this where i defined my unauthorizedRedirectUrl :

  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "id" : 1000,
  "usernameAttributeProvider" : {
    "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
    "usernameAttribute" : "uid"
  "accessStrategy": {
     "@class" : "org.apereo.cas.services.MyDefaultRegisteredServiceAccessStrategy",
   "unauthorizedRedirectUrl" : "MyURL",
     "requiredAttributes" : {
        "@class" : "java.util.HashMap",
        "uid" : [ "java.util.HashSet", [ ".*" ] ]

You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/722670ef-05d9-4cfe-92bb-dcc504a74353n%40apereo.org.