cassiopeia

DESCRIPTION:

  • Yet another custom CAS client/server implementation. This plugin allows you to perform single-server authorization between two different rails applications.

Changelog:

  • 0.2.0: Rails 3 support implemented (no backward compatibility with Rails 2)

  • 0.1.7: First stage of compatibility with Rails 3 (RAILS_ROOT replaced with Rails.root)

  • 0.1.6: Minor hot-fixes

  • 0.1.5: Method to_json of User class fixed.

  • 0.1.3: Removing request after return made optional

  • 0.1.2: Added some new parameters of request saving to the default configuration.

  • 0.1.1: Lesser bug with concurrent requests restoring fixed.

  • 0.1.0: Multiple requests storing implemented. Workarounds for concurrent requests processing applied.

  • 0.0.9: The bug with multiple concurrent requests processing fixed.

  • 0.0.8: Full request saving support via rack middleware.

  • 0.0.7: Some code for redirection added. Added webpath prefix support.

  • 0.0.6: Tiny refactoring.

  • 0.0.5: Some important fixes for configuration exceptions handling.

  • 0.0.4: Fixed problem with default config.

  • 0.0.3: Added required dependency simple_rest. Doc extended.

  • 0.0.2: Added some doc.

INSTALL:

Add these lines to environment.rb:

config.gem 'cassiopeia'
config.gem 'simple_rest'

Run this from console:

rake gems:install

SYNOPSIS:

Client configuration

Create a file named config/cassiopeia.yml:

server_url: "https://localhost" # Url of cassiopeia server in your environment
service_url: "https://localhost/myservice/" # Url of your application (for cas to redirect back)
service_id: "myservice" # Identification of your service (for informational and security purpose)
requests_save_enabled: true # Set this value to true if you want your application to save and restore the previous request when redirecting to cassiopeia (default: true)

Usage:

Add this line to application_controller.rb:

use_cas_authorization

This will force your application to request authorization from cassiopeia server. This also will add new method “current_user” to your controllers. Then you can easily make the helper method to use in your views by adding: 

helper_method :current_user

You can also check required roles to access some controllers. To do this, you should add the following line to your controller:

cas_require_roles :doctor, :admin

This will raise the Cassiopeia::Exception::AccessDenied if user try to access this controller. You can rescue from this exception by adding the following to application_controller.rb:

rescue_from 'Cassiopeia::Exception::AccessDenied', :with => :access_denied
def access_denied
  flash[:notice] = 'Access denied. You dont have permissions to access this page'
  redirect_to root_path
end

If you set requests_save_enabled to true then you should create the new migration to create the cassiopeia_requests table for storing requests. This is very important if you want to use redirections on the requests that are differ from GET. So, create this migration: 

class AddCassiopeia < ActiveRecord::Migration
  def self.up
    create_table :cassiopeia_requests do |t|
      t.string :uid
      t.binary :data
      t.datetime :expires_at
      t.timestamps
    end
  end
  def self.down
    drop_table :cassiopeia_requests
  end
end

Server configuration

Create a file named config/cassiopeia.yml:

ticket_max_lifetime: 5 # Ticket max lifetime (in minutes, default: 120)

Generate new controller named Cas. Generate new model named CasTicket. Create migration for your CasTicket (all field are mandatory): 

def self.up
  create_table :cas_tickets do |t|
    t.references :user, :foreign_key => true
    t.string :identity
    t.datetime :expires_at
    t.string :service, :limit=>2400
    t.timestamps
  end
end
def self.down
  drop_table :cas_tickets
end

Add the following lines to your cas_controller:

acts_as_cas_controller do |c| 
  c.ticketClass = CasTicket (default: Ticket)
  c.rolesMethod = :roles_array #add this line only if your user model doesn't have :roles method (default: roles)
end

Add the following lines to your CasTicket:

acts_as_cas_ticket
belongs_to :user

You should also provide the ability to extract user roles to array by calling rolesMethod for current user. Add this method to your user model. The example for authlogic:

def roles_array
  res = []
  role_objects.each do |role|
    res << role.name.to_sym
  end
  res
end

One more thing that might be useful to make everything work properly. Add these lines to routes.rb:

map.resource :cas
map.connect ':controller/:action.:format'

Note:

Server’s application controller should has helper method called “current_user”.

LICENSE:

(The MIT License)

Copyright © 2010 smecsia

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ‘Software’), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.