Skip to content

Allow for URL exceptions to be given#1

Open
ccaum wants to merge 3 commits intozemis:masterfrom
ccaum:allow_url_exceptions
Open

Allow for URL exceptions to be given#1
ccaum wants to merge 3 commits intozemis:masterfrom
ccaum:allow_url_exceptions

Conversation

@ccaum
Copy link

@ccaum ccaum commented Feb 22, 2012

Previous to this commit, there was no way to specify specific URLs or
URL patterns that will be except from requiring authentication. This
commit introduces a configuration parameter,
:allow_unauthenticated_urls, that can be an array of regular expressions
or strings that will be used to match the requesting URL. If the
requesting URL matches any of the exceptions given, the request will be
allowed through.

@ccaum
Allow for URL exceptions to be given
6fe02df 
Previous to this commit, there was no way to specify specific URLs or
URL patterns that will be except from requiring authentication.  This
commit introduces a configuration parameter,
:allow_unauthenticated_urls, that can be an array of regular expressions
or strings that will be used to match the requesting URL.  If the
requesting URL matches any of the exceptions given, the request will be
allowed through.
@ccaum
Copy link
Author

ccaum commented Feb 22, 2012

Sorry about all the trailing whitespace removal. My text editor does that automatically.

@lelesrc
Copy link

lelesrc commented Feb 27, 2012

This is a useful feature; most cas client have it.
We are going to test this patch in our app.

@ccaum
Use REQUEST_URI instead of PATH_INFO
c989772 
Previous to this commit, the PATH_INFO header information was used to
determine the calling page.  This however doesn't always give the
exptected result.  For example, for rack applications launched by
passenger using RackBaseURI, the path to the rack application is
stripped from PATH_INFO.

This commit uses the REQUEST_URI to resolve the issue
@ccaum
Copy link
Author

ccaum commented Feb 29, 2012

After some more testing, this simply doesn't work. The problem is that if the service doesn't have a service ticket yet, it needs to be redirected to CAS to get one. The means there is no way to test if the session is unauthenticated, but allowed anyway. Can anyone think of a way to allow users with a valid TGT to continue on as usual but allow unauthenticated requests to pass through?

@ccaum
Ignore exceptions if authenticated
df37756 
Previous to this commit, requests that matched an exception would be
passed through without the CAS rack session data being created
regardless of whether the request is authenticated.  This commit only
tests unauthenticated requests if an exception should be allowed through
@ccaum
Copy link
Author

ccaum commented Feb 29, 2012

I took the best stab at it I could. If there is a valid service ticket, we'll treat it as an authenticated session. If there isn't, we'll let the request past through if the URI matches a given exception

@Aeon
Copy link
Contributor

Aeon commented Nov 15, 2014

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ccaum @lelesrc @Aeon