JSON Service Registry
This registry reads services definitions from JSON configuration files at the application context initialization time. JSON files are expected to be found inside a configured directory location and this registry will recursively look through the directory structure to find relevant JSON files.
Support is enabled by adding the following module into the overlay:
1
2
3
4
5
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
A sample JSON file follows:
1
2
3
4
5
6
7
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "testId",
"name" : "testJsonFile",
"id" : 103935657744185,
"evaluationOrder" : 10
}
To see the relevant list of CAS properties, please review this guide.
You MUST consider that if your CAS server deployment is clustered, each CAS node in the cluster must have access to the same set of JSON configuration files as the other, or you may have to devise a strategy to keep changes synchronized from one node to the next.
The JSON service registry is also able to auto detect changes to the specified directory. It will monitor changes to recognize file additions, removals and updates and will auto-refresh CAS so changes do happen instantly.
Please make sure all field values in the JSON blob are correctly escaped, specially for the service id. If the service is defined as a regular expression, certain regex constructs such as "." and "\d" need to be doubly escaped.
The naming convention for new JSON files is recommended to be the following:
1
JSON fileName = serviceName + "-" + serviceNumericId + ".json"
Based on the above formula, for example the above JSON snippet shall be named: testJsonFile-103935657744185.json
. Remember that because files are created based on the serviceName
, you will need to make sure characters considered invalid for file names are not used as part of the name.
As you add more files to the directory, you need to be absolutely sure that no two service definitions will have the same id. If this happens, loading one definition will stop loading the other. While service ids can be chosen arbitrarily, make sure all service numeric identifiers are unique. CAS will also output warnings if duplicate data is found.
JSON Syntax
CAS uses a version of the JSON syntax that provides a much more relaxed syntax with the ability to specify comments.
A given JSON file for instance could be formatted as such in CAS:
1
2
3
4
5
6
7
8
9
10
{
/*
Generic service definition that applies to https/imaps urls
that wish to register with CAS for authentication.
*/
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
}
Note the trailing comma at the end. See the above link for more info on the alternative syntax.
Legacy Syntax
CAS automatically should remain backwards compatible with service definitions
that were created by a CAS 4.2.x
instance. Warnings should show up in the logs
when such deprecated service definitions are found. Deployers are advised to review each definition
and consult the docs to apply the new syntax.
An example legacy JSON file is listed below for reference:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^https://www.jasig.org/cas",
"name" : "Legacy",
"id" : 100,
"description" : "This service definition authorizes the legacy jasig/cas URL. It is solely here to demonstrate service backwards-compatibility",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 100,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" : "org.jasig.cas.authentication.principal.cache.CachingPrincipalAttributesRepository",
"duration" : {
"@class" : "javax.cache.expiry.Duration",
"timeUnit" : [ "java.util.concurrent.TimeUnit", "HOURS" ],
"expiration" : 2
},
"mergingStrategy" : "NONE"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}