The document discusses migrating an existing authentication system at Columbia University to the Central Authentication Service (CAS). Specifically, it addresses:
1) Integrating the legacy service registry and custom attributes into CAS.
2) Adding support for the legacy "WIND" authentication protocol to CAS to allow existing clients to continue using either the legacy or CAS protocols during migration.
3) Customizing CAS login behavior and UI to match the existing system.
DWR (Direct Web Remoting) allows JavaScript code in a browser to call Java functions on a web server as if they were local functions. It consists of Java server-side libraries and a servlet, as well as JavaScript libraries. DWR handles converting parameters and return values between JavaScript and Java. It also handles low-level XMLHttpRequest handling. DWR dynamically generates a JavaScript proxy class that matches a Java class, allowing remote method calls. Utility functions in DWR help update web pages with the results.
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...BizTalk360
The Service Bus is part of Windows Azure and is designed to provide connectivity, queuing, and routing capabilities not only for the cloud applications but also for on-premises applications. Microsoft BizTalk Server enables organizations to connect and extend heterogeneous systems across the enterprise and with trading partners. Using both together enables a significant number of scenarios in which you can build secure, reliable and scalable hybrid solutions that span the cloud and on premises environments.
Windows Azure BizTalk Services is a simple, powerful, and extensible cloud-based integration service that provides Business-to-Business (B2B) and Enterprise Application Integration (EAI) capabilities for delivering cloud and hybrid integration solutions. Windows Azure Mobile Services accelerates connected client application development by streamlining common backend tasks like structuring storage, authenticating users, and sending push notifications. In this session you will see how to integrate these technologies to build secure, reliable and scalable hybrid solutions that span the cloud and on premises environments.
This document discusses setting up an intermediate WCF service to connect an Android application to Dynamics AX. It describes creating a WCF service that enables REST and outputs data in JSON format for consumption by the Android application. The WCF service is configured to use authentication via headers and return sample inventory item data from AX. The Android application code shows making a request to the WCF service to get JSON data and parsing it to display in a list view.
This document discusses setting up an intermediate WCF service to connect an Android application to Dynamics AX. It describes creating a WCF service that enables REST and outputs data as JSON for consumption by the Android application. The WCF service is configured to use authentication via headers and return AX data like item lists. The document also provides code samples for the WCF service interface and implementation, as well as the Android application code to call the service, parse the JSON response, and display it in a list view.
Spring 3 emphasizes annotation configuration over XML. Key changes include support for JSR 250, 299/330, and 303 annotations as well as a simplified MVC framework with @Controller and @RequestMapping annotations. Validation is integrated using JSR 303 annotations and executed automatically by the framework. Configuration is also simplified through @Configuration classes and the @Bean annotation.
Integration of Backbone.js with Spring 3.1Michał Orman
This document discusses integrating Backbone.js with Spring 3.1. It begins with an overview of new features in Spring 3.1, such as cache abstraction, bean definition profiles, and Java-based configuration. It then provides an introduction to Backbone.js, explaining how it gives structure to web applications using models, collections, views and routers. The document demonstrates how to integrate Backbone.js and Spring 3.1 by using Spring to provide a RESTful JSON API for Backbone models and collections to communicate with, while keeping the UI rendered separately using Backbone views. It provides examples of tasks being managed through GET, POST, PUT and DELETE requests to the Spring API.
Rest with Java EE 6 , Security , Backbone.jsCarol McDonald
The document discusses REST with JAX-RS and security in Java EE 6, covering how to build a simple RESTful service using JAX-RS annotations to map resources and methods, support multiple representations, and link resources together, and how to secure the service by configuring authentication, authorization, and encryption in the web.xml deployment descriptor.
DWR (Direct Web Remoting) allows JavaScript code in a browser to call Java functions on a web server as if they were local functions. It consists of Java server-side libraries and a servlet, as well as JavaScript libraries. DWR handles converting parameters and return values between JavaScript and Java. It also handles low-level XMLHttpRequest handling. DWR dynamically generates a JavaScript proxy class that matches a Java class, allowing remote method calls. Utility functions in DWR help update web pages with the results.
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...BizTalk360
The Service Bus is part of Windows Azure and is designed to provide connectivity, queuing, and routing capabilities not only for the cloud applications but also for on-premises applications. Microsoft BizTalk Server enables organizations to connect and extend heterogeneous systems across the enterprise and with trading partners. Using both together enables a significant number of scenarios in which you can build secure, reliable and scalable hybrid solutions that span the cloud and on premises environments.
Windows Azure BizTalk Services is a simple, powerful, and extensible cloud-based integration service that provides Business-to-Business (B2B) and Enterprise Application Integration (EAI) capabilities for delivering cloud and hybrid integration solutions. Windows Azure Mobile Services accelerates connected client application development by streamlining common backend tasks like structuring storage, authenticating users, and sending push notifications. In this session you will see how to integrate these technologies to build secure, reliable and scalable hybrid solutions that span the cloud and on premises environments.
This document discusses setting up an intermediate WCF service to connect an Android application to Dynamics AX. It describes creating a WCF service that enables REST and outputs data in JSON format for consumption by the Android application. The WCF service is configured to use authentication via headers and return sample inventory item data from AX. The Android application code shows making a request to the WCF service to get JSON data and parsing it to display in a list view.
This document discusses setting up an intermediate WCF service to connect an Android application to Dynamics AX. It describes creating a WCF service that enables REST and outputs data as JSON for consumption by the Android application. The WCF service is configured to use authentication via headers and return AX data like item lists. The document also provides code samples for the WCF service interface and implementation, as well as the Android application code to call the service, parse the JSON response, and display it in a list view.
Spring 3 emphasizes annotation configuration over XML. Key changes include support for JSR 250, 299/330, and 303 annotations as well as a simplified MVC framework with @Controller and @RequestMapping annotations. Validation is integrated using JSR 303 annotations and executed automatically by the framework. Configuration is also simplified through @Configuration classes and the @Bean annotation.
Integration of Backbone.js with Spring 3.1Michał Orman
This document discusses integrating Backbone.js with Spring 3.1. It begins with an overview of new features in Spring 3.1, such as cache abstraction, bean definition profiles, and Java-based configuration. It then provides an introduction to Backbone.js, explaining how it gives structure to web applications using models, collections, views and routers. The document demonstrates how to integrate Backbone.js and Spring 3.1 by using Spring to provide a RESTful JSON API for Backbone models and collections to communicate with, while keeping the UI rendered separately using Backbone views. It provides examples of tasks being managed through GET, POST, PUT and DELETE requests to the Spring API.
Rest with Java EE 6 , Security , Backbone.jsCarol McDonald
The document discusses REST with JAX-RS and security in Java EE 6, covering how to build a simple RESTful service using JAX-RS annotations to map resources and methods, support multiple representations, and link resources together, and how to secure the service by configuring authentication, authorization, and encryption in the web.xml deployment descriptor.
AngularJs Workshop SDP December 28th 2014Ran Wahle
This document provides an overview and agenda for a training on AngularJS. It introduces key concepts in AngularJS like modules, dependency injection, data binding with controllers and scopes, services, filters, directives, forms, and routing. Code examples are provided to demonstrate creating modules, controllers, services, binding data between the view and model, and using built-in and custom directives. The training will cover building AngularJS applications with a focus on best practices.
This document provides an overview of the VMware vCloud SDK for PHP. It describes the SDK components, including the VMware_VCloud_API packages that define classes mapping to vCloud API entities, and the VMware_VCloud_SDK packages that define classes for managing the lifecycle of vCloud entities. It demonstrates how to create vCloud data objects and SDK objects, and provides a sample code for logging in and powering on a virtual machine using the SDK.
Android Cloud to Device Messaging Framework at GTUG StockholmJohan Nilsson
The document discusses the Android Cloud to Device Messaging (C2DM) framework. It allows application servers to send lightweight messages to Android apps. Key points:
- C2DM notifies apps of new data to fetch rather than sending large amounts of content. It makes no guarantees about message delivery or order.
- Apps can receive messages even when not running by using intent broadcasts. C2DM only passes raw message data.
- Apps must register with C2DM to receive messages and can unregister. Registration requires Android 2.2+ with the Market app installed.
- The app server sends messages via HTTP using a registration ID and authorization token. C2DM handles storing and delivering messages when
The document discusses integrating Spring MVC on the server side with Backbone.js on the client side for building Model-View-Controller (MVC) applications. It provides an overview of MVC patterns and how they are implemented in Spring MVC using Java and in Backbone.js using JavaScript. Key aspects covered include using Backbone models and collections to represent and manipulate data, views to render templates and handle user interactions, and routers to manage client-side routing and application states. RESTful APIs are also discussed as a way to communicate between the client-side Backbone code and the server-side Spring MVC application.
The document discusses various ASP.NET server-side tags used in web forms. It provides the tag name, a brief description of its usage, and a link to the Microsoft documentation for each tag. The tags covered are: <% %> for code blocks, <%= %> for single-value expressions, <%# %> for data binding expressions, <%$ %> for expressions in data sources, <%@ %> for directives, <%-- --%> for comments, and <%: %> for HTML encoding.
OpenWebBeans is an implementation of the JSR-299 specification for managing Java EE components called WebBeans. It provides features like dependency injection, lifecycle management, interceptors, decorators, events and contexts. It is hosted by the Apache Software Foundation and aims to be extensible and configurable through annotations and XML.
Java Svet - Communication Between Android App ComponentsAleksandar Ilić
Presentation about how to build flexible (using fragments), smooth (using async tasks and intent services) and "data up to date" (using loaders) Android applications.
ASP.NET provides many server controls that generate HTML elements and simplify web development, including basic controls that map to HTML tags, more advanced controls that generate complex output, and specialized controls for tasks like validation, navigation, and data binding. Server controls inherit from classes in the .NET Framework and have properties and events that make them easier to work with compared to standard HTML elements. ASP.NET offers a variety of server controls to handle common tasks and interface elements on web forms.
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
You have valuable data in MongoDB and while it's important to use that data to empower your users and customers it can be tough to do so in a safe, secure way. In this session, you'll learn how to simply connect your users with the data they need using MongoDB Stitch. We'll cover how to quickly set-up complex access controls using Stitch's Read and Write Rules as well as how to expose that data through Stitch's SDKs, Functions, and Services.
The document describes the Spring MVC request lifecycle and how requests are handled in Spring MVC. It discusses how the DispatcherServlet receives requests and uses handler mappings to determine which controller should handle each request. It then describes how controllers process requests, returning a ModelAndView which is used to render the view. It also provides details on configuring controllers, view resolvers, and handler mappings, as well as examples of different types of controllers like command, form, and multi-action controllers.
The AWS Mobile SDKs can be used to build thick-client architecture apps for iOS and Android devices. An overview of the SDKs will be presented as well as demos and code for storing data in Amazon S3 and sending emails via Amazon SES. You will also learn how to manage AWS credentials in a mobile environment.
This document describes a group project to implement a RESTful web service for booking flights and hotels. It includes an introduction to REST, an overview of the technologies and architecture used, details about implementing and securing the services, instructions for deploying and testing, and reflections on the project experience. The services allow clients to interact with resources like flights and hotels via HTTP methods at unique URIs, and are built using JAX-RS, Jersey, and deployed in a Grizzly container.
Using the Tooling API to Generate Apex SOAP Web Service ClientsDaniel Ballinger
Presentation from Dreamforce 2014 on using the Tooling API to create increased support for calling SOAP based web services using WSDLs to generate Apex.
How To Manage API Request with AXIOS on a React Native AppAndolasoft Inc
Making an API request is as simple as passing a configuration object to Axios or invoking the appropriate method with the necessary arguments. Read More: https://www.andolasoft.com/blog/how-to-manage-api-request-with-axios-on-react-native-app.html
The document summarizes key aspects of the Windows Phone 7 operating system user interface and development platform. It describes the Metro design approach used in the UI, how tiles are used to access applications and receive live updates, and how themes allow customizing colors. It also outlines common UI controls, data binding, application lifecycle handling, and use of isolated storage, web services, and location services in apps.
This document provides an overview of Microsoft Azure Mobile Services and its management portal. It discusses the key features and capabilities of Azure Mobile Services including data storage, user authentication, push notifications, and server-side scripts. It also summarizes the available server-side script objects and modules that can be used to access additional functionality from scripts. Finally, it outlines the REST API operations for querying, inserting, updating and deleting data in Mobile Services tables.
This document provides an overview of ATALIAN's international expansion and operations in 2011. Key points include:
- ATALIAN doubled in size in cleaning services and multi-technique businesses through acquisitions in Central and Eastern Europe, making it a leader in the EU region.
- Acquisitions in Hungary, Romania, Poland, and Croatia rounded out ATALIAN's presence and allowed it to offer multi-service solutions.
- ATALIAN plans to set up offices soon in four new countries: United Kingdom, Serbia, Bosnia-Herzegovina, and Morocco to ensure two new facilities per year.
- Through acquisitions, ATALIAN has leading positions in cleaning,
An exchange student named Antonia Ficova is requesting a certificate of placement from Merve Urkmeyen at Yasar University. Merve tells Antonia she can pick up the certificate but transcripts will be sent directly to her university. Antonia checks her grades online but does not see them. Merve instructs Antonia on how to request her login credentials to view her grades online. They coordinate a time for Antonia to pick up the certificate before she leaves Turkey the following week.
AngularJs Workshop SDP December 28th 2014Ran Wahle
This document provides an overview and agenda for a training on AngularJS. It introduces key concepts in AngularJS like modules, dependency injection, data binding with controllers and scopes, services, filters, directives, forms, and routing. Code examples are provided to demonstrate creating modules, controllers, services, binding data between the view and model, and using built-in and custom directives. The training will cover building AngularJS applications with a focus on best practices.
This document provides an overview of the VMware vCloud SDK for PHP. It describes the SDK components, including the VMware_VCloud_API packages that define classes mapping to vCloud API entities, and the VMware_VCloud_SDK packages that define classes for managing the lifecycle of vCloud entities. It demonstrates how to create vCloud data objects and SDK objects, and provides a sample code for logging in and powering on a virtual machine using the SDK.
Android Cloud to Device Messaging Framework at GTUG StockholmJohan Nilsson
The document discusses the Android Cloud to Device Messaging (C2DM) framework. It allows application servers to send lightweight messages to Android apps. Key points:
- C2DM notifies apps of new data to fetch rather than sending large amounts of content. It makes no guarantees about message delivery or order.
- Apps can receive messages even when not running by using intent broadcasts. C2DM only passes raw message data.
- Apps must register with C2DM to receive messages and can unregister. Registration requires Android 2.2+ with the Market app installed.
- The app server sends messages via HTTP using a registration ID and authorization token. C2DM handles storing and delivering messages when
The document discusses integrating Spring MVC on the server side with Backbone.js on the client side for building Model-View-Controller (MVC) applications. It provides an overview of MVC patterns and how they are implemented in Spring MVC using Java and in Backbone.js using JavaScript. Key aspects covered include using Backbone models and collections to represent and manipulate data, views to render templates and handle user interactions, and routers to manage client-side routing and application states. RESTful APIs are also discussed as a way to communicate between the client-side Backbone code and the server-side Spring MVC application.
The document discusses various ASP.NET server-side tags used in web forms. It provides the tag name, a brief description of its usage, and a link to the Microsoft documentation for each tag. The tags covered are: <% %> for code blocks, <%= %> for single-value expressions, <%# %> for data binding expressions, <%$ %> for expressions in data sources, <%@ %> for directives, <%-- --%> for comments, and <%: %> for HTML encoding.
OpenWebBeans is an implementation of the JSR-299 specification for managing Java EE components called WebBeans. It provides features like dependency injection, lifecycle management, interceptors, decorators, events and contexts. It is hosted by the Apache Software Foundation and aims to be extensible and configurable through annotations and XML.
Java Svet - Communication Between Android App ComponentsAleksandar Ilić
Presentation about how to build flexible (using fragments), smooth (using async tasks and intent services) and "data up to date" (using loaders) Android applications.
ASP.NET provides many server controls that generate HTML elements and simplify web development, including basic controls that map to HTML tags, more advanced controls that generate complex output, and specialized controls for tasks like validation, navigation, and data binding. Server controls inherit from classes in the .NET Framework and have properties and events that make them easier to work with compared to standard HTML elements. ASP.NET offers a variety of server controls to handle common tasks and interface elements on web forms.
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
You have valuable data in MongoDB and while it's important to use that data to empower your users and customers it can be tough to do so in a safe, secure way. In this session, you'll learn how to simply connect your users with the data they need using MongoDB Stitch. We'll cover how to quickly set-up complex access controls using Stitch's Read and Write Rules as well as how to expose that data through Stitch's SDKs, Functions, and Services.
The document describes the Spring MVC request lifecycle and how requests are handled in Spring MVC. It discusses how the DispatcherServlet receives requests and uses handler mappings to determine which controller should handle each request. It then describes how controllers process requests, returning a ModelAndView which is used to render the view. It also provides details on configuring controllers, view resolvers, and handler mappings, as well as examples of different types of controllers like command, form, and multi-action controllers.
The AWS Mobile SDKs can be used to build thick-client architecture apps for iOS and Android devices. An overview of the SDKs will be presented as well as demos and code for storing data in Amazon S3 and sending emails via Amazon SES. You will also learn how to manage AWS credentials in a mobile environment.
This document describes a group project to implement a RESTful web service for booking flights and hotels. It includes an introduction to REST, an overview of the technologies and architecture used, details about implementing and securing the services, instructions for deploying and testing, and reflections on the project experience. The services allow clients to interact with resources like flights and hotels via HTTP methods at unique URIs, and are built using JAX-RS, Jersey, and deployed in a Grizzly container.
Using the Tooling API to Generate Apex SOAP Web Service ClientsDaniel Ballinger
Presentation from Dreamforce 2014 on using the Tooling API to create increased support for calling SOAP based web services using WSDLs to generate Apex.
How To Manage API Request with AXIOS on a React Native AppAndolasoft Inc
Making an API request is as simple as passing a configuration object to Axios or invoking the appropriate method with the necessary arguments. Read More: https://www.andolasoft.com/blog/how-to-manage-api-request-with-axios-on-react-native-app.html
The document summarizes key aspects of the Windows Phone 7 operating system user interface and development platform. It describes the Metro design approach used in the UI, how tiles are used to access applications and receive live updates, and how themes allow customizing colors. It also outlines common UI controls, data binding, application lifecycle handling, and use of isolated storage, web services, and location services in apps.
This document provides an overview of Microsoft Azure Mobile Services and its management portal. It discusses the key features and capabilities of Azure Mobile Services including data storage, user authentication, push notifications, and server-side scripts. It also summarizes the available server-side script objects and modules that can be used to access additional functionality from scripts. Finally, it outlines the REST API operations for querying, inserting, updating and deleting data in Mobile Services tables.
This document provides an overview of ATALIAN's international expansion and operations in 2011. Key points include:
- ATALIAN doubled in size in cleaning services and multi-technique businesses through acquisitions in Central and Eastern Europe, making it a leader in the EU region.
- Acquisitions in Hungary, Romania, Poland, and Croatia rounded out ATALIAN's presence and allowed it to offer multi-service solutions.
- ATALIAN plans to set up offices soon in four new countries: United Kingdom, Serbia, Bosnia-Herzegovina, and Morocco to ensure two new facilities per year.
- Through acquisitions, ATALIAN has leading positions in cleaning,
An exchange student named Antonia Ficova is requesting a certificate of placement from Merve Urkmeyen at Yasar University. Merve tells Antonia she can pick up the certificate but transcripts will be sent directly to her university. Antonia checks her grades online but does not see them. Merve instructs Antonia on how to request her login credentials to view her grades online. They coordinate a time for Antonia to pick up the certificate before she leaves Turkey the following week.
This document describes an experiment with 4 Mayan coins where each coin can land on either side A or S. It lists all possible combinations of the 4 coins and includes a tree diagram showing the different outcomes.
The document contains a table with 16 rows and 4 columns. Each cell contains either an A, S, or is left blank. The table seems to show different combinations of As and Ss in each row across the 4 columns. Below the table is a list of 16 items, each containing either an A, S, or a blank space in different combinations, similar to the patterns in the table.
This document summarizes research being conducted at the Istanbul Cluster in Turkey. The cluster focuses on areas like biological sciences, computer science, and engineering. Specific research includes medical data analysis, telemedicine, biosensors, and predictive systems for early Alzheimer's diagnosis. The cluster involves universities, SMEs, and government organizations conducting e-health research and developing technologies like remote patient monitoring solutions and visual monitoring systems for elderly care facilities. Major SMEs highlighted include software companies developing hospital information systems, mobile health apps, and computer vision technologies.
Оптимальные стратегии в аукционах, конкурсах и запросах котировокontolog125
Optimal strategies for auctions.
Seminar description
Краткая презентация по семинару "Оптимальные стратегии участия в аукционах, конкурсах и запросах котировок".
A technical overview of the WebRTC Data Channel and common problems in its use. These slides accompanied a similar talk that was given in Paris as part of the WebRTC Conference Paris 2014. You can find the complete text of the presentation here: http://viblast.com/blog/2014/12/30/overview-webrtc-data-channel/.
АКАР: Условия проведения тендера на выбор поставщика BTL услугRACA_research
4 декабря 2012 года эксперты Ассоциации коммуникационных агентств России представили рекламным агентствам, крупным рекламодателям и представителям Федеральной Антимонопольной Службы РФ выработанные индустриальные стандарты «Условия проведения тендеров: Медиа, Креатив, BTL».
El documento describe cómo las pruebas de virginidad obligatorias para mujeres siguen ocurriendo en varios países. En Indonesia, las pruebas son obligatorias para reclutas militares y de policía femeninas, así como para novias de militares. Consisten en exámenes vaginales que determinan el estado del himen. También se han propuesto en Sudáfrica y se practicaron en el pasado en Reino Unido e Irán. Grupos defensores de derechos se oponen a la práctica por ser denigrante, traumática y no confiable
Ayselin Yildiz, the director of the European Union Center at Yasar University, sends an email to students in an EU education program with reminders about finalizing learning agreements, choosing courses, and obtaining residence permits. She informs them that the syllabus is attached but presentations will be provided later. She offers to help with any issues and encourages students to contact her or their mentors if needed.
Over the past few years, WebRTC – or web real time communications - has started to gain traction in both business and technology environments. For the first time, companies can enable in-browser or in-application communications – from chat to voice to video to document exchange, directly in the browser, without the need for additional downloads, plugins or other barriers to fast and seamless interactions.
WebRTC is a game-changer when it comes to customer service, providing a seamless experience for the customer at the very time and in the very manner in which they dictate.
This document provides an overview of Java web services, including key concepts like XML-based communication, loose coupling of services, and support for synchronous and asynchronous calls. It also describes major web service technologies like SOAP, WSDL, and UDDI. Additionally, it outlines Java APIs for building, deploying, and consuming web services and provides an example of creating a simple book ordering service.
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
Building an application that can be provisioned and used in multiple Azure AD tenants goes far beyond just flipping a switch in your app configuration. The developer has to undertake application provisioning, decide on a provisioning strategy, push changes to customers, manage identities flowing from multiple tenants, collect essential information from authentication signals, learn to differentiate the different types of users they will encounter and understand the key differences from the B2B scenarios. In this community call, Kalyan Krishnan reviews the steps and considerations required to develop, configure, provision, and manage multi-tenant applications.
For more information, visit https://aka.ms/identityplatform
The document discusses Retrofit, a type-safe HTTP client for Android. It describes how to initialize Retrofit by defining interfaces for APIs, creating a Retrofit instance, and making network calls. It also covers using interceptors to log requests/responses and add authentication headers to requests. Custom interceptors allow controlling the behavior of authentication based on internal request headers.
This document provides an overview of key concepts for developing applications with Symfony2 including: setting up the framework, code flow, dependency injection, configuration, controllers, applications, Doctrine integration, caching, performance tips, asset management, testing, deployment, third party bundles, and resources for contributing to Symfony2. It discusses service definitions, controller choices, application choices, Doctrine examples, caching strategies, performance optimization techniques, testing approaches, deployment options, and how to work with third party bundles.
This talk represents the combined experience from several web development teams who have been using Symfony2 since months already to create high profile production applications. The aim is to give the audience real world advice on how to best leverage Symfony2, the current rough spots and how to work around them. Aside from covering how to implement functionality in Symfony2, this talk will also cover topics such as how to best integrate 3rd party bundles and where to find them as well as how to deploy the code and integrate into the entire server setup.
Spring provides tools for building multi-client web applications, including support for mobile clients and REST APIs. It includes the Spring MVC framework for building web UIs, the RestTemplate for consuming REST services, and tools like Spring Android for building native Android apps that integrate with REST backends. Demos show consuming a Spring REST service from a web UI, Android app, and HTML5 app to demonstrate support for multiple client types from a single backend.
The document describes a Microsoft technical support question and answer regarding configuring session state for an ASP.NET application deployed to a web farm. The question provides details about servers in the web farm and requirements for disconnecting idle sessions after 10 minutes. The correct answer is to configure session state to use the ASP.NET state service by setting the sessionState mode to StateServer and specifying the state server IP and port in the stateConnectionString.
ASP.NET MVC provides separation of concerns, extensibility, and testability advantages compared to other frameworks. It has a learning curve and is more complex. The MVC pattern uses models to manage data and business logic, views for presentation, and controllers to handle user input and response. Model binding maps user input to model properties using value providers and model binders. Data annotations provide validation attributes. Views are rendered using layouts and can pass data and render partial views. Razor syntax combines HTML and C# code in views. Security concerns include XSS and CSRF prevention.
Implement Service Broker with Spring Boot #cf_tokyoToshiaki Maki
This document discusses implementing a service broker with Spring Boot to provide services to applications running on Cloud Foundry. It provides an overview of service brokers and their APIs in Cloud Foundry. It then demonstrates how to build a sample fake service broker using Spring Boot and the Spring Cloud CloudFoundry Service Broker library by implementing the broker APIs and services. The broker is deployed locally to PCF Dev and services are created and bound to applications.
Learn how to get the best out of Camunda Tasklist, an HTML 5 application for human workflow management. You will also hear how to benefit from the Camunda Javascript forms SDK in your very own frontend applications.
CyberLab Training Division :
ASP.NET is a web application framework developed and marketed by Microsoft to allow programmers to build dynamic web sites. It allows you to use a full featured programming language such as C# or VB.NET to build web applications easily.
This tutorial covers all the basic elements of ASP.NET that a beginner would require to get started.
Audience
This tutorial has been prepared for the beginners to help them understand basic ASP.NET programming. After completing this tutorial you will find yourself at a moderate level of expertise in ASP.NET programming from where you can take yourself to next levels.
Prerequisites
Before proceeding with this tutorial, you should have a basic understanding of .NET programming language. As we are going to develop web-based applications using ASP.NET web application framework, it will be good if you have an understanding of other web technologies such as HTML, CSS, AJAX. etc
ASP.NET supports three different development models:
Web Pages, MVC (Model View Controller), and Web Forms.
For More Details.
Visit: http://www.cyberlabzone.com
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMwareHostedbyConfluent
Spring Cloud Stream is a framework built on top of the foundations of Spring Boot, the foremost JVM framework for developing microservice applications. It brings the familiar patterns and philosophies that Spring has championed for years through its programming model by allowing developers to focus primarily on the business logic of their applications. Kafka Streams is a powerful stream processing library built on top of Apache Kafka and attracts many developers because of its simplicity and deployment models as microservice applications. By developing Kafka Streams applications using Spring Cloud Stream, application developers get the best of both worlds - simpler stream processing execution models of Kafka Streams and battle-tested microservices foundations of Spring Boot via Spring Cloud Stream. This talk will explore: The integration points and various capabilities of Spring Cloud Stream touchpoints with Kafka Streams How to build event streaming applications using Spring’s programming model built on top of Kafka Streams, including a demo of a stateful application using Kafka Streams and Spring Cloud Stream’s functional support How to use interactive queries to expose materialized views from the state stores in the application How this Kafka Streams application can run as part of a data pipeline using Spring Cloud Data Flow in Kubernetes
This document provides an overview of Vaadin, an open-source web application framework that allows developers to build rich web applications using pure Java code. Key points covered include: Vaadin uses a client-server architecture with a Java backend and GWT frontend; the app lifecycle and how UI instances are managed; common patterns for structuring apps using views and navigation; building responsive layouts; server push for real-time updates; data binding between fields and data models; and how to get started with Vaadin.
CGI allows a web server to interface with external applications to dynamically generate web pages. It uses environment variables and form data passed via GET or POST requests to run scripts or programs that process input and return output to the server. While CGI provides interactivity, it can be slow and has security issues. Server-side includes and client-side scripting offer alternatives for dynamic content generation.
The document discusses developing custom ASP.NET AJAX client components and server controls. It covers the key steps which are:
1) Developing the reusable client component code using the ASP.NET AJAX prototype model.
2) Creating an associated server control that emits the required JavaScript to register and initialize the client component.
3) Wiring up the server control to load and instantiate the client component code.
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB
Serverless development with MongoDB Stitch allows developers to build applications without managing infrastructure. Stitch provides four main services - QueryAnywhere for data access, Functions for server-side logic, Triggers for real-time notifications, and Mobile Sync for offline data synchronization. These services integrate with MongoDB and other data sources through a unified API, and apply access controls and filters to queries. Functions can be used to build applications or enable data services, and are integrated with application context including user information, services, and values. This allows developers to write code without dealing with deployment or scaling.
This document discusses various techniques for managing state in ASP.NET applications, including client-side and server-side options. On the client side, it covers view state, control state, hidden fields, cookies, and query strings. On the server side, it discusses application state, session state, and profile properties. For each technique, it provides code samples and recommendations on when to use each option based on factors like security, performance, and data persistence. It aims to help developers choose the best state management approach for different situations.
“Program to an interface, not an implementation” they[1] say …
But when IMyInterface foo = new IMyInterface() is not valid code … how are you supposed to achieve that ? The answer is Dependency Injection.
In this talk, we’ll talk about Dependency injection, what it is and what it is not. We’ll see how it is a valuable set of practices and patterns that help design maintainable software built on top of the SOLID object-oriented principles.
We’ll see how, when used properly, it delivers many benefits such as extensibility and testability … We’ll also cover some anti-patterns, ways of using Dependency Injection that can lead to code that is painful to understand and maintain
This talk is not about DI/IOC containers per se, but focuses on the core concepts of Dependency Injection. Those concepts are essential to understand how to use those “magic-looking” tools (if they are needed at all …)
This talk is not only for .NET developers. It will contain code examples written in C#, but should be understandable by developers with knowledge in other statically-typed object-oriented languages such as Java, Vb.NET, C++ …
GAC Java Presentation_Server Side Include_Cookies_Filters 2022.pptCUO VEERANAN VEERANAN
This document provides information about Server Side Includes (SSI) and how they allow embedding instructions inside HTML documents to add dynamic content. SSI uses special tags and the file must have a .shtml extension. It discusses how servlets can also be used to add dynamic content. The document then covers Server Side Include tags and provides an example. It also discusses cookies, how they work, and some cookie methods. Finally, it summarizes what filters are, their benefits, types, how to program them, and how they are registered and mapped to servlets.
Similar to Jasigsakai12 columbia-customizes-cas (20)
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
UiPath Test Automation using UiPath Test Suite series, part 5
Jasigsakai12 columbia-customizes-cas
1. Dan Ellentuck, Columbia University
Bill Thompson, Unicon Inc.
June 10-15, 2012
Growing Community;
Growing Possibilities
2. Reasons to Choose CAS:
Google Apps SSO
SAML Support
Vendor Support
Community Support
Tie-in with other open source tools and products, e.g.,
Sakai
Complicating Factors:
Pre-existing local web auth system
Active, diverse client base
Question:
How can legacy system be migrated to CAS?
3. CAS support for Google Apps SSO
Migrating a pre-existing web auth system to
CAS
CAS customizations and enhancements:
• Adding support for a new protocol
• Plugging in a custom service registry
• Enabling per-service UI tweaks
• Changing some basic login behavior
4. Google Apps SSO is based on SAML 2. See:
https://developers.google.com/google-
apps/sso/saml_reference_implementation
Step-by-step instructions on configuring CAS for Google
Apps sso:
https://wiki.jasig.org/pages/viewpage.action?pageId=60634
84
Works OOTB.
5. Sibling of CAS, called “WIND”.
Cookie-based SSO.
No generic login.
Per-service UI customization and opt-in SSO.
Similar APIs with different request param names:
CAS:
/login?service=https://MY-APPLICATION-PATH
/logout
/serviceValidate?service=https://APPLICATION-PATH&ticket=SERVICE-TICKET
WIND:
/login?destination=https://MY-APPLICATION-PATH
/logout
/validate?ticketid=SERVICE-TICKET
7. Service registry with maintenance UI
Service attributes for UI customization, multiple destinations,
attribute release, application contacts, etc.
SERVICE DESTINATION
SERVICE_LABEL
SERVICE_LABEL
DESTINATION
SINGLE_SIGN_ON (T/F)
PROXY_GRANTING (T/F)
RETURN_XML (T/F) SERVICE_CONTACT
ID_FORMAT
DESCRIPTION SERVICE_LABEL
HELP_URI (for customizing UI) EMAIL_ADDRESS
IMAGE_PATH(for customizing UI ) CONTACT_TYPE
HELP_LABEL(for customizing UI)
AFFILIATION
SERVICE_LABEL
AFFILIATION (like ATTRIBUTE)
8. Collaboration between Columbia and Unicon.
Tasks:
◦ Plug legacy service registry into CAS.
◦ Add legacy authentication protocol to CAS.
◦ Port login UI customizations to CAS.
◦ Change some login behavior (eliminate generic login.)
New service registrations must use CAS protocol.
Existing clients can use either legacy or CAS protocols
during transition.
9. • Java
• View technologies (JSP, CSS, etc.)
• Maven (dependencies; overlays)
• Spring configuration (CAS set up)
• Spring Web Flow (SWF)
• App server/web server (tomcat/apache)
10. Service Registry is obvious extension point.
Advantages to plugging in local service
registry:
◦ Retain extended service attributes and functions
◦ Remove migration headache
◦ Can continue to use legacy maintenance UI
11. Step 1: Write a CAS RegisteredService adaptor, part 1.
Write an interface that extends CAS RegisteredService with
any extra attributes in the custom service registry.
public interface WindRegisteredService extends RegisteredService {
/**
* Returns a display label for the help link. Can be null.
* Ignored if getHelpUri() is null.
* @return String
*/
String getHelpLabel();
/**
* Returns a help URI. Can be null.
* @return String
*/
String getHelpUri();
...etc.
}
12. Step 2: Write a CAS RegisteredService adaptor, part 2. Write a
RegisteredService implementation that adapts an instance of the
custom service to the extended RegisteredService interface.
public class WindRegisteredServiceImpl implements WindRegisteredService,
Comparable<RegisteredService> {
public boolean matches(Service targetService) {
if (!isEnabled() || targetService == null ||
targetService.getId() == null || targetService.getId().isEmpty())
return false;
for (String registeredDestination :
List<String>) getWindService().getAllowed_destinations()) {
String target = targetService.getId().substring(0,
registeredDestination.length());
if (registeredDestination.equalsIgnoreCase(target))
return true;
}
return false;
}
...
}
13. Step 3: Implement a CAS ServicesManager (maps incoming
Service URL of a request with the matching CAS
RegisteredService.)
public class ReadOnlyWindServicesManagerImpl implements ReloadableServicesManager
{
...
public RegisteredService findServiceBy(Service targetService) {
edu.columbia.acis.rad.wind.model.Service windService =
findWindService(targetService);
return ( windService != null )
? getRegisteredServicesByName().get(windService.getLabel())
: null;
}
public RegisteredService findServiceBy(long id) {
return getRegisteredServicesById().get(id);
}
...
}
14. Step 4: Write Spring bean definitions for the new
ServicesManager.
applicationContext.xml
<!–
Default servicesManager bean definition replaced by custom servicesManager
<bean
id="servicesManager"
class="org.jasig.cas.services.DefaultServicesManagerImpl">
<constructor-arg index="0" ref="serviceRegistryDao"/>
</bean>
-->
<bean
id="servicesManager"
class="edu.columbia.acis.rad.wind.cas.ReadOnlyWindServicesManagerImpl">
<constructor-arg index=“0” ref =“wind-ServicesCollection"/>
</bean>
...etc.
15. Result…
Additional service attributes and functions are
available to CAS
Custom maintenance UI can be used
Service registry uses custom logic to match
Service URL of incoming request with appropriate
registered service.
Easy migration
16. CAS is multi-protocol
Wind and CAS protocols are similar but not
identical
Different servlet API and validation response
formats
Advantages to adding legacy protocol to CAS:
◦ Single authentication service
◦ Single SSO domain
◦ Easy migration from legacy system
17. Step 1: Implement the CAS Service interface for the new
protocol by subclassing abstractWebApplicationService:
public class WindService extends AbstractWebApplicationService {
private static final String DESTINATION_PARAM = "destination";
private static final String SERVICE_PARAM = "service";
private static final String TICKET_PARAM = "ticketid";
...
// Create a Service instance from the request:
public static WindService from(HttpServletRequest request, HttpClient httpClient)
{
String origUrl = request.getParameter(DESTINATION_PARAM);
...
new WindService(origUrl, origUrl, /*artifactId not used*/ null, httpClient);
}
18. Step 2: Write an ArgumentExtractor class to retrieve values
of protocol-specific request parameters and return
instances of the Service class created in Step 1:
public class WindArgumentExtractor extends AbstractSingleSignOutEnabledArgumentExtractor
{
private static final String TICKET_PARAM = "ticketid";
...
protected WebApplicationService extractServiceInternal
( HttpServletRequest request)
//Coming in from validation request
if ("/validate".equals(request.getServletPath())) {
String ticketId = request.getParameter(TICKET_PARAM);
ServiceTicket st = (ServiceTicket)
this.ticketRegistry.getTicket(ticketId, ServiceTicket.class);
WindService ws = st != null ? (WindService) st.getService() : null;
...
return WindService.from(ticketId, ws., getHttpClientIfSingleSignOutEnabled());
19. Step 3: In web.xml, map the servlet path for the
protocol’s version of the service ticket validation
request to the cas servlet:
<servlet>
<servlet-name>cas</servlet-name>
<servlet-class>
org.jasig.cas.web.init.SafeDispatcherServlet
</servlet-class>
<init-param>
<param-name>publishContext</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
...
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/validate</url-pattern>
</servlet-mapping>
...
20. Step 4: Write a view class to format the service ticket
validation response:
class WindResponseView extends AbstractCasView {
....
private buildSuccessXmlResponse(Assertion assertion) {
def auth = assertion.chainedAuthentications[0]
def principalId = auth.principal.id
def xmlOutput = new StreamingMarkupBuilder()
xmlOutput.bind {
mkp.declareNamespace('wind': WIND_XML_NAMESPACE)
wind.serviceResponse {
wind.authenticationSuccess {
wind.user(principalId)
wind.passwordtyped(assertion.fromNewLogin)
wind.logintime(auth.authenticatedDate.time)
...etc.
}
}
}.toString()
}
21. Step 5: Define and wire up beans for the various
protocol operations:
argumentExtractorsConfiguration.xml
defines ArgumentExtractor classes for the various supported protocols:
<bean id="windArgumentExtractor"
class="edu.columbia.cas.wind.WindArgumentExtractor"
p:httpClient-ref="httpClient"
p:disableSingleSignOut="true">
<constructor-arg index="0" ref="ticketRegistry"/>
</bean>
uniqueIdGenerators.xml
protocol is mapped to uniqueID generator for service tickets via Service class:
<util:map id=“uniqueIdGeneratorsMap”>
<entry key=“edu.columbia.cas.wind.WindService”
value-ref=“serviceTicketUniqueIdGenerator” />
...etc.
</util:map>
22. Step 5: Define and wire up beans for the various protocol
operations (cont’d):
cas-servlet.xml
bean definitions made available to the web flow:
<prop
key=“/validate”>
windValidateController
</prop
...
<bean id=“windValidateController”
class=“org.jasig.cas.web.ServiceValidateController”
p:proxyHandler-ref=“proxy20Handler”
p:successView=“windServiceSuccessView”
p:failureView=“windServiceFailureView”
p:validationSpecificationClass=
“org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification”
p:centralAuthenticationService-ref=“centralAuthenticationService”
p:argumentExtractor-ref=“windArgumentExtractor”/>
...etc.
24. Result…
CAS will detect a request in the new protocol;
Extract appropriate request parameters;
Respond in the appropriate format.
Legacy clients continue to use usual auth protocol
until ready to migrate.
Single server/SSO realm.
25. Adding local images and content to the CAS login UI is a
common implementation step.
CAS lets each RegisteredService have its own style sheet (high
effort.)
Legacy auth service allows per-service tweaks to the login UI
(low effort):
• Custom logo
• Help link and help label
• Choice of displaying institutional links
• Popular with clients
26. Prerequisite:
◦ Must have service-specific attributes that control
the customization.
◦ Extend service registry with custom UI elements; or
◦ Plug in custom service registry (see above.)
27. Step 1: Write a Spring Web Flow Action class to map the
incoming Service to a RegisteredService and make the
RegisteredService available in the web flow context.
Public class ServiceUiElementsResolverAction extends AbstractAction {
...
protected Event doExecute(RequestContext requestContext) throws Exception {
// get the Service from requestContext.
Service service = (Service) requestContext.getFlowScope().get("service",
Service.class);
...
// get the RegisteredService for this request from the ServicesManager.
WindRegisteredService registeredService = (WindRegisteredService)
this.servicesManager.findServiceBy(service);
...
// make RegisteredService available to the view.
requestContext.getRequestScope().put("registeredService",
registeredService);
...
}
...
}
28. Step 2: Define a bean for the Action class in cas-
servlet.xml, to make the class available to the login web
flow:
cas-servlet.xml
...
<bean id="uiElementsResolverAction“
class="edu.columbia.cas.wind.ServiceUiElementsResolverAction">
<constructor-arg index="0" ref=“servicesManager"/>
</bean>
29. Step 3: Make the RegisteredService available to the web flow by
doing our Action in the login web flow just before the login UI is
rendered:
Login-webflow.xml
...
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credentials'" />
<!– Make RegisteredService available in web flow context -->
<evaluate expression="uiElementsResolverAction"/>
</on-entry>
<transition on="submit" bind="true" validate="true" to="realSubmit">
<evaluate expression="authenticationViaFormAction.doBind
(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
30. Step 4: In the login view, refer to RegisteredService
attributes when customizing the UI markup:
casLoginView.jsp
...
<!-- Derive the path to the logo image from the registered service. -->
<c:set var="imagePath" value =
"${!empty registeredService.imagePath
? registeredService.imagePath : defaultImagePath}"/>
...
<!-- display the custom logo -->
<img src="<c:url value="${imagePath}" />" alt="${registeredService.name}"
/>
...
31. Result…
◦ Vanilla login page
◦ Login page with default logo, institutional links
◦ Login page with custom logo
◦ Login page with another custom logo and help link
32. CAS allows a login without a service, a generic
login, which creates a ticket granting ticket but no
service ticket.
Generic login permitted
Legacy auth service assumes client is always trying
to log into something. Treats a generic login as an
error. We want to preserve this behavior.
33. Step 1: Write a Spring Web Flow Action that checks if
the login request has a known service destination and
returns success/error.
public class CheckForRegisteredServiceAction extends AbstractAction {
ServicesManager servicesManager;
protected Event doExecute(RequestContext requestContext)
throws Exception
{
Service service = (Service)
requestContext.getFlowScope().get("service", Service.class);
RegisteredService registeredService = null;
if(service != null) {
registeredService = this.servicesManager.findServiceBy(service);
}
return ( registeredService==null ) ? error() : success();
}
}
34. Step 2: Make the class available to the login web
flow by defining a bean in cas-servlet.xml:
cas-servlet.xml
...
<bean id="checkForRegisteredServiceAction“
class="edu.columbia.cas.wind.CheckForRegisteredServiceAction"
>
<constructor-arg index="0" ref="servicesManager"/>
</bean>
...
35. Step 3: In the login web flow add an action-state to check
that the request has a service parameter, and it corresponds
to a RegisteredService.
login-webflow.xml
...
<!-- validate the request: non-null service with corresponding
RegisteredService -->
<decision-state id="hasServiceCheck">
<if test="flowScope.service != null" then="hasRegisteredServiceCheck“
else="viewServiceErrorView" />
</decision-state>
<!-- Is there a corresponding RegisteredService? -->
<action-state id="hasRegisteredServiceCheck">
<evaluate expression="checkForRegisteredServiceAction"/>
<transition on="success" to="ticketGrantingTicketExistsCheck" />
<transition on="error" to="viewServiceErrorView" />
</action-state>
36. Result…
◦ CAS will now assume client is always trying to log
into something and treat a request without a known
service destination as an error.
◦ Users will not see login UI less they arrive with a
registered service.
◦ Generic login not permitted
37. Tasks accomplished:
◦ Support Google Apps SSO
◦ Plug legacy service registry into CAS
◦ Add legacy authentication protocol to CAS
◦ Port login UI customizations to CAS
◦ Eliminate generic login
38.
39. Dan Ellentuck, Columbia University
de3@columbia.edu
Bill Thompson, Unicon Inc.
wgthom@unicon.net