Re: [Bodington-developers] Testing SP : groups-xml-mapper-policy

[Atif S. <BM...@bm...>]

Alistair Young wrote:

>can you explain how the sp works Atif? I've done all that now but how do I
>actually log in using shibboleth? Is there a special shibboleth login page
>in bod now?
>
>  
>
There is no special shibboleth login page. Because of the following
filter mapping in web.xml

<filter-mapping>
    <filter-name>Guanxi Resource Guard</filter-name>
         <url-pattern>/site/*</url-pattern>
</filter-mapping>

The entire bodington is protected.

Lets say a user comes along and hits the following url:
www.myserver.com/bodingtion/site/buidling3/room7/resource10

Then shib kicks off does it's thing, once the sp guard is happy THAT the
shib was successful IT will add the attributes to the request object
headers. Then it will allow the request through.

Once the request is allowed through by the sp guard
org.bodington.servlet.BuildingServlet will kick into action BECAUSE it
too is mapped onto the same url as the guard filter
i.e. : /site/*

BuildingServlet will create a New instance of
org.bodington.servlet.Request which will check if a bodington session
exists. If a bodington session does not exists THEN a New instance of
org.bodington.server.realm.sp.SPAuthenticator is create.

org.bodington.server.realm.sp.SPAuthenticator will do the following:
* Creates a user account if the user doesn't have a account already
* Maps the idp group to 'local bodington' group THEN adds the user to
the mapped groups.
* Creates a bodington session and associated with the user account.

Lets say an another user comes along and hits the following url:
www.myserver.com/bodingtion/site/buidling45/roomZZZ/

The same thing will happan for this url as what was described above for
the following url:
www.myserver.com/bodingtion/site/buidling3/room7/resource10

Ta
Atif.