I’ll skip the background, but what this post explains is how I secure individual document pages using phpCAS within a Jadu galaxy site.
If you want the quick overview – you can watch the video here –
If you want the details on how I did this, keep reading.
** DISCLAIMER **
Doing this could make upgrades difficult, so you’re on your own if you do this.
Out of the box, you can password protect a document page, and that’s great if you have a way to disseminate that password securely. We already have CAS setup here and have many CAS enabled applications, so what better way to secure something than use what we have in place.
The idea here is to allow a non-technical user to be able to secure a document page (ie a policy or other non-public information) without having to contact the CMS admin, or worse, the network admin. Jadu has a number of Advanced Metadata tags that can be used for this purpose (screenshot to the right). If you take a look, you can see there are many to choose from. Source, Status and Coverage seem to be two good possible candidates, so I choose Status, and allow any document page to be publicly displayed, unless it has the word ‘secure’ in the Source tag of the Advanced Metadata screen.
How do I make that happen?
The first thing I did was install (and configure) phpCAS on the Jadu server. Since we had this installed already on one of our other php servers, I simply copied the CAS.php and CAS directory to the Jadu server and placed it in /home/jadu/jadu/custom/ <– this is the custom directory where all the class files are (in a 1.12 install it will be /var/www/jadu/jadu/custom)
Here is the notation I’ll use below so you can follow along:
GALAXY_HOME : /home/jadu/microsites (this is the parent home for all galaxy sites)
HOME_19 : GALAXY_HOME/ms_jadu_19 (this is the home directory for the site we’re securing)
Once those files were in place, I determined which folder controlled my galaxy site and actually the files that control the galaxy site are located in HOME_19/public_html/site/scripts. Once I was there I noticed they’re all dummy files that require the “real” files back in /GALAXY_HOME/public_html/sites/scripts
To customize a galaxy site, you have to copy whatever files you need to from /GALAXY_HOME/public_html/sites/scripts to HOME_19/public_html/site/scripts
** DISCLAIMER **
Doing this could make upgrades difficult, so you’re on your own if you do this.
I copied 1 file : …/scripts/documents_info.php This file controls the display of a document page. I knew I needed to access the advanced metadata for the document. It is obviously being displayed on the page, because its there when I view source. However, the function that is getting called, isn’t setting those tag variables, it actually prints that block of html code, so I couldn’t just reference the STATUS tag in documents_info.php.
I knew I had to pop to the CAS login at the top of the page, not half way down after the page started rendering, so I copied a line of code out of JaduMetadata.php and placed it near the top right under that include_once line –
include_once("JaduMetadata.php");
// NEW SECURE CAS CHECK USING METADATA->COVERAGE list($metadata, $taxonomyString, $mappingString, $bespokeString) = getAllMetadata(DOCUMENTS_METADATA_TABLE, DOCUMENTS_CATEGORIES_TABLE, $_GET['documentID']);
What this line does is set up a $metadata variable that I can access from documents_info.php
So I then check that status with this –
if ($metadata->status == "secure") {
Then if it matches I include all of my CAS code –
require_once('custom/CAS.php');
phpCAS::client(CAS_VERSION_2_0, 'sso.messiah.edu', 443, '/cas/',false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests(false);
phpCAS::forceAuthentication();
$logout_url = "https://sso.messiah.edu/cas/logout";
$_SERVER['REMOTE_USER'] = strtolower(phpCAS::getUser());
}
// ------ END SECURE PAGE CHECK ------
With CAS, the userid is stored and I wanted to display that on the page, so further down the page in teh breadcrumb area I placed this –
<?php if ($_SERVER['REMOTE_USER']) {
print "Hi " . strtoUpper($_SERVER['REMOTE_USER']) . " ";
}
?>
That’s it.