Share project "authenticator"

authenticator/.classpath

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+	<classpathentry kind="lib" path="lib/cas-server-core-3.4.2.1.jar"/>
+	<classpathentry kind="lib" path="lib/commons-codec-1.4.jar"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>

authenticator/.project

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>authenticator</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>

authenticator/.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,12 @@
+#Tue Sep 07 14:25:06 CEST 2010
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.6

authenticator/.settings/org.eclipse.jst.jsp.core.prefs

@@ -0,0 +1,30 @@
+#Tue Sep 07 16:36:06 CEST 2010
+eclipse.preferences.version=1
+validateFragments=false
+validation.actions-missing-required-attribute=-1
+validation.actions-non-empty-inline-tag=-1
+validation.actions-unexpected-rtexprvalue=-1
+validation.actions-unknown-attribute=-1
+validation.directive-include-fragment-file-not-found=-1
+validation.directive-include-fragment-file-not-specified=-1
+validation.directive-taglib-duplicate-prefixes-different-uris=-1
+validation.directive-taglib-duplicate-prefixes-same-uris=-1
+validation.directive-taglib-missing-prefix=-1
+validation.directive-taglib-missing-uri-or-tagdir=-1
+validation.directive-taglib-unresolvable-uri-or-tagdir=-1
+validation.el-general-syntax=-1
+validation.el-lexical-failure=-1
+validation.java-=-1
+validation.java-local-variable-is-never-used=-1
+validation.java-null-local-variable-reference=-1
+validation.java-potential-null-local-variable-reference=-1
+validation.java-unused-import=-1
+validation.translation-tag-class-not-found=-1
+validation.translation-tei-class-not-found=-1
+validation.translation-tei-class-not-instantiated=-1
+validation.translation-tei-class-runtime-exception=-1
+validation.translation-tei-message=-1
+validation.translation-usebean-ambiguous-type-info=-1
+validation.translation-usebean-invalid-id=-1
+validation.translation-usebean-missing-type-info=-1
+validation.use-project-settings=true

authenticator/.settings/org.eclipse.wst.validation.prefs

@@ -0,0 +1,18 @@
+#Tue Sep 07 16:37:46 CEST 2010
+DELEGATES_PREFERENCE=delegateValidatorList
+USER_BUILD_PREFERENCE=enabledBuildValidatorList
+USER_MANUAL_PREFERENCE=enabledManualValidatorList
+USER_PREFERENCE=overrideGlobalPreferencestruedisableAllValidationtrueversion1.2.200.v201005271900
+eclipse.preferences.version=1
+override=true
+suspend=true
+vals/org.eclipse.jst.jsp.core.JSPBatchValidator/global=FF01
+vals/org.eclipse.jst.jsp.core.JSPContentValidator/global=FF01
+vals/org.eclipse.jst.jsp.core.TLDValidator/global=FF01
+vals/org.eclipse.wst.dtd.core.dtdDTDValidator/global=FF01
+vals/org.eclipse.wst.html.ui.HTMLValidator/global=FF01
+vals/org.eclipse.wst.wsdl.validation.wsdl/global=FF02158org.eclipse.wst.wsdl.validation.internal.eclipse.Validator
+vals/org.eclipse.wst.xml.core.xml/global=FF03
+vals/org.eclipse.wst.xsd.core.xsd/global=FF02162org.eclipse.wst.xsd.core.internal.validation.eclipse.Validator
+vals/org.eclipse.wst.xsl.core.xsl/global=FF02
+vf.version=3

authenticator/.settings/org.eclipse.wst.xsl.core.prefs

@@ -0,0 +1,12 @@
+#Tue Sep 07 16:36:08 CEST 2010
+CHECK_CALL_TEMPLATES=2
+CHECK_XPATHS=2
+CIRCULAR_REF=2
+DUPLICATE_PARAMETER=2
+EMPTY_PARAM=1
+MISSING_INCLUDE=2
+MISSING_PARAM=1
+NAME_ATTRIBUTE_EMPTY=2
+NAME_ATTRIBUTE_MISSING=2
+TEMPLATE_CONFLICT=2
+eclipse.preferences.version=1

authenticator/build.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project name="authenticator" default="default" basedir=".">
+	
+	<property file="${user.home}/.ant.hsar.properties" />
+	<property name="lib.home" value="${basedir}/lib" />
+	<property name="src.home" value="${basedir}/src" />
+	<property name="war.home" value="${basedir}/webapp" />
+	<property name="cls.home" value="${war.home}/WEB-INF/classes" />
+	<property name="compile.debug" value="true" />
+
+	<path id="compile.classpath">
+		<fileset dir="lib">
+			<include name="*.jar" />
+		</fileset>
+	</path>
+
+	<target name="default" depends="compile" description="Patch WAR File">
+        <echo message="target war: ${cas.openedwar}"/>
+		<copy todir="${cas.openedwar}">
+			<fileset dir="${war.home}"/>
+		</copy>
+    </target>
+
+    <target name="compile" description="Compile Authenticator">
+    	<javac srcdir="${src.home}" destdir="${cls.home}" debug="${compile.debug}">
+			<classpath refid="compile.classpath" />
+    	</javac>
+    </target>
+	
+	<target name="clean" description="Remove compiled classes">
+        <delete dir="${cls.home}/de"/>
+    </target>
+
+</project>

authenticator/src/de/hsadmin/cas/SmtpAuthenticator.java

@@ -0,0 +1,143 @@
+package de.hsadmin.cas;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.codec.binary.Base64;
+import org.jasig.cas.authentication.handler.AuthenticationException;
+import org.jasig.cas.authentication.handler.AuthenticationHandler;
+import org.jasig.cas.authentication.principal.Credentials;
+import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
+
+public class SmtpAuthenticator implements AuthenticationHandler {
+
+	private static final int SMTPS_PORT = 465;
+
+	public boolean authenticate(Credentials creds)
+			throws AuthenticationException {
+		UsernamePasswordCredentials ucreds = (UsernamePasswordCredentials) creds;
+		try {
+			return isAuthenticated(ucreds.getUsername(), ucreds.getPassword());
+		} catch (SmtpAuthException e) {
+			return false;
+		}
+	}
+
+	public boolean supports(Credentials creds) {
+		return creds instanceof UsernamePasswordCredentials;
+	}
+
+	public boolean isAuthenticated(String user, String passwd)
+			throws SmtpAuthException {
+		boolean isAuth = false;
+		Socket socket = null;
+		try {
+			SSLContext sc = SSLContext.getInstance("SSLv3");
+			sc.init(null, null, null);
+			SSLSocketFactory ssf = sc.getSocketFactory();
+			if ( user == null || user.length() < 2 || user.length() == 4 ) {
+				return false;
+			}
+			if (user.indexOf('@') > 0) {
+				return false;
+			}
+			try {
+				if (user.length() == 2) {
+					user = "hsh01-" + user;
+				}
+				if (user.length() == 3) {
+					user = "hsh00-" + user;
+				}
+				socket = ssf.createSocket(user.substring(0, 5)
+						+ ".hostsharing.net", SMTPS_PORT);
+			} catch (StringIndexOutOfBoundsException e) {
+				return false;
+			}
+			Writer out = new OutputStreamWriter(socket.getOutputStream(),
+					"ISO-8859-1");
+			BufferedReader sin = new BufferedReader(new InputStreamReader(
+					socket.getInputStream(), "ISO-8859-1"));
+			write(out, "EHLO login.hostsharing.net\r\n");
+			String answer = read(sin, "220 ");
+			answer = read(sin, "250-");
+			StringBuffer userPasswd = new StringBuffer();
+			userPasswd.append('\000');
+			userPasswd.append(user);
+			userPasswd.append('\000');
+			userPasswd.append(passwd);
+			write(out, "AUTH PLAIN "
+					+ new String(Base64.encodeBase64(userPasswd.toString().getBytes())) + "\r\n");
+			answer = read(sin, "000");
+			isAuth = answer.startsWith("235");
+			write(out, "QUIT\r\n");
+		} catch (NoSuchAlgorithmException e) {
+			throw new SmtpAuthException(e.getMessage());
+		} catch (KeyManagementException e) {
+			throw new SmtpAuthException(e.getMessage());
+		} catch (UnknownHostException e) {
+			throw new SmtpAuthException(e.getMessage());
+		} catch (IOException e) {
+			throw new SmtpAuthException(e.getMessage());
+		} finally {
+			if (socket != null) {
+				try {
+					socket.close();
+				} catch (IOException e) {
+				}
+			}
+		}
+		return isAuth;
+	}
+
+	private void write(Writer wr, String line) {
+		try {
+			wr.write(line);
+			wr.flush();
+		} catch (IOException e) {
+		}
+	}
+
+	private String read(BufferedReader rd, String returnCode) {
+		try {
+			String line = rd.readLine();
+			while (line != null && line.startsWith(returnCode)) {
+				line = rd.readLine();
+			}
+			return line;
+		} catch (IOException e) {
+		}
+		return "";
+	}
+
+	public class SmtpAuthException extends Exception {
+
+		private static final long serialVersionUID = 2394310295147904537L;
+
+		public SmtpAuthException(String message) {
+			super(message);
+		}
+	}
+
+	public static void main(String[] args) {
+		SmtpAuthenticator auth = new SmtpAuthenticator();
+		try {
+			if (auth.isAuthenticated(args[0], args[1])) {
+				System.out.println("Login " + args[0] + " Ok");
+			} else {
+				System.out.println("Falsches Login");
+			}
+		} catch (SmtpAuthException e) {
+			System.out.println(e.getMessage());
+		}
+	}
+}

authenticator/webapp/WEB-INF/cas.properties

@@ -0,0 +1,11 @@
+cas.securityContext.serviceProperties.service=http://login.hostsharing.net/cas/services/j_acegi_cas_security_check
+# Names of roles allowed to access the CAS service manager
+cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
+cas.securityContext.casProcessingFilterEntryPoint.loginUrl=http://login.hostsharing.net/cas/login
+cas.securityContext.ticketValidator.casServerUrlPrefix=http://login.hostsharing.net/cas
+cas.themeResolver.defaultThemeName=hostsharing
+cas.viewResolver.basename=hostsharing_views
+host.name=login.hostsharing.net
+#database.hibernate.dialect=org.hibernate.dialect.OracleDialect
+#database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
+database.hibernate.dialect=org.hibernate.dialect.HSQLDialect

authenticator/webapp/WEB-INF/classes/hostsharing.properties

@@ -0,0 +1,2 @@
+mobile.custom.css.file=css/default-mobile-custom.css
+standard.custom.css.file=themes/hostsharing/cas.css

authenticator/webapp/WEB-INF/classes/hostsharing_views.properties

@@ -0,0 +1,38 @@
+### Login view (/login)
+casLoginView.(class)=org.springframework.web.servlet.view.JstlView
+casLoginView.url=/WEB-INF/view/jsp/hostsharing/ui/casLoginView.jsp
+
+### Login confirmation view (logged in, warn=true)
+casLoginConfirmView.(class)=org.springframework.web.servlet.view.JstlView
+casLoginConfirmView.url=/WEB-INF/view/jsp/hostsharing/ui/casConfirmView.jsp
+
+### Logged-in view (logged in, no service provided)
+casLoginGenericSuccessView.(class)=org.springframework.web.servlet.view.JstlView
+casLoginGenericSuccessView.url=/WEB-INF/view/jsp/hostsharing/ui/casGenericSuccess.jsp
+
+### Logout view	(/logout)
+casLogoutView.(class)=org.springframework.web.servlet.view.JstlView
+casLogoutView.url=/WEB-INF/view/jsp/hostsharing/ui/casLogoutView.jsp
+
+### CAS error view
+viewServiceErrorView.(class)=org.springframework.web.servlet.view.JstlView
+viewServiceErrorView.url=/WEB-INF/view/jsp/hostsharing/ui/serviceErrorView.jsp
+
+viewServiceSsoErrorView.(class)=org.springframework.web.servlet.view.JstlView
+viewServiceSsoErrorView.url=/WEB-INF/view/jsp/hostsharing/ui/serviceErrorSsoView.jsp
+
+### Services Management Views
+addServiceView.(class)=org.springframework.web.servlet.view.JstlView
+addServiceView.url=/WEB-INF/view/jsp/services/add.jsp
+
+editServiceView.(class)=org.springframework.web.servlet.view.JstlView
+editServiceView.url=/WEB-INF/view/jsp/services/add.jsp
+
+manageServiceView.(class)=org.springframework.web.servlet.view.JstlView
+manageServiceView.url=/WEB-INF/view/jsp/services/manage.jsp
+
+serviceLogoutView.(class)=org.springframework.web.servlet.view.JstlView
+serviceLogoutView.url=/WEB-INF/view/jsp/services/logout.jsp
+
+viewStatisticsView.(class)=org.springframework.web.servlet.view.JstlView
+viewStatisticsView.url=/WEB-INF/view/jsp/services/viewStatistics.jsp

authenticator/webapp/WEB-INF/deployerConfigContext.xml

@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+	| deployerConfigContext.xml centralizes into one file some of the declarative configuration that
+	| all CAS deployers will need to modify.
+	|
+	| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.  
+	| The beans declared in this file are instantiated at context initialization time by the Spring 
+	| ContextLoaderListener declared in web.xml.  It finds this file because this
+	| file is among those declared in the context parameter "contextConfigLocation".
+	|
+	| By far the most common change you will need to make in this file is to change the last bean
+	| declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
+	| one implementing your approach for authenticating usernames and passwords.
+	+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:sec="http://www.springframework.org/schema/security"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+	<!--
+		| This bean declares our AuthenticationManager.  The CentralAuthenticationService service bean
+		| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, 
+		| "authenticationManager".  Most deployers will be able to use the default AuthenticationManager
+		| implementation and so do not need to change the class of this bean.  We include the whole
+		| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
+		| need to change in context.
+		+-->
+	<bean id="authenticationManager"
+		class="org.jasig.cas.authentication.AuthenticationManagerImpl">
+		<!--
+			| This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
+			| The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which 
+			| supports the presented credentials.
+			|
+			| AuthenticationManagerImpl uses these resolvers for two purposes.  First, it uses them to identify the Principal
+			| attempting to authenticate to CAS /login .  In the default configuration, it is the DefaultCredentialsToPrincipalResolver
+			| that fills this role.  If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
+			| DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
+			| using.
+			|
+			| Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. 
+			| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. 
+			| You will need to change this list if you are identifying services by something more or other than their callback URL.
+			+-->
+		<property name="credentialsToPrincipalResolvers">
+			<list>
+				<!--
+					| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login 
+					| by default and produces SimplePrincipal instances conveying the username from the credentials.
+					| 
+					| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
+					| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
+					| Credentials you are using.
+					+-->
+				<bean
+					class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
+				<!--
+					| HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.  It supports the CAS 2.0 approach of
+					| authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
+					| SimpleService identified by that callback URL.
+					|
+					| If you are representing services by something more or other than an HTTPS URL whereat they are able to
+					| receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
+					+-->
+				<bean
+					class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
+			</list>
+		</property>
+
+		<!--
+			| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, 
+			| AuthenticationHandlers actually authenticate credentials.  Here we declare the AuthenticationHandlers that
+			| authenticate the Principals that the CredentialsToPrincipalResolvers identified.  CAS will try these handlers in turn
+			| until it finds one that both supports the Credentials presented and succeeds in authenticating.
+			+-->
+		<property name="authenticationHandlers">
+			<list>
+				<!--
+					| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
+					| a server side SSL certificate.
+					+-->
+				<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
+					p:httpClient-ref="httpClient" />
+				<!--
+					| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS 
+					| into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
+					| where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
+					| local authentication strategy.  You might accomplish this by coding a new such handler and declaring
+					| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+					+-->
+				<bean
+					class="de.hsadmin.cas.SmtpAuthenticator" />
+			</list>
+		</property>
+	</bean>
+
+
+	<!--
+	This bean defines the security roles for the Services Management application.  Simple deployments can use the in-memory version.
+	More robust deployments will want to use another option, such as the Jdbc version.
+	
+	The name of this should remain "userDetailsService" in order for Spring Security to find it.
+	
+	To use this, you should add an entry similar to the following between the two value tags:
+	battags=notused,ROLE_ADMIN
+	
+	where battags is the username you want to grant access to.  You can put one entry per line.
+	 -->
+    <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->
+
+    <sec:user-service id="userDetailsService">
+        <sec:user name="pe" password="notused" authorities="ROLE_ADMIN" />
+    </sec:user-service>
+	
+	<!-- 
+	Bean that defines the attributes that a service may return.  This example uses the Stub/Mock version.  A real implementation
+	may go against a database or LDAP server.  The id should remain "attributeRepository" though.
+	 -->
+	<bean id="attributeRepository"
+		class="org.jasig.services.persondir.support.StubPersonAttributeDao">
+		<property name="backingMap">
+			<map>
+				<entry key="uid" value="uid" />
+				<entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 
+				<entry key="groupMembership" value="groupMembership" />
+			</map>
+		</property>
+	</bean>
+	
+	<!-- 
+	Sample, in-memory data store for the ServiceRegistry. A real implementation
+	would probably want to replace this with the JPA-backed ServiceRegistry DAO
+	The name of this bean should remain "serviceRegistryDao".
+	 -->
+	<bean
+		id="serviceRegistryDao"
+        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
+            <property name="registeredServices">
+                <list>
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="0" />
+                        <property name="name" value="HTTP" />
+                        <property name="description" value="Only Allows HTTP Urls" />
+                        <property name="serviceId" value="http://**" />
+                    </bean>
+
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="1" />
+                        <property name="name" value="HTTPS" />
+                        <property name="description" value="Only Allows HTTPS Urls" />
+                        <property name="serviceId" value="https://**" />
+                    </bean>
+
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="2" />
+                        <property name="name" value="IMAPS" />
+                        <property name="description" value="Only Allows HTTPS Urls" />
+                        <property name="serviceId" value="imaps://**" />
+                    </bean>
+
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="3" />
+                        <property name="name" value="IMAP" />
+                        <property name="description" value="Only Allows IMAP Urls" />
+                        <property name="serviceId" value="imap://**" />
+                    </bean>
+                </list>
+            </property>
+        </bean>
+</beans>

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/casBlockedView.jsp

@@ -0,0 +1,8 @@
+<jsp:directive.include file="/WEB-INF/view/jsp/default/ui/includes/top.jsp" />
+
+		<div id="status" class="errors">
+			<h2><spring:message code="screen.blocked.header" /></h2>
+
+			<p><spring:message code="screen.blocked.message" /></p>
+		</div>
+<jsp:directive.include file="/WEB-INF/view/jsp/default/ui/includes/bottom.jsp" />

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/casConfirmView.jsp

@@ -0,0 +1,3 @@
+<jsp:directive.include file="includes/top.jsp" />
+<div class="info"><p><spring:message code="screen.confirmation.message" arguments="${fn:escapeXml(param.service)}${fn:indexOf(param.service, '?') eq -1 ? '?' : '&'}ticket=${serviceTicketId}" /></p></div>
+<jsp:directive.include file="includes/bottom.jsp" />

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/casGenericSuccess.jsp

@@ -0,0 +1,8 @@
+<jsp:directive.include file="includes/top.jsp" />
+		<div id="msg" class="success">
+			<h2><spring:message code="screen.success.header" /></h2>
+			<p><spring:message code="screen.success.success" /></p>
+			<p><spring:message code="screen.success.security" /></p>
+		</div>
+<jsp:directive.include file="includes/bottom.jsp" />
+

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/casLoginView.jsp

@@ -0,0 +1,68 @@
+<%--
+
+    Licensed to Jasig under one or more contributor license
+    agreements. See the NOTICE file distributed with this work
+    for additional information regarding copyright ownership.
+    Jasig licenses this file to you under the Apache License,
+    Version 2.0 (the "License"); you may not use this file
+    except in compliance with the License. You may obtain a
+    copy of the License at:
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on
+    an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+--%>
+
+<%@ page contentType="text/html; charset=UTF-8" %>
+<jsp:directive.include file="includes/top.jsp" />
+			<form:form method="post" id="fm1" cssClass="fm-v clearfix" commandName="${commandName}" htmlEscape="true">
+			    <form:errors path="*" cssClass="errors" id="status" element="div" />
+                <div class="box fl-panel" id="login">
+                <!-- <spring:message code="screen.welcome.welcome" /> -->
+                    <h2>Bitte geben Sie Ihren Benutzernamen und Ihr Passwort ein.</h2>
+                    <div class="row fl-controls-left">
+                        <label for="username" class="fl-label">Benutzername</label>
+						<c:if test="${not empty sessionScope.openIdLocalId}">
+						<strong>${sessionScope.openIdLocalId}</strong>
+						<input type="hidden" id="username" name="username" value="${sessionScope.openIdLocalId}" />
+						</c:if>
+
+						<c:if test="${empty sessionScope.openIdLocalId}">
+						<spring:message code="screen.welcome.label.netid.accesskey" var="userNameAccessKey" />
+						<form:input cssClass="required" cssErrorClass="error" id="username" size="25" tabindex="1" accesskey="${userNameAccessKey}" path="username" autocomplete="false" htmlEscape="true" />
+						</c:if>
+                    </div>
+                    <div class="row fl-controls-left">
+                        <label for="password" class="fl-label">Passwort</label>
+						<%--
+						NOTE: Certain browsers will offer the option of caching passwords for a user.  There is a non-standard attribute,
+						"autocomplete" that when set to "off" will tell certain browsers not to prompt to cache credentials.  For more
+						information, see the following web page:
+						http://www.geocities.com/technofundo/tech/web/ie_autocomplete.html
+						--%>
+						<spring:message code="screen.welcome.label.password.accesskey" var="passwordAccessKey" />
+						<form:password cssClass="required" cssErrorClass="error" id="password" size="25" tabindex="2" path="password"  accesskey="${passwordAccessKey}" htmlEscape="true" autocomplete="off" />
+                    </div>
+                    <div class="row check">
+                        <input id="warn" name="warn" value="true" tabindex="3" accesskey="<spring:message code="screen.welcome.label.warn.accesskey" />" type="checkbox" checked="checked" />
+                        <label for="warn"><spring:message code="screen.welcome.label.warn" /></label>
+                    </div>
+                    <div class="row btn-row">
+						<input type="hidden" name="lt" value="${flowExecutionKey}" />
+						<input type="hidden" name="_eventId" value="submit" />
+
+                        <input class="btn-submit" name="submit" accesskey="l" value="<spring:message code="screen.welcome.button.login" />" tabindex="4" type="submit" />
+                        <input class="btn-reset" name="reset" accesskey="c" value="<spring:message code="screen.welcome.button.clear" />" tabindex="5" type="reset" />
+                    </div>
+                </div>
+            </form:form>
+
+            <div id="sidebar">
+            </div>
+<jsp:directive.include file="includes/bottom.jsp" />

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/casLogoutView.jsp

@@ -0,0 +1,30 @@
+<%--
+
+    Licensed to Jasig under one or more contributor license
+    agreements. See the NOTICE file distributed with this work
+    for additional information regarding copyright ownership.
+    Jasig licenses this file to you under the Apache License,
+    Version 2.0 (the "License"); you may not use this file
+    except in compliance with the License. You may obtain a
+    copy of the License at:
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on
+    an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+--%>
+
+<jsp:directive.include file="includes/top.jsp" />
+
+		<div id="msg" class="success">
+			<h2><spring:message code="screen.logout.header" /></h2>
+
+			<p><spring:message code="screen.logout.success" /></p>
+			<p><spring:message code="screen.logout.security" /></p>
+		</div>
+<jsp:directive.include file="includes/bottom.jsp" />

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/includes/bottom.jsp

@@ -0,0 +1,8 @@
+                </div>
+                <div id="footer" class="fl-panel fl-note fl-bevel-white fl-font-size-80">
+                    <a href="https://www.hostsharing.net/impressum" title="Impressum">Impressum</a>
+                </div>
+            </div>
+        </div>
+    </body>
+</html>

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/includes/top.jsp

@@ -0,0 +1,37 @@
+<%@ page session="true" %>
+<%@ page pageEncoding="UTF-8" %>
+<%@ page contentType="text/html; charset=UTF-8" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<spring:theme code="mobile.custom.css.file" var="mobileCss" text="" />
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+	<head>
+	    <title>Hostsharing - Central Authentication Service (CAS)</title>
+        <c:choose>
+           <c:when test="${not empty requestScope['isMobile'] and not empty mobileCss}">
+                <meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" />
+                <meta name="apple-mobile-web-app-capable" content="yes" />
+                <meta name="apple-mobile-web-app-status-bar-style" content="black" />
+                <link type="text/css" rel="stylesheet" media="screen" href="<c:url value="/css/fss-framework-1.1.2.css" />" />
+                <link type="text/css" rel="stylesheet" href="<c:url value="/css/fss-mobile-${requestScope['browserType']}-layout.css" />" />
+                <link type="text/css" rel="stylesheet" href="${mobileCss}" />
+           </c:when>
+           <c:otherwise>
+                <link type="text/css" rel="stylesheet" href="<spring:theme code="standard.custom.css.file" />" />
+                <script type="text/javascript" src="js/common_rosters.js"></script>
+           </c:otherwise>
+        </c:choose>
+	    <link rel="icon" href="<c:url value="/themes/hostsharing/favicon.ico" />" type="image/x-icon" />
+	</head>
+	<body id="cas" onload="init();" class="fl-theme-iphone">
+    <div class="flc-screenNavigator-view-container">
+        <div class="fl-screenNavigator-view">
+            <div id="logo">
+            </div>		
+            <div id="header" class="flc-screenNavigator-navbar fl-navbar fl-table">
+                <h1 id="app-name" class="fl-table-cell">Hostsharing - Central Authentication Service (CAS)</h1>
+            </div>		
+            <div id="content" class="fl-screenNavigator-scroll-container">

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/serviceErrorSsoView.jsp

@@ -0,0 +1,14 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<jsp:directive.include file="includes/top.jsp" />
+
+<c:url var="url" value="/login">
+    <c:param name="service" value="${param.service}" />
+    <c:param name="renew" value="true" />
+</c:url>
+		<div id="status" class="errors">
+			<h2><spring:message code="screen.service.sso.error.header" /></h2>
+			<p><spring:message code="screen.service.sso.error.message"  arguments="${url}" /></p>
+		</div>
+<jsp:directive.include file="includes/bottom.jsp" />

authenticator/webapp/WEB-INF/view/jsp/hostsharing/ui/serviceErrorView.jsp

@@ -0,0 +1,6 @@
+<jsp:directive.include file="includes/top.jsp" />
+		<div id="status" class="errors">
+			<h2><spring:message code="screen.service.error.header" /></h2>
+			<p><spring:message code="screen.service.error.message" /></p>
+		</div>
+<jsp:directive.include file="includes/bottom.jsp" />

authenticator/webapp/themes/hostsharing/cas.css

@@ -0,0 +1,381 @@
+html,body {
+	margin:0;
+	padding:0;
+	border:0;
+	background:transparent;
+	color:#000;
+	}
+
+body {
+	font:normal 76% Arial,Helvetica,Verdana,sans-serif;
+}
+
+acronym {
+	border-bottom:1px dotted #ccc;
+	cursor:help;
+	}
+
+a img,#header img {
+	border:0;
+	display:block;
+	}
+
+.bold {font-weight:bold;}
+
+.important {color:#b00;}
+
+.center {text-align:center;}
+
+.right {text-align:right;}
+
+.left {text-align:left;}
+
+/*************************************** HEADER */
+#header{
+	margin:0;
+	padding:0;
+	width:100%;
+	clear:both;
+	}
+
+#header a {
+	display:block;
+	margin:0;
+	padding:0 0 0 3px;
+	text-decoration:none;
+	background-color:#b00;
+	color:#ffc;
+	font-size:1em;
+	line-height:19px;
+	}
+
+#header a.task {
+	float:right;
+	margin:0 0 0 1px;
+	padding:0 5px 0 20px;
+	line-height:20px;
+	text-decoration:none;
+	color:#ffc;
+	}
+
+#header a:hover.task, #header a:focus.task {background-color:#c33 !important;}
+
+#header a.task#helpBtn {
+	background:#b00 url(../../images/help.gif) 5px 5px  no-repeat scroll;
+/*	display:none; */
+	}
+	
+#header a.task#aboutBtn {background:#b00 url(../../images/about.gif) 5px 5px  no-repeat scroll;}
+
+#header a.task#menuBtn {background:#b00 url(../../images/menu.gif) 5px 5px  no-repeat scroll;}
+
+#header a.task#logoutBtn {background:#b00 url(../../images/logout.gif) 5px 5px  no-repeat scroll;}
+
+#logo {
+	margin:0 0 0 5%;
+	padding:0;
+	width:90%;
+	height:100px;
+	clear:both;
+	background: #005094 url(logo.png) no-repeat scroll;
+	}
+
+#header h1 {
+	margin:20px 0 0 5%;
+	padding:0;
+	letter-spacing:1px;
+	background:transparent;
+	font-size:2.0em;
+	}
+
+/*************************************** CONTENT */
+#content {
+	border-top:1px solid #fff; /* REMOVES VERTICAL MARGIN COLLAPSING */
+	margin:0 5%;
+	padding:0;
+	width:auto !important;
+	width /**/:100%;
+	clear:both;
+	}
+
+#content .dataset {
+	margin:30px 0 0 0;
+	padding:10px;
+	border:1px solid #eee;
+	clear:both;
+	width:auto !important;
+	width /**/:100%;
+	}
+
+#content .dataset h2 {
+	position:relative;
+	top:-20px;
+	left:-20px;
+	width:350px;
+	margin:0;
+	padding:0 0 1px 5px;
+	border:1px solid #ccc;
+	background-color:#eee;
+	color:#066;
+	font-weight:bold;
+	font-size:1em;
+	line-height:1.3em;
+	}
+
+#content .dataset .leftCol {
+	float:left;
+	width:50%;
+	min-width:50%;
+	margin:0;
+	padding:0;
+	}
+
+#appStatus .dataset .rightCol {
+	float:right;
+	width:50%;
+	}
+
+html>body .clear:after {
+	content:" ";
+	display:block;
+	height:0px;
+	line-height:0px;
+	clear:both;
+	visibility:hidden; /* HIDES THE ELEMENT, BUT STILL TAKES UP SPACE */
+	}
+
+#content p {
+	line-height:1.6em;
+	
+	}
+
+#content ul {
+	margin:0;
+	padding:0;
+	list-style:none;
+	}
+
+#content ul li {
+	background:url(../images/bullet_orange.gif) 0px 2px no-repeat scroll;
+	padding-left:20px;
+	margin-top:.5em;
+	}
+
+#content h2 {
+	margin:0;
+	padding:0;
+	font-size:1.8em;
+	}
+
+#content h3 {
+	margin:0;
+	padding:0;
+	font-size:1.5em;
+	color:#333;
+	}
+
+#content p.top {
+	text-align:right;
+	font:bold 1em Verdana,Helvetica,sans-serif;
+	}
+
+/*************************************** FOOTER */
+#footer {
+	margin:2em 5% 10px 5%;
+	padding:0;
+	clear:both;
+	}
+
+#footer hr {
+	margin:0;
+	padding:0;
+ 	height:1px;
+ 	background:#ccc;
+ 	color:#ccc;
+ 	border:0;
+ 	}
+
+#footer p {
+	margin:0;
+	padding:0;
+	font-size:1em;
+	line-height:1.2em;
+	color:#999;
+	}
+
+#footer p#copyright {margin-top:1em;}
+
+/*************************************** LINK STYLES */
+#content a:hover, #content a:focus, #content ul li a:hover, #content ul li a:focus,
+#menu ul li a:hover, #menu ul li a:focus,
+#footer a:hover, #footer a:focus {
+	background:transparent;
+	color:#b00;
+	text-decoration:underline;
+	}
+
+/*************************************** TABLE FORMATTING */
+table {
+	border-right:solid 1px #999;
+	border-bottom:solid 1px #999;
+	background-color:#fff;
+	font-size:1em;
+	}
+
+th {
+	border-left:solid 1px #ccc;
+	border-top:solid 1px #ccc;
+	background-color:#eee;
+	color:#066;
+	font-weight:normal;
+	font-size:1em;
+	vertical-align:middle;
+	text-align:left;
+	padding:0 0 0 2px;
+	}
+
+td {
+	border-left:solid 1px #ccc;
+	border-top:solid 1px #ccc;
+	font-size:1em;
+	padding:0 0 0 2px;
+	}
+
+/*************************************** FORMS */
+form {display:inline;}
+
+input:focus, textarea:focus, select:focus {background:#fc3 !important;}
+
+input.numeric {text-align:right;}
+
+/*************************************** BUTTON STYLES */
+#content a.button, #content a.button:link, #content a.button:hover, #content a.button:active, #content .button {
+	text-decoration:none;
+	background-color:#d0d0d0;
+	border:1px outset #d0d0d0;
+	color: #000;
+	padding:1px 1em;
+	font-size:1.2em;
+	line-height:1.2em;
+	}
+
+/*************************************** HELP */
+#help {
+	background-color:#ffc;
+	border:1px solid #ccc;
+	margin:0 0 15px 0;
+	padding:0 0 10px 0;
+	}
+
+#help h4 {
+	margin:0 0 10px 0;
+	border-bottom:1px solid #ccc;
+	background-color:#fc3;
+	color:#b00;
+	font-size:1em;
+	font-weight:bold;
+	line-height:19px;
+	padding:0 0 0 3px;
+	}
+
+#help p {
+	margin:10px;
+	padding:0;
+	}
+
+/* #help #closeHelp {display:none;} */
+
+#help h4 a, #help h4 a:visited {
+	float:right;
+	margin:0;
+	padding:0 5px 0 20px;
+	text-decoration:none !important;
+	color:#ffc !important;
+	font-weight:normal;
+	line-height:19px;
+	background:#b00 url(../images/close.gif) 5px 5px  no-repeat scroll;
+	}
+
+#help h4 a:hover, #help h4 a:focus {background:#c33 url(../images/close.gif) 5px 5px  no-repeat scroll !important;}
+
+fieldset {
+	border-top:solid 1px #ccc;
+	border-bottom:0;
+	border-right:0;
+	border-left:0;
+	margin:0;
+	padding:0;
+	padding-bottom: 1.5em;
+	}
+form{
+	display: inline;
+	}
+.accesskey {text-decoration:underline;}	
+fieldset div {padding-top:10px;}
+
+legend {color:#066;}
+
+input, select,textarea {
+	font-family:monospace;
+	font-size:11px;
+	margin:0;
+	padding:0;
+	}
+
+#content .button {
+	padding:3px 0px;
+	font-size:11px;
+	width:11em;
+	cursor:pointer;
+	}
+
+label {
+	margin:0 5px 0 0;
+	font-weight:bold;
+	cursor:pointer;
+	}
+
+.required {background:#ffc;}
+.important {color:#b00;font-family:monospace;font-weight:bold;font-size:1.2em;}
+.evenrow {background-color:#eee;}
+
+table .appHeadingRow th {
+	border-top:5px solid #ccc;
+	background-color:#666;
+	color:#fff;
+	text-align:left;
+	padding:0 0 0 2px;
+	}
+
+
+#content .button#add {background:#d0d0d0 url(../../images/arrowd.gif) right center  no-repeat scroll;}
+#content .button#update {background:#d0d0d0 url(../../images/update.gif) right center  no-repeat scroll;margin-top:10px;}
+
+#login {float:left; margin:0 -296px 0 0; padding:15px; width:258px; min-height:15em; background:#eee; position:relative; border:0;}
+#login:before {line-height:0.1; font-size:1px; background:transparent url("../../images/key-point_tr.gif") no-repeat top right; margin:-15px -15px 0 -15px; height:15px; display:block; content:url("../images/key-point_tl.gif");}
+#login:after {display:block; clear:both; padding-top:15px; line-height:0.1; font-size:1px; content:url("../../images/key-point_bl.gif"); margin:-15px; height:8px; background:transparent url("../images/key-point_br.gif") scroll no-repeat bottom right;}
+#login h2 {border-bottom:1px solid #ddd; padding:3px 0; font:normal 400 17px Georgia, "Times New Roman", Times, serif; color:#333;}
+#login label {font-size:11px;}
+#login label span.accesskey {text-decoration:underline;}
+#login input {letter-spacing:1px;}
+#login .check input {position:relative; left:-4px; height:auto;}
+#login .check label {float:none; xwidth:auto; line-height:1.8;}
+#login .btn-row {position:relative; top:15px; padding-top:10px; border-top:1px solid #ddd;}
+#login .btn-row {top:5px;} /* IE6 */
+#login .btn-submit {float:none; clear:none; display:inline; letter-spacing:0;}
+#login .btn-submit {background:#ffd;}
+#login .btn-reset {float:none; clear:none; margin-left:5px; border:0; border-left:1px solid #ddd; background:transparent; color:#777; text-transform:lowercase; letter-spacing:0;}
+
+/* MESSAGES --------------------------------- */
+.info, .errors, .success {clear:both; margin:18px 0; padding:20px 20px 20px 100px; font-size:10px; line-height:1.5;}
+.info {border:1px dotted 008;    background:#eff url(../images/info.gif) no-repeat 20px 18px; color:#008;}
+.errors {border:1px dotted #d21033; background:#fed url(../images/error.gif) no-repeat 20px 18px; color:#d21033; padding-bottom: 40px;}
+.success {border:1px dotted #390; background:#dfa url(../images/confirm.gif) no-repeat 20px 18px; color:#390;}
+#content .errors h2, #content .success h2 {font-family:Georgia,"Times New Roman",Times,serif; font-size:18px; line-height:48px; font-weight:400; margin:0 18px 0 0; padding:0;}
+#content .success h2 {color: #008 !important;}
+#content .errors h2 {color:#b00 !important;}
+#content .success h2 {color:#060 !important;}
+    
+
+/* static messages */
+#content #msg p {padding:0;}