rubycas-server 0.6.0 → 0.7.0

data/CHANGELOG.txt

@@ -1,186 +1 @@
-=== 0.6.0 :: 2008-03-28
-
-* Much of the supporting functionality that makes RubyCAS-Server
-  act as a well-behaved Linux service has been abstracted out
-  into its own library. This new library is called Picnic and is
-  now a gem dependency for RubyCAS-Server. You can find out more about
-  it at http://code.google.com/p/camping-picnic/.
-* The logout action will now accept a 'destination' parameter in lieu of
-  'service'. This means that if a 'destination' parameter is given with
-  some URL, the logout action will show the login form, allowing the user
-  to immedietly log back in to the service specified by 'destination'.
-* The logout action will now accept a 'url' parameter. If given, the logout
-  page will show a message indicating that the CAS session has been terminated
-  and instructing the user to click on a link to follow the given URL. If the
-  'url' parameter is given, the login form will NOT be shown on the logout
-  page (see above).
-* When an authentication failure occurs (because the user submitted
-  invalid credentials or the login ticket is missing), the server
-  now returns a 401 (Unauthorized) response instead of 200.
-* An encryption-enabled version of the SQL authenticator is now
-  available. For more info have a look at:
-  http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
-* Better compatibility with Oracle databases. The database migration 
-  no longer tries to create tables with long names when long
-  table names are not supported by the underlying database connector
-  (issue #15).
-* The server now automatically removes leading and trailing whitespace from
-  the username entered by users. Passwords however are left intact, with no
-  whitespace removed.
-* The server can now be configured to automatically downcase the
-  username entered by users (dowcase_username option). So if a user
-  enters "JSmith", the system will convert it to "jsmith" if the
-  downcase_username option is set to true.
-* The server can now be made to bind to a specific address. See the
-  :bind_address option in the config.example.yml file.
-* Fixed bug with ActiveRecord 2.0.2 where service tickets were not
-  being given a type (issue #37).
-
-=== 0.5.1 :: 2007-12-20
-
-* Tickets generated by the server should now be a lot more secure.
-  The random string generator used for generating tickets now uses
-  Crypt::ISAAC. Tickets have also been extended in length; STs, PTs
-  and LTs can now extend up to 32 characters, and PGTs and PGT-IOUs 
-  up to 64.
-
-=== 0.5.0 :: 2007-09-20
-
-* Gateway requests should now be handled correctly. When the request to the
-  login page is made with gateway=true as one of the parameters, the CAS
-  server will immediately redirect back to the target service along with
-  a service ticket if an SSO session exists for the user (or without a
-  service ticket if there is no pre-existing SSO session). 
-  Note that if you are using RubyCAS-Client and want gatewaying, you will 
-  need to upgrade it to 1.1.0 as gatewaying was broken in prior versions.
-* If gateway=true is specified as part of the logout URI, the server will
-  log the user out and immediately redirect them back to the specified
-  service. In other words, you can now do "gatewayed logouts" as well
-  as logins.
-* A login ticket can now be remotely requested from the server by placing
-  a POST request to '/loginTicket'.
-* The login view can now be made to return only the login form. This is
-  done by adding the 'onlyLoginForm' parameter to the '/login' request.
-  Optionally, a 'submitToURI' parameter can be supplied to force the login
-  form to submit to the given URI (otherwise the server will try to figure
-  out the full URI to its own login controller). This functionality may be
-  useful when you want to embed the login form in some external page, as
-  an IFRAME otherwise.
-* Custom views can now be used to override the default Markaby templates
-  by specifying a 'custom_views_file' option in the configuration. See
-  custom_views.example.rb. [jzylks]
-* Table names have been shortened to work with Oracle. A migration has
-  been added that should do the shortening for you the first time you run
-  this new RubyCAS-Server version.
-* Multiple authenticators can now be specified. During authentication,
-  credentials are presented to the first authenticator, then the second,
-  and so on, until the user is validated by any one authenticator or fails 
-  validation for all of them. [jzylks]
-* When using webrick, you can now run with SSL disabled by omitting the 
-  ssl_cert and ssl_key parameters.
-* Changed incorrect MySQL example database configuration -- option should
-  be 'host:' not 'server:' (issue #22).
-
-=== 0.4.2 :: 2007-07-26
-
-* The LDAP/AD authenticator has been largely re-written. The code is a bit
-  cleaner now, and should work better with non-Active Directory LDAP servers
-  (although this has yet to be tested since I don't have access to a non-AD
-  LDAP server).
-* The validate() method in your authenticators now receives a :service element
-  (in addition to :username, and :password). This is simply the service
-  url (if any) specified in the user's CAS request. If you call 
-  read_standard_credentials(credentials) at the top of your validator, the value
-  will also be available as @service along with @username and @password.
-* By request, a :username_prefix option has been added to the ldap 
-  configuration. If entered, this string will be automatically prefixed to 
-  the username entered by the user.
-* A bug having to do with handling authenticator errors has been fixed.
-  Any authenticator error messages should now be correctly shown on the
-  login page.
-* Minor improvements to error messages having to do with login tickets.
-  They're a bit more prescriptive now, explaining to the user what steps
-  they should take to correct the error.
-
-=== 0.4.1 :: 2007-06-07
-
-* This release restores compatiblity with older versions of rubygems
-  (pre-0.9.0). To achieve this, we alias the 'gem' method to the old 
-  'require_gem' if 'gem' is not already defined.
-* rubycas-server-ctl will now quiety delete an orphaned .pid file 
-  instead complaining loudly and refusing to start up.
-* Fixed minor bug in rubycas-server-ctl that sometimes incorrectly reported
-  startup problems when in fact the server had started just fine.
-
-
-=== 0.4.0 :: 2007-06-05
-
-* Added rubycas-server-ctl script for controlling daemonized server.
-* rubygems-0.9.0 or later is now required.
-* Added system startup script to be used in /etc/init.d on Linux systems.
-* Authenticator can now be loaded from an external file using the 'source'
-  configuration option.
-* Better preemptive detection of startup problems with mongrel.
-* User now sees an error message if the service URI is not a valid URI (i.e.
-  if it's not URI-encoded or otherwise malformed).
-
-
-=== 0.3.0 :: 2007-03-29
-
-* Fixed glaring security problem with LDAP/AD Authenticator where under some
-  circumstances blank passwords were accepted as valid.
-* Autocomplete has been turned off on the password field for better security.
-  In the future we may allow autocomplete to be re-enabled using a
-  configuration setting.
-* When the user visits the login page and is already authenticated (i.e. they
-  have a valid ticket granting cookie), a message is shown at the top 
-  indicating that they are already logged in.
-* sqlite3-ruby is no longer required by the gem as a dependency.  The user 
-  must now install it manually prior to installing rubycas-server. The
-  building of sqlite3 native extensions appears to be somewhat flakey
-  and probably defeats the original purpose of using it (which was
-  to have a CAS server up and running with no additional DB configuration).
-  We will use MySQL as the default database adapter instead, since it does
-  not require additional libraries and many users will have a MySQL server
-  already available.
-* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
-  any user logged out. Only the PGTs for the user that is logging out are now
-  being deleted.
-* Trailing slashes in service URLs are now ignored when validating service
-  and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
-  are now considered to be the same service URL).
-* Authenticators now raise AuthenticatorError exceptions when encountering
-  a problem/error. This makes it easier to send feedback to the user.
-  However, other exceptions should still be raised when errors ought
-  not be recoverable (i.e. programming errors).
-* Fixed serious vulnerability in LDAP authenticator where under some
-  cirumstances the user could just enter '*' as their username to match 
-  any username. The LDAP authenticator will now refuse to process logins 
-  with usernames that contain the characters * ( ) \ / and the NULL 
-  character \0.
-* Views are no longer xhtml-validated. Markaby's auto-validation was turned
-  off to allow for use of the autocomplete property on inputs, since this is
-  the only viable way of turning off password storage in IE and Firefox at
-  the page level.
-* You can now limit the maximum length of a login session by setting the
-  expire_sessions config setting to true.
-* Fixed some minor bugs in the login view.
-
-
-=== 0.2.0 :: 2007-03-20
-
-* ruby-casserver now behaves more like a real command-line app, accepting
-  various command line arguments including -h (help), -v (version), -c (use
-  an alternate config.yml), and -d (daemonize, when using webrick or mongrel 
-  mode).
-* Special characters in CAS XML responses are now properly encoded into XML
-  entities
-* CAS XML responses are no longer auto-indented... Markaby's indentation
-  seemed to be causing problems with the PHP CAS client.
-* Misc minor bug fixes/cleanup.
-
-
-=== 0.1.0 :: 2007-03-01
-
-* First public release.
-
+See History.txt

data/History.txt

@@ -0,0 +1,247 @@
+=== 0.7.0 :: 2008-11-04
+
+* New functionality:
+  * Implemented single-sign-out functionality as specified in CAS 3.3.  See
+    http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out.
+  * It is now possible to configure Authenticators to return extra attributes
+    to CAS clients alongside the username. For an example of how to do this see
+    the included SQL authenticator. Also have a look at:
+    http://groups.google.com/group/rubycas-server/browse_thread/thread/5eade3793cb590e9
+    Note that extra attributes of type other than String or Numeric are serialized 
+    into YAML format before being sent along to the client.
+  * Added an MD5-password version of the SQL authenticator for Drupal and any other
+    database that stores its passwords in hashed form (thanks malcolmm).
+  * Added new Google authenticator for authenticating against Google/GMail
+    accounts.
+       
+* Changes to existing functionality:
+  * Service URIs are now automatically normalized. For example, if the service 
+    URI given to the server has a 'ticket' parameter, the ticket will now be 
+    automatically stripped. This is to avert any possible issues raised by 
+    misbehaving CAS clients (the CAS ticket should never be part of the service 
+    URI). Same goes for other CAS-related parameters like 'service', 'renew',
+    and 'gateway'. Additionally, the trailing '/' and '?' characters are
+    automatically stripped from URLs, since, for example, "http://google.com/"
+    is almost certainly equivalent to "http://google.com".
+  * The expire_sessions config variable is now respected -- ticket granting
+    ticket cookies are set with an expiry datetime, so that the SSO session
+    is effectively terminated once the ticket_granting_ticket_expiry period
+    is reached.
+  * If present, the HTTP_X_FORWARDED_FOR header is used for recording the
+    client's address. This is useful when the server is running behind a reverse
+    proxy, but it should not be considered authoritative since it can be
+    easily spoofed.
+  * The 'service' field in the 'casserver_st' table has been changed from
+    VARCHAR(255) to TEXT in order to accomodate service URIs longer than 255
+    characters (fixes issue #46).
+  * The CAS XML responses are no longer whitespace-formatted (i.e. Markaby's
+    auto-indentation has been turned off). Apparently the whitespace was
+    causing problems with mod_auth_cas. See:
+    http://groups.google.com/group/rubycas-server/browse_thread/thread/e482fe09999b73d3
+  * When used without pre-authentication, the LDAP authenticator now tries to 
+    bind by searching for the given username in the LDAP directory based on the 
+    configured username_attribute. Prior to this change the authenticator
+    attempted to bind with the LDAP server by assuming that the username credential
+    matches the user's CN. This is no longer the case.
+  * CAS responses to invalid requests (for example where required parameters
+    are missing or incorrect) will now have HTTP status code 422. Internal server
+    errors (where the server rather than the client is at fault) have error 500.
+    Previously most responses had error code 200, regardless of their contents.
+    
+* Bug fixes
+  * Fixed logout action to work properly with ActiveRecord 2.1 (eager loading behaviour
+    was changed upstream forcing a change to the way we look for ProxyGrantingTickets
+    to delete on logout).
+  * When running under Mongrel, the USR2 signal should now restart the server as 
+    expected -- however currently this only works when the server is running
+    in the foregaround. When daemonized, USR2 will shut down the server without
+    restarting (see issue #58).
+  * Fixed activerecord/activesupport gem load problems, hopefully once and for all
+    (however picnic-0.7.0 is now required).
+
+=== 0.6.0 :: 2008-03-28
+
+* Much of the supporting functionality that makes RubyCAS-Server
+  act as a well-behaved Linux service has been abstracted out
+  into its own library. This new library is called Picnic and is
+  now a gem dependency for RubyCAS-Server. You can find out more about
+  it at http://code.google.com/p/camping-picnic/.
+* The logout action will now accept a 'destination' parameter in lieu of
+  'service'. This means that if a 'destination' parameter is given with
+  some URL, the logout action will show the login form, allowing the user
+  to immedietly log back in to the service specified by 'destination'.
+* The logout action will now accept a 'url' parameter. If given, the logout
+  page will show a message indicating that the CAS session has been terminated
+  and instructing the user to click on a link to follow the given URL. If the
+  'url' parameter is given, the login form will NOT be shown on the logout
+  page (see above).
+* When an authentication failure occurs (because the user submitted
+  invalid credentials or the login ticket is missing), the server
+  now returns a 401 (Unauthorized) response instead of 200.
+* An encryption-enabled version of the SQL authenticator is now
+  available. For more info have a look at:
+  http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
+* Better compatibility with Oracle databases. The database migration 
+  no longer tries to create tables with long names when long
+  table names are not supported by the underlying database connector
+  (issue #15).
+* The server now automatically removes leading and trailing whitespace from
+  the username entered by users. Passwords however are left intact, with no
+  whitespace removed.
+* The server can now be configured to automatically downcase the
+  username entered by users (dowcase_username option). So if a user
+  enters "JSmith", the system will convert it to "jsmith" if the
+  downcase_username option is set to true.
+* The server can now be made to bind to a specific address. See the
+  :bind_address option in the config.example.yml file.
+* Fixed bug with ActiveRecord 2.0.2 where service tickets were not
+  being given a type (issue #37).
+
+=== 0.5.1 :: 2007-12-20
+
+* Tickets generated by the server should now be a lot more secure.
+  The random string generator used for generating tickets now uses
+  Crypt::ISAAC. Tickets have also been extended in length; STs, PTs
+  and LTs can now extend up to 32 characters, and PGTs and PGT-IOUs 
+  up to 64.
+
+=== 0.5.0 :: 2007-09-20
+
+* Gateway requests should now be handled correctly. When the request to the
+  login page is made with gateway=true as one of the parameters, the CAS
+  server will immediately redirect back to the target service along with
+  a service ticket if an SSO session exists for the user (or without a
+  service ticket if there is no pre-existing SSO session). 
+  Note that if you are using RubyCAS-Client and want gatewaying, you will 
+  need to upgrade it to 1.1.0 as gatewaying was broken in prior versions.
+* If gateway=true is specified as part of the logout URI, the server will
+  log the user out and immediately redirect them back to the specified
+  service. In other words, you can now do "gatewayed logouts" as well
+  as logins.
+* A login ticket can now be remotely requested from the server by placing
+  a POST request to '/loginTicket'.
+* The login view can now be made to return only the login form. This is
+  done by adding the 'onlyLoginForm' parameter to the '/login' request.
+  Optionally, a 'submitToURI' parameter can be supplied to force the login
+  form to submit to the given URI (otherwise the server will try to figure
+  out the full URI to its own login controller). This functionality may be
+  useful when you want to embed the login form in some external page, as
+  an IFRAME otherwise.
+* Custom views can now be used to override the default Markaby templates
+  by specifying a 'custom_views_file' option in the configuration. See
+  custom_views.example.rb. [jzylks]
+* Table names have been shortened to work with Oracle. A migration has
+  been added that should do the shortening for you the first time you run
+  this new RubyCAS-Server version.
+* Multiple authenticators can now be specified. During authentication,
+  credentials are presented to the first authenticator, then the second,
+  and so on, until the user is validated by any one authenticator or fails 
+  validation for all of them. [jzylks]
+* When using webrick, you can now run with SSL disabled by omitting the 
+  ssl_cert and ssl_key parameters.
+* Changed incorrect MySQL example database configuration -- option should
+  be 'host:' not 'server:' (issue #22).
+
+=== 0.4.2 :: 2007-07-26
+
+* The LDAP/AD authenticator has been largely re-written. The code is a bit
+  cleaner now, and should work better with non-Active Directory LDAP servers
+  (although this has yet to be tested since I don't have access to a non-AD
+  LDAP server).
+* The validate() method in your authenticators now receives a :service element
+  (in addition to :username, and :password). This is simply the service
+  url (if any) specified in the user's CAS request. If you call 
+  read_standard_credentials(credentials) at the top of your validator, the value
+  will also be available as @service along with @username and @password.
+* By request, a :username_prefix option has been added to the ldap 
+  configuration. If entered, this string will be automatically prefixed to 
+  the username entered by the user.
+* A bug having to do with handling authenticator errors has been fixed.
+  Any authenticator error messages should now be correctly shown on the
+  login page.
+* Minor improvements to error messages having to do with login tickets.
+  They're a bit more prescriptive now, explaining to the user what steps
+  they should take to correct the error.
+
+=== 0.4.1 :: 2007-06-07
+
+* This release restores compatiblity with older versions of rubygems
+  (pre-0.9.0). To achieve this, we alias the 'gem' method to the old 
+  'require_gem' if 'gem' is not already defined.
+* rubycas-server-ctl will now quiety delete an orphaned .pid file 
+  instead complaining loudly and refusing to start up.
+* Fixed minor bug in rubycas-server-ctl that sometimes incorrectly reported
+  startup problems when in fact the server had started just fine.
+
+
+=== 0.4.0 :: 2007-06-05
+
+* Added rubycas-server-ctl script for controlling daemonized server.
+* rubygems-0.9.0 or later is now required.
+* Added system startup script to be used in /etc/init.d on Linux systems.
+* Authenticator can now be loaded from an external file using the 'source'
+  configuration option.
+* Better preemptive detection of startup problems with mongrel.
+* User now sees an error message if the service URI is not a valid URI (i.e.
+  if it's not URI-encoded or otherwise malformed).
+
+
+=== 0.3.0 :: 2007-03-29
+
+* Fixed glaring security problem with LDAP/AD Authenticator where under some
+  circumstances blank passwords were accepted as valid.
+* Autocomplete has been turned off on the password field for better security.
+  In the future we may allow autocomplete to be re-enabled using a
+  configuration setting.
+* When the user visits the login page and is already authenticated (i.e. they
+  have a valid ticket granting cookie), a message is shown at the top 
+  indicating that they are already logged in.
+* sqlite3-ruby is no longer required by the gem as a dependency.  The user 
+  must now install it manually prior to installing rubycas-server. The
+  building of sqlite3 native extensions appears to be somewhat flakey
+  and probably defeats the original purpose of using it (which was
+  to have a CAS server up and running with no additional DB configuration).
+  We will use MySQL as the default database adapter instead, since it does
+  not require additional libraries and many users will have a MySQL server
+  already available.
+* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
+  any user logged out. Only the PGTs for the user that is logging out are now
+  being deleted.
+* Trailing slashes in service URLs are now ignored when validating service
+  and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
+  are now considered to be the same service URL).
+* Authenticators now raise AuthenticatorError exceptions when encountering
+  a problem/error. This makes it easier to send feedback to the user.
+  However, other exceptions should still be raised when errors ought
+  not be recoverable (i.e. programming errors).
+* Fixed serious vulnerability in LDAP authenticator where under some
+  cirumstances the user could just enter '*' as their username to match 
+  any username. The LDAP authenticator will now refuse to process logins 
+  with usernames that contain the characters * ( ) \ / and the NULL 
+  character \0.
+* Views are no longer xhtml-validated. Markaby's auto-validation was turned
+  off to allow for use of the autocomplete property on inputs, since this is
+  the only viable way of turning off password storage in IE and Firefox at
+  the page level.
+* You can now limit the maximum length of a login session by setting the
+  expire_sessions config setting to true.
+* Fixed some minor bugs in the login view.
+
+
+=== 0.2.0 :: 2007-03-20
+
+* ruby-casserver now behaves more like a real command-line app, accepting
+  various command line arguments including -h (help), -v (version), -c (use
+  an alternate config.yml), and -d (daemonize, when using webrick or mongrel 
+  mode).
+* Special characters in CAS XML responses are now properly encoded into XML
+  entities
+* CAS XML responses are no longer auto-indented... Markaby's indentation
+  seemed to be causing problems with the PHP CAS client.
+* Misc minor bug fixes/cleanup.
+
+
+=== 0.1.0 :: 2007-03-01
+
+* First public release.
+

data/Manifest.txt

@@ -1,18 +1,30 @@
 CHANGELOG.txt
+History.txt
 LICENSE.txt
 Manifest.txt
+PostInstall.txt
 README.txt
 Rakefile
 bin/rubycas-server
 bin/rubycas-server-ctl
+casserver.db
+casserver.log
+casserver_db.log
 config.example.yml
+config/hoe.rb
+config/requirements.rb
 custom_views.example.rb
 lib/casserver.rb
 lib/casserver/authenticators/active_directory_ldap.rb
 lib/casserver/authenticators/base.rb
+lib/casserver/authenticators/client_certificate.rb
+lib/casserver/authenticators/google.rb
 lib/casserver/authenticators/ldap.rb
+lib/casserver/authenticators/ntlm.rb
+lib/casserver/authenticators/open_id.rb
 lib/casserver/authenticators/sql.rb
 lib/casserver/authenticators/sql_encrypted.rb
+lib/casserver/authenticators/sql_md5.rb
 lib/casserver/authenticators/test.rb
 lib/casserver/cas.rb
 lib/casserver/conf.rb
@@ -24,6 +36,7 @@ lib/casserver/utils.rb
 lib/casserver/version.rb
 lib/casserver/views.rb
 lib/rubycas-server.rb
+lib/rubycas-server/version.rb
 lib/themes/cas.css
 lib/themes/notice.png
 lib/themes/ok.png
@@ -36,10 +49,17 @@ lib/themes/urbacon/login_box_bg.png
 lib/themes/urbacon/logo.png
 lib/themes/urbacon/theme.css
 lib/themes/warning.png
+misc/basic_cas_single_signon_mechanism_diagram.png
+misc/basic_cas_single_signon_mechanism_diagram.svg
 resources/init.d.sh
+script/console
+script/destroy
+script/generate
+script/txt2html
 setup.rb
-test/test_cas.rb
-test/test_casserver.rb
+tasks/deployment.rake
+tasks/environment.rake
+tasks/website.rake
 vendor/isaac_0.9.1/LICENSE
 vendor/isaac_0.9.1/README
 vendor/isaac_0.9.1/TODO
@@ -48,3 +68,8 @@ vendor/isaac_0.9.1/crypt/ISAAC.rb
 vendor/isaac_0.9.1/isaac.gemspec
 vendor/isaac_0.9.1/setup.rb
 vendor/isaac_0.9.1/test/TC_ISAAC.rb
+website/index.html
+website/index.txt
+website/javascripts/rounded_corners_lite.inc.js
+website/stylesheets/screen.css
+website/template.html.erb

data/PostInstall.txt

@@ -0,0 +1,3 @@
+
+For more information on RubyCAS-Server, see http://code.google.com/p/rubycas-server
+

data/Rakefile

@@ -1,60 +1,4 @@
-require 'rubygems'
-require 'rake'
-require 'rake/clean'
-require 'rake/testtask'
-require 'rake/packagetask'
-require 'rake/gempackagetask'
-require 'rake/rdoctask'
-require 'rake/contrib/rubyforgepublisher'
-require 'fileutils'
-require 'hoe'
-include FileUtils
-require File.join(File.dirname(__FILE__), 'lib', 'casserver', 'version')
-
-AUTHOR = ["Matt Zukowski", "Jason Zylks"]  # can also be an array of Authors
-EMAIL = ["matt at roughest dot net"]
-DESCRIPTION = "Provides single sign on for web applications using the CAS protocol."
-GEM_NAME = "rubycas-server" # what ppl will type to install your gem
-RUBYFORGE_PROJECT = "rubycas-server" # The unix name for your project
-HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
-
-DEPS = [
-  ['activesupport', '>= 1.4.0'],
-  ['activerecord', '>=1.15.3'],
-  ['picnic', '>=0.6.3']
-]
-
-
-NAME = "rubycas-server"
-REV = nil
-#REV = `svn info`[/Revision: (\d+)/, 1] rescue nil
-VERS = ENV['VERSION'] || (CASServer::VERSION::STRING + (REV ? ".#{REV}" : ""))
-                          CLEAN.include ['**/.*.sw?', '*.gem', '.config']
-RDOC_OPTS = ['--quiet', '--title', "RubyCAS-Server #{VERS} Documentation",
-    "--opname", "index.html",
-    "--line-numbers", 
-    "--main", "README",
-    "--inline-source"]
-
-class Hoe
-  def extra_deps 
-    @extra_deps.reject { |x| Array(x).first == 'hoe' } 
-  end 
-end
-
-# Generate all the Rake tasks
-# Run 'rake -T' to see list of generated tasks (from gem root directory)
-hoe = Hoe.new(GEM_NAME, VERS) do |p|
-  p.author = AUTHOR 
-  p.description = DESCRIPTION
-  p.email = EMAIL
-  p.summary = DESCRIPTION
-  p.url = HOMEPATH
-  p.rubyforge_name = RUBYFORGE_PROJECT if RUBYFORGE_PROJECT
-  p.test_globs = ["test/**/test_*.rb"]
-  p.clean_globs = CLEAN  #An array of file patterns to delete on clean.
-  
-  # == Optional
-  p.extra_deps = DEPS
-  p.spec_extras = {:executables => ['rubycas-server', 'rubycas-server-ctl']}
-end
+require 'config/requirements'
+require 'config/hoe' # setup Hoe + all gem configuration
+
+Dir['tasks/**/*.rake'].each { |rake| load rake }

data/bin/rubycas-server

@@ -19,7 +19,7 @@ require 'picnic/cli'
 
 cli = Picnic::Cli.new(
   'rubycas-server',
-  :app_path => File.expand_path(File.dirname(File.expand_path(__FILE__)))
+  :app_module => 'CASServer'
 )
 
-cli.handle_cli_input
+cli.handle_cli_input