Hi All, I am working on an application that runs on glassfish. There are some web services exposed on this application. These are accessed using basic HTTP authentication by external applications. Recently this app [that runs on glassfish] was casified. This meant that the external applications cannot access the application by providing the http basic auth as they used to do earlier. [They do not want to get CAS tokens and supply them while invoking the services].
The requirement is to retain previous auth model for external applications while having the CASification in place. We are using JSR-196 for the CASification. I wanted to know if this is really possible. JEE only allows us to have one active realm at any point in time. Is it possible to have a filter layer before JASPIC which based on the user agent header will determine if the request needs to be authenticated with http basic method? If so it will fire a request to CAS and get the token and redirect to the service being inviked. I can provide more details in case I was not able to explain the scenario properly. Regards Prasad -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user