I am sure LSU would use the container management integration as we have a custom JAAS module for pulling role information that is coupled with the CAS client.
I am just trying to think how existing Java applications would change. I imagine they would have their context.xml specify the JAAS realm to use, however I'm curious on how to make it pluggable such that you can have custom JDBC queries for retrieving role information. Thoughts? A- On 8/20/09 11:24 AM, "Marvin Addison" <marvin.addi...@gmail.com> wrote: > Two CAS client features have been discussed in the not-too-distant > past, and I'd like to reinvigorate the discussion to either move > forward or dismiss them. > > 1. Tomcat integration, http://www.ja-sig.org/issues/browse/CASC-33. > It's not clear from the issue whether it would include both > authentication and role-based authorization support, but it's my hope > that both would be supported. > 2. Make HttpServletRequestWrapperFilter respond to requests about > role data by querying the cached principal for attributes. I don't > believe there's a Jira issue for this feature. > > I believe #1 should be pretty straightforward. Based on some recent > work with a colleague to develop a custom Tomcat Authenticator, I > don't believe #2 as written is possible. In Tomcat role-based > authorization is performed before filters fire, so it's not possible > to provide role data from the filter since it's too late. I'm fairly > certain this logic would need to live in a custom CASAuthenticator > class, which would make it a Tomcat-specific feature that could > possibly be integrated with #1. > > I know some folks out there use container-managed authn/authz, but I > wonder whether there is enough interest to merit the work involved. > If you would use these features, please speak up. > > M -- Andrew Feller, Business System Programmer LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
