> now we would add a new type of user, so that type1 and type2 could access > different types of webapps. > ii have wrote a new authenticationHandler
I think you're inviting trouble if you try to make the CAS server perform authorization. It simply is not designed for centralized security policy enforcement. I recommend you delegate authorization to the individual applications and leverage attribute release at the CAS server to provide the raw data on which you would perform authorization at the clients. See http://www.ja-sig.org/wiki/display/CASUM/Attributes for more information on the attribute release feature. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
