Instead of success my sample source generates tgt to create st. Thats why I changed login webflow
Sent from Samsung Mobile -------- Original message -------- Subject: Re: [cas-dev] Extending CAS for providing a change-password-screen From: the john <jo0...@gmx.de> To: cas-dev@lists.jasig.org CC: Hello, I wanted to share how we managed to implement the change-password-screen with the login-webflow of CAS-3.4.11. Pamir helped there quite a bit - thanks! We created two new views, one new controller and one new model: 1. changePasswordView.jsp // provide the form to cange password. 2. changePasswordViewSuccess.jsp // display a success message and a button to proceed. 3.ChangePasswordViaFormAction.java // controller of the change-password-form. 4. ChangePasswordCredentials.java // the model for holding username, oldPassword, newPassword1 and newPassword2. It also provides a method "credentialsForLogin" to create a UsernamePasswordCredentials-Object for the CAS-login-process. To publish the new event "changePassword" to hook into the login-webflow we had to change the default implementation of "AuthenticationViaFormAction.java". All the things above are put together like the implementation of AuthenticationViaFormAction.java. So the login-webflow was changed to: 1. Create a new flow-variable: <var name="newPassCredentials" class="de.xyz.xyz.cas.authentication.principal.UsernameChangePasswordCredentials" /> 2. Change action-state "realSubmit" so that it reacts to the event "changePassword" and redirects to the new view-state "changePasswordView". 3. The idea of the implementation (binder, model, realSubmit) of this new view was taken from the view-state "viewLoginForm". 4. At the new view-state "changePasswordViewSuccess" we set the CAS-Credentials and then redirect to the CAS-login-process: <transition on="submit" to="realSubmit"> <set name="flowScope.credentials" value="flowScope.newPassCredentials.credentialsForLogin" /> </transition> I hope this may be comprehensible enough. Regards Jonathan Strampp -------- Original-Nachricht -------- > Datum: Fri, 13 Apr 2012 19:41:27 +0300 > Von: "Pamir.erdem" <pamir.er...@gmail.com> > An: cas-dev@lists.jasig.org > Betreff: Re: [cas-dev] Extending CAS for providing a change-password-screen > Hi > I have developed it one year,ago. This weekand i can prepare,documentation > for the gruop if somebody can put it on the wiki > > Sent from Samsung Mobile > > -------- Original message -------- > Subject: [cas-dev] Extending CAS for providing a change-password-screen > From: jo0...@gmx.de > To: cas-dev@lists.jasig.org > CC: > > Hello, > > we want to force a user to change his password if it is expired. So the > user can't use any CAS-Clients before changing his password. > > We have no central application for changing that password so we want to > include that functionality in CAS. So I think we have to create a > change-password-screen where the current user is redirected to and forced to > change > his password. This has to happen before generating the TGT-Cookie, of course. > > Searching the web I've only found two sites with the same problem (other > sites just offered a link to a password-change-application): > 1. http://jasig.275507.n4.nabble.com/force-password-change-td255185.html > 2. > https://wiki.jasig.org/display/CASUM/Change+Password+Integration+With+Jasig+CAS+3.4.7 > > Both are a bit outdated or empty so I'm asking: > - Can anyone point out different sites where this is dicussed, too? > - Can anyone provide hints where to create new states in the login-flow > and what parameters I shoud set when in order not to create security holes. > > > Regards > Jonathan Strampp > -- > NEU: FreePhone 3-fach-Flat mit kostenlosem > Smartphone! > Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > pamir.er...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: jo0...@gmx.de > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- You are currently subscribed to cas-dev@lists.jasig.org as: pamir.er...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
