First, full disclosure, I am fairly new to Spring and CAS. That being said, I have been tasked at our institution with adding password management features to the CAS system (3.5.2). To accomplish this, I have added a new Controller to our CAS server overlay to perform a password change. Ironically, the problem I am having is securing the new controller behind the CAS authentication.
To try and accomplish this I have modified the securityContext.xml file to mimic the settings used for the services management piece. Using this method I have been able to require the user to authenticate with CAS before using the password change form, but it seems to not respect the authentication for single sign on. Long story short, I am trying to add several new controllers to the CAS server overlay, and would like those controllers to require CAS authentication before they are used. Is there are good way to accomplish this within the CAS server overlay, or should I simply write a stand-alone password management application that authenticates against CAS? Thanks, Andrew McKinney -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
