On Mon, Apr 20, 2009 at 5:43 PM, Martin Simons <[email protected] > wrote:
> <snip /> > The fact that the "service" parameters both serve as a part of ticket > validation and as the URL the CAS server will redirect to confuses me > though. So basically I have to build my app in a way that the page the user > is redirected to after login takes care of any application-specific > redirection? Example: A user visits a public page A, then navigates to a > protected one B. This throws him to the CAS login which again redirects him > to application page C. So if I want the user to be redirected to page B I > have to take care of this on app-side? > If you want the user redirected to page B on return, then that's the "service" url you need to provide to CAS. CAS automatically redirects back to whatever URL was provided as the service url. Hope that helps. -Scott > > Kind regards, > Martin > > > Am 20.04.2009 um 00:01 schrieb Scott Battaglia: > > Marvin, > > I'm not sure which version of the CAS client you're looking at. The ones > on the main page are probably for the Yale client. The Jasig client's > documentation is here: > > http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1 > > We don't have documentation on the individual objects because in general, > the filters are sufficient. If you don't want to use the filters then you > need to do the redirection on your own (note: CAS does Authentication, not > authorization). You should read the CAS protocol for information on how to > redirect. There's no object to help you (though, note, you can apply the > authentication filter to one individual path (i.e. /myapp/login) and have it > automatically redirect when someone accesses that particular page. > Validation can be done by using any of the supplied TicketValidators in the > library. > > The CAS protocol can be found here: > http://www.jasig.org/cas/protocol > > However, we strongly recommend you take advantage of the filters provided > by the CAS client, or leverage an independent security framework such as > Spring Security, which utilizes the Jasig CAS Client library. > > Thanks > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Sun, Apr 19, 2009 at 5:51 AM, Martin Simons < > [email protected]> wrote: > >> Hello, >> >> I'm currently in the process of migrating a few Java appplications to a >> Single-Sign-On with CAS. In this application it is basically up to the >> single page whether authentication/authorization is required or not. >> Therefore using the filters in web.xml doesn't seem to be a good solution. >> Instead I'd like to integrate the CAS-authentication into my existing >> authentication code using the java objects approach described on the JA-SIG >> main page (although this specific code example appears to be outdated). >> >> Unfortunately, all my attempts so far have failed. I'm lacking a >> comprehensive documentation on how to work without the filters or at least >> without the filters doing all the work. Is there any resource on this topic >> I haven't discovered so far? Google searches didn't yield much. Specifically >> I'm interested in how I have to redirect to the CAS-server for authorization >> (if I do it manually right now, providing a "service" parameter, I get an >> exception in the client app (from the validation filter) that ticket and >> service don't match), how to obtain the ticket/username within the client >> app and how to validate the ticket. >> >> For your information: The exemplary application I'm trying to integrate >> with CAS right now is based on Wicket. >> >> Kind regards and thanks for your advice, >> Martin Simons >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
