Kim, It would be better to write your own new authentication handler that contains your custom business logic. I think the "QueryDatabaseAuth" handler or something that derives from the JdbcAuth handlers would be a good place to start. Hope that helps. Tom ________________________________________ From: Kimberly Krebs [[email protected]] Sent: Tuesday, July 21, 2009 5:13 PM To: [email protected] Subject: [cas-user] CAS + Spring Security + JDBC - Duplicate User Ids
I have searched and searched and found no one with my issue. I am in the process of switching from a custom written security implementation to CAS + Spring Security (using JDBC in the backend). The user experience must remain transparent with the new changes. Right now, our user table includes a column for a unique ID (integer), a username, a password and an ID that specifies what part of the application a user belongs to (similar to a role, but very high level). Users log into the site with their Username and password, and the app checks to see what part of the app they're trying to log into (based on the Domain in the URL -- we have multiple domains). Usernames are unique per this SiteId, but are not unique overall in the table. My problem is, I am not certain how to handle this situation in the conversion over to CAS / spring security. I would prefer that CAS check for the UserID and Password, and if it finds more than one match, pass BOTH over to Spring Security, along with the unique ID of the two (or more) rows. Spring Security could then check the URL and assign the correct User Details based upon this unique user id that matches the app id that the user is trying to access. The problem is, I am not certain how to handle this or where to make the changes. Would it be preferable to make changes to CAS to have it check the URL and the siteid to get only one user, which it would then pass to Spring Security? Does anyone have an example of a time where something like this has been done in the past, or am I treading on new ground? I realize that the better solution is to have unique userids, but I didn't write these requirements. Thanks, Kim -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
