> So now my follow-up: can I instruct CAS to logcically AND all of the
> handlers ? :)
This has come up before, where the use case is wanting _both_ X.509
and username/password auth. You would have to write your own
authentication handler to do that. If you know that all of your
handlers accept the same kind of credentials, e.g.
UsernamePasswordCredentials, you could simply write a delegating
authentication handler that delegated to one or more handlers and
required success for all in order to pass:
public class DelegatingAuthenticationHandler extends AuthenticationHandler
{
private Collection<AuthenticationHandler> delegates;
public authenticate(Credentials credentials) {
for (AuthenticationHandler handler : delegates) {
if (!handler.authenticate(credentials)) {
return false;
}
}
return true;
}
}
Obviously the above won't work for the use case I cited initially,
X.509+username/pass, since those require different kinds of
credentials. The good news is the authentication framework in CAS is
very extensible and pretty easily allows you to address custom needs
with only a little extension code.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
