We have a Spring application that is using CAS. This application does not use the CAS client jar as a filter. The design uses a Spring Interceptor and makes calls directly to CAS client classes.
So when the application is first hit we do a "response.sendRedirect()" to our CAS server login URL. When the application is set a request with a "ticket" parameter it calls org.jasig.cas.client.validation.Cas20ServiceTicketValidator.validate() directly. The application gets the principal like this: Assertion casAssertion = this.ticketValidator.validate(myTicket, localServiceUrl); String unid = casAssertion.getPrincipal().getName(); At this point we are successfully logged in and the unid is placed on the session. For here on out the interceptor checks to see if there is a unid on the session, if there is one then the user is assumed to be logged in and CAS is never referenced again. What does the group think of this? Thanks, Bryan Wooten UIT Systems Administrator University of Utah [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
