Hello, I am stumped with how to access the supplied netID that was used to secure an application with CAS. I can access this information inside a protected servlet with : request.getRemoteUser() in java. I have read that the NetID is put in the session. if you are using mod_cas. Aparently, the user id is stored in the REMOTE_USER in this case. My problem is that I am using Tomcat. My application is one html page with a lot of jQuery interaction. I am also using GWT in another protected application.
Once the user logs in, I would like to set a variable "somewhere" and be able to refer to it in my jQuery code. Sorry this is probably very simple but I cannot find an explanation that I can work from. I think I'm missing a key piece given that I have limited experience in Web Development. I can see from FireFox that my secured application SITE has three cookies : path : /TmpAlerts -> JSESSIONID path : /cas -> CASTGC path : /cas -> JSESSIONID Can anyone provide a pointer to what I am missing ? I did manage to get something going which may or may not be a security concern. This is what I have to check here... Is this an acceptable approach..? I have created a servlet filter, which calls the request.getRemoteUser() method and sets a USER_ID cookie. My secured applications can then look at the cookie and get the user_id of the person who logged in. Is this a correct approach or is there something inside CAS that is already canned that I should be using? thanks and sorry for the noob question.. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
