On 4/30/11 7:18 AM, Marvin Addison wrote:
> (Sorry this is so late; meant to respond sooner.)
Thanks for the answer, and no apologies for being late - still beat the
response times of most vendors I've worked with :P.
> I think you're going to have to write code either way, and the
> RememberMe components are farther from what you really want. The
> ExpiraitonPolicy interface, on the other hand, is what you want and
> it's meant to be extensible by deployers.
Yeah, I was afraid that there'd be no real way around it; time to roll
up my sleeves and become more familiar with Java, which will be fun.
> You could use that strategy
> to interrogate the remote IP in a custom ExpirationPolicy.
Just to check my understanding since this is all new and a bit out of my
comfort zone, this strategy basically amounts to building a custom
ExpirationPolicy, and in this customization querying ThreadLocal (I'm
assuming some sort of per-Java-thread variable store?) for the remote IP
that's filled out by the inspektr filter (This is the filter defined by
the following snippet in web.xml, right?)
<filter>
<filter-name>CAS Client Info Logging Filter</filter-name>
<filter-class>com.github.inspektr.common.web.ClientInfoThreadLoc
alFilter</filter-class>
<init-param>
<param-name>alternativeIpAddressHeader</param-name>
<param-value>X-Forwarded-For</param-value>
</init-param>
</filter>
On that note, is it right to assume that my setting of
alternativeIpAddressHeader will be sufficient to get the *actual*
IpAddress from the ThreadLocal (we're behind a load balancer in this
scenario and I can confirm that making this change works for the audit
logs).
Sorry if I'm just repeating back obvious information, trying to make
sure I have a handle on it.
Oh, and on a mostly unrelated note (perhaps suited for a new thread, but
minor enough, probably), I'm putting the finishing touches on an upgrade
for an old CAS plugin for squirrelmail (web-based IMAP client) I found
out in the internet, and was wondering what the best way to share the
changes would be, or to discuss it in general. While it's a
squirrelmail plugin, I'd imagine it's of more interest to the CAS
community than the Squirrelmail one since it's a pretty darn specialized
plugin. I realize Squirrelmail's been CAS-ified before, but the code
examples I found didn't implement everything I needed for my
environment.
Thanks again,
Matt
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
