I'm (at this point) not going to use the Inspektr library for this.
But I would like to ask for a piece of advice, if you don't mind.
I've subclassed RestletFrameworkServlet and overridden
doService(HttpServletRequest request, HttpServletResponse response) in order to
store off two request parameters in a ThreadLocal that I will need later.
The problem I'm running into is that every time I try to access the request
parameters, I get a stack trace later:
Jun 8, 2011 2:08:24 PM com.noelios.restlet.StatusFilter getStatus
SEVERE: Unhandled exception or error intercepted
java.lang.IllegalArgumentException: resourceOperatedUpon cannot be null
at
com.github.inspektr.audit.AuditActionContext.assertNotNull(AuditActionContext.java:81)
I suspect it has something to do with that call messing with the inputStream in
the request, making it unusable later.
If so, how can I get the request parameter info?
(If not, what the heck am I doing wrong? :) )
From: Scott Battaglia [mailto:[email protected]]
Sent: Tuesday, June 07, 2011 2:30 PM
To: [email protected]
Subject: Re: RE: [cas-user] Causing CAS to make a REST call at each auth attempt
You could tie into into the Inspektr events.
On Jun 7, 2011 12:25 PM, "Eric Turley"
<[email protected]<mailto:[email protected]>> wrote:
> @Andrew:
> Yeah, we're using the war overlay as well, and currently, I'm specifying a
> different authenticationHandler, and within that, overriding postAuthenticate
> and doing what I gotta do. But I'm not sure that's the best place to plug in.
>
>
> @Marvin:
> No, we USED to use our "platform" as the front-end for auth. Clients would
> call it, and it would delegate to CAS. Now, we're moving to proper use of
> CAS, allowing clients direct access to it.
> But the *REASON* we used to have the platform front for it is because we
> wanted to create records of auth attempts. So you see, now I want CAS to make
> a call to the platform at every auth attempt, and the platform can create
> that record.
> And, afaik, I'm just interested in each TGT-granting. I just care when a user
> presents credentials and either succeeds or fails. I don't care how many
> times the user accesses a service.
>
> -----Original Message-----
> From: Marvin Addison
> [mailto:[email protected]<mailto:[email protected]>]
> Sent: Tuesday, June 07, 2011 1:47 PM
> To: [email protected]<mailto:[email protected]>
> Subject: Re: [cas-user] Causing CAS to make a REST call at each auth attempt
>
>> We'd like to make our CAS server make an http call to our "platform" server
>> whenever an auth attempt is made (pass or fail).
>
> IIRC this REST service is your authentication provider, so you simply
> want to call that service for every service access. Is that correct?
> Assuming so, there is no way to do this. In an SSO environment, the
> authentication handler fires on login exclusively. I imagine you
> don't want to burden the user with reauthentication to achieve this,
> so you'll have to customize CAS to support this use case.
>
> The fundamental problem you'll have to solve is a way to cache
> credentials to pass off to the authentication handler on every service
> request. Normally the credentials are provided by the Webflow, but in
> your case you'll have to cache them and replay them to the auth
> handler.
>
> Off the top of my head this sounds both difficult and ill-advised
> solely because of the need to cache credentials. Lots of problems can
> emerge from cached credential situations.
>
> M
>
> --
> You are currently subscribed to
> [email protected]<mailto:[email protected]> as:
> [email protected]<mailto:[email protected]>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to
> [email protected]<mailto:[email protected]> as:
> [email protected]<mailto:[email protected]>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
