> I saw in the CAS documentation it specifies the order to be.... > > 1. AuthenticationFilter > 2. TicketValidationFilter (whichever one is chosen) > 3. HttpServletRequestWrapperFilter > 4. AssertionThreadLocalFilter
This is correct. > <filter-mapping> > <filter-name>CAS Validation Filter</filter-name> > <url-pattern>/CasProxyServlet</url-pattern> > </filter-mapping> ... > <filter-mapping> > <filter-name>CAS Validation Filter</filter-name> <!-- > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter > --> > <url-pattern>/Login</url-pattern> > </filter-mapping> I'm not aware of any use case for two validation filters. In any case the authentication filter must come before the validation filter, or you'll have cases where you attempt to validate without a ticket and bad things happen. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
