Thanks Scott
Just a few minutes after I sent my note I thought that overriding that
class/method might do the trick, and it looks like it will.
For anyone that's interested, the TicketResource class (or whichever one
you want to use), is defined in WEB-INF/restlet-servlet.xml. I've extended
TicketResource.java and overriden one method which will create Credentials
based on the username - currently it just creates the usual Credentials
but you get the idea :)
@Override
protected Credentials obtainCredentials() {
final RestletWebRequest webRequest = new
RestletWebRequest(getRequest());
String username = webRequest.getParameter("username");
String password = webRequest.getParameter("password");
// create Credentials depending on username
final UsernamePasswordCredentials c = new
UsernamePasswordCredentials();
c.setUsername(username);
c.setPassword(password);
return c;
}
From: Scott Battaglia <[email protected]>
To: [email protected]
Date: 22/09/2011 14:04
Subject: Re: [cas-user] Advice on multiple authentication handlers
and REST
The REST API does not fix you to using only UsernamePasswordCredentials.
See API:
https://github.com/Jasig/cas/blob/master/cas-server-integration-restlet/src/main/java/org/jasig/cas/integration/restlet/TicketResource.java#L87
Cheers,
Scott
On Thu, Sep 22, 2011 at 7:40 AM, John Davis <[email protected]> wrote:
Hi all,
I want to use three separate handlers, which one is used depends on the
format of the Principle (e.g. the username). We call CAS using REST, which
appears to fix us to using only UsernamePasswordCredentials, so I can't
use different Credentials implementations and then select which
authentication using the supports() method. I thought instead that I could
examine the username in the supports() method of each authenticator but
unfortunately that method is final in
AbstractPreAndPostProcessingAuthenticationHandler.
I think my choices are either to create my own
AbstractPreAndPostProcessingAuthenticationHandler, or not use supports()
and instead work out if the credentials are supported in the
authenticateUsernamePasswordInternal() method.
I'm leaning towards the first option, but just thought I'd see if anyone
has any suggestions.
cheers, john
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
