Note also that JSONP is inherently insecure since it bypasses the same origin policy [1]. So you'd be opening yourself up to cross domain request forgeries, something you certainly would not want in CAS.
cheers, Steve [1] http://en.wikipedia.org/wiki/Same_origin_policy On 14/05/2012, at 11:25 PM, Marvin S. Addison wrote: > >> I would like to know if CAS supports JSON out of the box or if some >> configuration is needed. > > It certainly doesn't support anything that provides a JSON payload like > that cited in the documentation you referenced: > > { > "uniqueid": "1234", > "name": "John Doe", > "email": "[email protected]", > "photourl": "http://nosite.com/johndoe.png" > } > > It would be fairly straightforward to implement this via a > customization, but would require a sound knowledge of the Spring > Framework and Java development generally. In short, you'd need a custom > controller that emits the JSON payload above mapped to a custom URI like > /jsonValidate. Additionally, the controller would need to be hooked > into the attribute repository machinery to get attributes like email and > name. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
