Note also that JSONP is inherently insecure since it bypasses the same origin 
policy [1]. So you'd be opening yourself up to cross domain request forgeries, 
something you certainly would not want in CAS.

cheers,
Steve

[1] http://en.wikipedia.org/wiki/Same_origin_policy


On 14/05/2012, at 11:25 PM, Marvin S. Addison wrote:

> 
>> I would like to know if CAS supports JSON out of the box or if some
>> configuration is needed.
> 
> It certainly doesn't support anything that provides a JSON payload like
> that cited in the documentation you referenced:
> 
> {
>    "uniqueid": "1234",
>    "name": "John Doe",
>    "email": "[email protected]",
>    "photourl": "http://nosite.com/johndoe.png";
> }
> 
> It would be fairly straightforward to implement this via a
> customization, but would require a sound knowledge of the Spring
> Framework and Java development generally.  In short, you'd need a custom
> controller that emits the JSON payload above mapped to a custom URI like
> /jsonValidate.  Additionally, the controller would need to be hooked
> into the attribute repository machinery to get attributes like email and
> name.
> 
> M
> 
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to