That's correct. The design is such that your db-loaded roles would be released as attributes to the particular service/application employed. This is done using the person-directory API and its JDBC support. Then there's a small tweak to the wrapper filter on the client side that would populate the roleAttribute param based on the value (user_role) received, which should then allow you to make authorization decisions based on the isUserInRole() call.
-Misagh > -----Original Message----- > From: Jason Edward White [mailto:[email protected]] > Sent: Monday, June 04, 2012 10:40 AM > To: [email protected] > Subject: RE: [cas-user] Getting userName and Roles after CAS > authentication > > I just looked at them (have not tried yet). This assumes that CAS is > querying for roles, correct? > > What I'm currently trying to do is employ CAS for authentication, but > do authorization in the "client" app. This solution may work,but (as I > read it) differs in terms of architecture. > > Have you successfully used this method? > > Cheers, > jason > ________________________________________ > From: Misagh Moayyed [[email protected]] > Sent: Monday, June 04, 2012 12:18 PM > To: [email protected] > Subject: RE: [cas-user] Getting userName and Roles after CAS > authentication > > Have you had a chance to review the instructions here? > https://wiki.jasig.org/pages/viewpage.action?pageId=47874068 > > > -Misagh > > > > -----Original Message----- > > From: Jason Edward White [mailto:[email protected]] > > Sent: Friday, June 01, 2012 10:10 AM > > To: [email protected] > > Subject: [cas-user] Getting userName and Roles after CAS > > authentication > > > > I've got CAS Auth. working on an app. in general. > > > > Now I want to grab custom roles from a DB. As I understand, I have to > > implement a custom UserDetails ... > > (e.g. http://www.ashishpaliwal.com/blog/2009/02/spring-security- > > %E2%80%93-implementing-custom-userdetails-using-hibernate/ OR > > http://www.codercorp.com/blog/spring/security-spring/writing-custom- > > userdetailsservice-for-spring-security.html) > > > > BUT ... that requires I grab the userName (which comes from > > UserDetails). Feel like I'm in a chicken/egg situation here, or I'm > > missing something easy. > > > > I'm using the Spring Security method: > > > https://wiki.jasig.org/display/CASC/Using+the+CAS+Client+3.1+with+Spri > > n > > g+Security > > > > I tried something like this > > (http://stackoverflow.com/questions/6161985/get-userdetails-object- > > from-security-context-in-spring-mvc-controller) with the default > > UserDetails but no dice ... > > > > Anyone else done this and/or have some pointers? ... TIA!! > > > > Jason > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
