Hi, We have a legacy non-browser client application (Swing), which does most of the work locally on the client machine, but occasionally contacts the server using HttpClient (e.g. REST api to "upload work to server"). The server is a Java web-application on Tomcat.
Is there an easy way to add CAS protection to this? I saw the REST documentation: https://wiki.jasig.org/display/CASUM/RESTful+API But wasn't sure how the complete flow should be... I could start with a Swing login form, and use the credentials to obtain a TicketGrantingTicket via RESTful API. But once I obtained a TicketGrantingTicket... what next? I know the flow for *Browser* applications, so one solution could be imitating browser behavior, in term of redirects and cookies (follow the CAS redirect that adds "ticket" parameter representing ServiceTicket; then follow the ValidationFilter redirect that removes this "ticket" parameter; and finally get a JSESSIONID cookie which should be sent in subsequent requests). But is there any easier API for non-browser applications? One that involves less 'redirects' and less cookies? Thanks -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
