Initially we made the app behave like a browser and user entered credential s via the Java app which were then used. We have since integrated with Java SSO client that can access the domain credentials negating the need for user to enter details. On 17 Feb 2013 08:34, "sol myr" <[email protected]> wrote:
> Hi, > We have a legacy non-browser client application (Swing), which does most > of the work locally on the client machine, but occasionally contacts the > server using HttpClient (e.g. REST api to "upload work to server"). > The server is a Java web-application on Tomcat. > > > Is there an easy way to add CAS protection to this? > I saw the REST documentation: > https://wiki.jasig.org/display/CASUM/RESTful+API > But wasn't sure how the complete flow should be... I could start with a > Swing login form, and use the credentials to obtain a TicketGrantingTicket > via RESTful API. > But once I obtained a TicketGrantingTicket... what next? > I know the flow for *Browser* applications, so one solution could be > imitating browser behavior, in term of redirects and cookies (follow the > CAS redirect that adds "ticket" parameter representing ServiceTicket; then > follow the ValidationFilter redirect that removes this "ticket" parameter; > and finally get a JSESSIONID cookie which should be sent in subsequent > requests). > > But is there any easier API for non-browser applications? > One that involves less 'redirects' and less cookies? > > Thanks > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
