[cas-user] http servlet session access

Tue, 30 Jul 2013 16:15:57 -0700 

Hi Guys,
I've tried a bunch of things with setting session attributes in CAS, but none of them seem to work. I have a problem where our redirect to our password management application works, but the user hits the back button and is then immediately redirected to the service they wanted to access, without being forced to change their password to match our rules. 


What I'd like to do, to solve this, is store a session variable 
indicating that they failed during authentication.  Then, when the 
password manager redirects them back through CAS again, to get to their 
service, it will pass a parameter indicating that their session may 
continue.  I'm not worried about people hacking that, and putting it in 
manually.  I just want to prevent most users from hitting the back button.



All of these work until you've proceeded to the service, but then the 
attribute is wiped, and is not seen when you return to CAS.



This one works temporarily, presumably because CAS doesn't use a servlet 
container session.

        final HttpServletRequest request;

        request = 
(HttpServletRequest)context.getExternalContext().getNativeRequest();

        HttpSession session = request.getSession();


Same here...

context.getExternalContext().getGlobalSessionMap().put("autest", "test 
value");


Same here...
context.getExternalContext().getSessionMap().put("autest", "test value");

Same here...
context.getFlowScope().put("autest", "test value");


My class was defined as...
public class LoginChecksAction extends AbstractAction


I attempted the above in doExecute(), and used a web flow execution 
listener to log the information on every request, to see if it's working.


Thanks.
--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!

--
   This communication is intended for the use of the recipient to whom it
   is addressed, and may contain confidential, personal, and or privileged
   information. Please contact us immediately if you are not the intended
   recipient of this communication, and do not copy, distribute, or take
   action relying on it. Any communications received in error, or
   subsequent reply, should be deleted or destroyed.
---

--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to