[cas-user] set details in the authentication handler

Wed, 02 Jul 2014 03:19:34 -0700 

Dear all,
        i'm using CAS 3.4 and I'm trying to implement some
sort of impersonation. I would need some advices.
The prerequisite is that we don't want to upgrade CAS (for the moment).
I'm making some tests using a CAS version running in development
environment and as client a Grails application. What I have now works
fine, but as I said I would like to implement impersonation. Let me know
if this is possible. This is my idea:

At CAS side I'd have a custom Handler looking like this:

public class ESOAuthenticationHandler extends
AbstractUsernamePasswordAuthenticationHandler
{
    public ESOAuthenticationHandler()
    {
    }

    protected boolean
authenticateUsernamePasswordInternal(UsernamePasswordCredentials
credentials)
        throws AuthenticationException
    {
      boolean goodCredential = false;

      //method checkUsernameAndPassword does the actual job
      if (checkUsernameAndPassword(credentials.getUsername(),
credentials.getPassword()) {
        goodCredential = true;
        }


//analyze the username and see if impersonation is requested
//here in pseudo code

 if (credentials.getUsername().contains("a special, predefined
carachter")) {

        setDetails("impersonation": true) //it can be a boolean, a string, 
whatever
}

        return goodCredential;
    }

At the client side my application would look like this
(remember this is groovy) :

 def index = {

        User loggedInUser = User.get(springSecurityService.principal.id)

        def impersonationRequested =
springSecurityService.authentication.details["impersonation"]


if (impersonationRequested) {
        //the user loggedInUser is not the real user, she was impersonated,
show and alert message. 
} else {
        //the user loggedInUser is the actual user, business as usual.
}

}


My question is: how do I set the details within the
authenticateUsernamePasswordInternal method at the CAS side?
Am I too naive and the matter is much more complicated?


Thanks,
---------------------------------------------------------------------
Fabio Sogni                            |  E-Mail: [email protected]    |
ESO - EUROPEAN SOUTHERN OBSERVATORY    |  Phone : +49 89 320 06 566 |
Karl Schwarzschild Strasse, 2          |  Fax   : +49 89 320 06 677 |
Garching bei Muenchen - Germany        |                            |
---------------------------------------------------------------------
Visita Interiora Terrae, Rectificando Invenies Occultum Lapidem.
---------------------------------------------------------------------


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to