> In short, is there some way to dump the
> principal after authentication, or some other way to tell if the
> attributes have been properly stored.
PolicyBasedAuthenticationManager logs the resolved principal at DEBUG:
logger.info("Authenticated {} with credentials {}.", principal,
Arrays.asList(credentials));
logger.debug("Attribute map for {}: {}", principal.getId(),
principal.getAttributes());
Turning up org.jasig.cas.authentication to DEBUG would print out the
information you need to definitively show whether the attributes you
expect are in the principal.
>
> This is the definition of the "primaryPrincipalResolver" that seems to
> finally be working:
>
> <!--
> | Resolves a principal from a credential using an attribute
> repository that is configured to resolve
> | against a deployer-specific store (e.g. LDAP).
> -->
> <bean id="primaryPrincipalResolver"
>
> class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
>>
> <property name="attributeRepository" ref="attributeRepository" />
> </bean>
While I imagine that it does work, it's not efficient since you're
effectively doing attribute resolution twice. The handler can resolve
attributes on the same connection as that used for authentication;
with PersonDirectoryPrincipalResolver, you're opening a new connection
to do it again. The wrinkle is that you MUST define an
attributeRepository bean for use by other system components, but you
should probably use a StubPersonAttributeDao [1] bean that simply has
the attribute mapping.
M
[1]
http://developer.jasig.org/projects/person-directory/1.1.1/apidocs/org/jasig/services/persondir/support/StubPersonAttributeDao.html
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
