public class CASAuthProvider extends AbstractUsernamePasswordAuthenticationHandler {
static Logger log = Logger.getLogger(CASAuthProvider.class);
@Override
protected boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials) throws AuthenticationException, GraceLoginException {
HashMap<String, Object> auth = EdirUtil.authenticate(credentials.getUsername(), credentials.getPassword());
int result = ((Integer)auth.get(EdirUtil.LDAP_RESULT_KEY)).intValue();
if(result == EdirUtil.SUCCESSFUL_LOGIN){
return true;
}
else if(result == EdirUtil.ACCOUNT_DISABLED){
throw new AccountDisabledException();
}
else if(result == EdirUtil.INVALID_PASSWORD ){
throw new BadCredentialsAuthenticationException("Login failed. Please check your credentials and try again.");
}
else if(result == EdirUtil.INVALID_USERNAME){
throw new BadUsernameOrPasswordAuthenticationException("Login failed. Please check your credentials and try again.");
}
else if(result == EdirUtil.NO_MORE_GRACE_LOGINS){
throw new BlockedCredentialsAuthenticationException("Login failed. You have used all your grace logins. Please contact the IT Helpdesk at ext. 3880.");
}
else if(result == EdirUtil.ON_A_GRACE_LOGIN){
throw new GraceLoginException();
}
else{
throw new BadCredentialsAuthenticationException();
}
}
}
From here I find out the user is on a GraceLgin and need to get that information into the something. I guess if I can get it accessable by the ticketRegistry that would work. I guess then I could get a new guy in teh flow that checks teh ticket registry and sees if it is a grace login or not. Then I dont have to reimplemnt a bunch of core interfaces.
So How do I get the information into the Authentication map and how do I get it out?
On 7/18/06, Jason Tesser <
[EMAIL PROTECTED]> wrote:
OK well how do I get the my graceLogin information into the ticket registry? I have my own AuthenticationHandler which does my login against ldap and it knows about the the ldap code. How do I get it to get information into this ticketRegistry?On 7/18/06, Scott Battaglia < [EMAIL PROTECTED]> wrote:There are alternatives to re-writing the core interfaces :-)
After Authentication, CAS returns a Ticket Granting Ticket Id. Ticket
Granting Tickets along with Authentication information are stored in a
Ticket Registry. We generally don't recommend accessing the Ticket
Registry directly, but in your case it may be necessary.
You can compose an AuthenticationMetaDataPopulator which can add an
attribute to the Authentication map that specifies your grace login
information.
From within an Action in the web flow (I recommend you add to the web
flow rather than modifying classes directly) you can access the Ticket
Registry, and using the Ticket Granting Ticket Id retrieve the
Authentication object, which would contain the information you are
looking for.
Again, generally Authentication information is only supposed to be
exposed on ticket validation (which is why its only returned when an
Assertion is returned) but it can be accessed outside that as long as
you have a ticket id.
-Scott
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
