I was really hoping to get this solved today if someone, Scott  :-), would be willing to explain how to use the MetaDataAuthenticationPopulator.  I just cannot find any examples and it is not clear to me from the doc.  Thank you for all the help.


On 7/19/06, Jason Tesser <[EMAIL PROTECTED]> wrote:
I am looking through the code and Java doc and am unsure exactly what to do with the MetaDataAuthenticationPopulator.  I see the interface and it has a method that takes the authentication and credentials.  Here is my AuthHandler

public class CASAuthProvider extends AbstractUsernamePasswordAuthenticationHandler {

      static Logger log = Logger.getLogger(CASAuthProvider.class);
     
@Override
protected boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials) throws AuthenticationException, GraceLoginException {
    HashMap<String, Object> auth = EdirUtil.authenticate(credentials.getUsername(), credentials.getPassword());
    int result = ((Integer)auth.get(EdirUtil.LDAP_RESULT_KEY)).intValue();
   
    if(result == EdirUtil.SUCCESSFUL_LOGIN){
        return true;
    }
    else if(result == EdirUtil.ACCOUNT_DISABLED){
        throw new AccountDisabledException();
    }
    else if(result == EdirUtil.INVALID_PASSWORD ){
        throw new BadCredentialsAuthenticationException("Login failed. Please check your credentials and try again.");
    }
    else if(result == EdirUtil.INVALID_USERNAME){
        throw new BadUsernameOrPasswordAuthenticationException("Login failed. Please check your credentials and try again.");
    }
    else if(result == EdirUtil.NO_MORE_GRACE_LOGINS){
        throw new BlockedCredentialsAuthenticationException("Login failed. You have used all your grace logins. Please contact the IT Helpdesk at ext. 3880.");
    }
    else if(result == EdirUtil.ON_A_GRACE_LOGIN){
        throw new GraceLoginException();
    }
    else{
        throw new BadCredentialsAuthenticationException();
    }

}

}

From here I find out the user is on a GraceLgin and need to get that information into the something.  I guess if I can get it accessable by the ticketRegistry that would work.  I guess then I could get a new guy in teh flow that checks teh ticket registry and sees if it is a grace login or not.  Then I dont have to reimplemnt a bunch of core interfaces. 

So How do I get the information into the Authentication map and how do I get it out?



On 7/18/06, Jason Tesser < [EMAIL PROTECTED]> wrote:
OK well how do I get the my graceLogin information into the ticket registry?  I have my own AuthenticationHandler which does my login against ldap and it knows about the the ldap code. How do I get it to get information into this ticketRegistry?


On 7/18/06, Scott Battaglia < [EMAIL PROTECTED]> wrote:
There are alternatives to re-writing the core interfaces :-)

After Authentication, CAS returns a Ticket Granting Ticket Id.  Ticket
Granting Tickets along with Authentication information are stored in a
Ticket Registry.  We generally don't recommend accessing the Ticket
Registry directly, but in your case it may be necessary.

You can compose an AuthenticationMetaDataPopulator which can add an
attribute to the Authentication map that specifies your grace login
information.

From within an Action in the web flow (I recommend you add to the web
flow rather than modifying classes directly) you can access the Ticket
Registry, and using the Ticket Granting Ticket Id retrieve the
Authentication object, which would contain the information you are
looking for.

Again, generally Authentication information is only supposed to be
exposed on ticket validation (which is why its only returned when an
Assertion is returned) but it can be accessed outside that as long as
you have a ticket id.

-Scott



_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to