Ray, What state do you need to set after? CAS provides both a CredentialsToPrincipalResolver and AuthenticationMetaDataPopulatator interfaces that execute after a successful AuthenticationHandler.
You can also use the proxy pattern if necessary. Create new AuthenticationHandler interface and implement the appropriate methods. You can then execute your before/after code and delegate to the LdapAuthenticationHandler for the actual authentication. You can also then implement the supports method which is what is used to determine if an AuthenticationHandler can be executed or not. -Scott On 1/30/07, t ray <[EMAIL PROTECTED]> wrote:
Actually, I realize now, I need the custom Authentication handler to be called both before and after CAS authenticates through LDAP. Before, because I need to determine (depending on certain other settings in the app) whether I really need to authenticate via LDAP (I may chose to authenticate against some other source). After, because I need to set some state depending on whether authentication was successful. Thanks, Ray. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Monday, January 29, 2007 9:44:01 PM Subject: Re: How to use LDAP adaptor classes? Ray, Why do you still need to call your custom Authentication Handler? -Scott On 1/29/07, t ray <[EMAIL PROTECTED] > wrote: > > Scott, > Thanks for your response. > The first link you provided answered most of my question. Also, its > great to know I need not write any code. I have 2 questions > though- Originally, I wrote an authentication handler class and placed it > under /localPlugins/src and then modified deployerConfigContext.xml to > refer to my auth handler class. That class gets called (authenticate() > method actually) when the user attempts to login. I am trying to tie this > along with using LDAP to authenticate. So, basically, I need to configure > CAS to use its ldap adaptors and authenticate and then return control to my > auth handler class (authenticate() method) for further processing. Is there > a way to do that? If there is, once control returns to my auth handler, how > do I figure out whether authentication using LDAP succeeded or not? > > Thanks. > > Ray. > > ----- Original Message ---- > From: Scott Battaglia < [EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Sunday, January 28, 2007 11:24:16 AM > Subject: Re: How to use LDAP adaptor classes? > > Ray, > > You shouldn't need to write any code as long as the current > Ldap*Handlers are sufficient to meet your needs. And you shouldn't need any > code to get your username/password to the handler. CAS utilizes the Spring > Web module which provides "binding" capabilities. Basically, you supply a > domain class (in our case a UsernamePasswordCredentials) and Spring Web > automatically matches Request parameters to properties on your domain class. > So a parameter of username will be set on the UsernamePasswordCredentials as > there is a matching username property. > > -Scott > > On 1/26/07, t ray <[EMAIL PROTECTED] > wrote: > > > > Thanks Scott. That was useful. > > > > I have a question- It appears from all the documentation that I don't > > really need to write any code at all, just configuration changes in > > deployerConfigContext.xml are sufficient to get the FastBind adaptor > > to do the basic authentication against an LDAP server. Is my understanding > > correct? Related to that, how is the user name and password that the user > > entered get passed on to the FastBind adaptor in order for authentication to > > occur? Do I need some code to make that happen? I see a username and > > password under ContextSource. But that appears to be of the entity thats > > allowed to query the ldap server. Basically, I am wondering how to pass the > > username/password that the user typed in to the LDAP server for > > authentication using FastBind class. > > > > Thanks, > > > > Ray. > > > > PS: I really hope this doesn't turn out to be another thread. I hit > > reply to the emails I receive and despite that a new thread is created for > > all my response. > > > > ----- Original Message ---- > > From: Scott Battaglia < [EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Friday, January 26, 2007 6:36:28 AM > > Subject: Re: How to use LDAP adaptor classes? > > > > These resources may help you: > > > > http://www.ja-sig.org/products/cas/server/ldapauthhandler/index.html > > > > http://developer.ja-sig.org/projects/cas/multiproject/cas-server-ldap/apidocs/index.html > > http://developer.ja-sig.org/test/cas.html#ldap > > > > Note that they are slightly out of date as they refer to the > > LdapTemplate project instead of the Spring LDAP project (we're working on > > updating this). The Spring LDAP Javadocs can be found here: > > http://www.springframework.org/ldap > > > > -Scott > > > > On 1/26/07, t ray < [EMAIL PROTECTED] > wrote: > > > > > > Digging a bit more, I found this- > > > > > > http://developer.ja-sig.org/source/viewrep/jasig/cas3/adaptors/ldap/src/main/resources/deployerConfigContext.xml?r=1.1 > > > > > > It is a deployerConfigContext.xml file that uses > > > BindLdapAuthenticationHandler. Can someone tell me if using > > > FastBindLdapAuthenticationHandler is similar, meaning, can I just replace > > > BindLdapAuthenticationHandler with FastBindLdapAuthenticationHandler? Also, > > > can someone point me to some description of the various properties that are > > > allowed? Most of them in the link above seem straight forward. I am not sure > > > about "authenticatedReadOnly" (what does it mean?) and those under > > > baseEnvironmentProperties. Specifically, where the protocol is marked "ssl", > > > does it mean that ssl is being used to communicate with Active Directory or > > > is the password still being sent in clear text? > > > For those wishing to use AD purely for authentication purposes and > > > not for some reason interested in the fastbind adaptor, you may also find > > > the following interesting- > > > > > > http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0 > > > > > > Thanks, > > > > > > Ray. > > > > > > ----- Original Message ---- > > > From: t ray < [EMAIL PROTECTED]> > > > To: CAS Mailing List < [email protected]> > > > Sent: Thursday, January 25, 2007 4:32:32 PM > > > Subject: How to use LDAP adaptor classes? > > > > > > I wish to authenticate by querying an Active Directory server. I > > > have modified deployerConfigContext.xml and have replaced the > > > SimpleTest authenticator with my own. However, I am not sure how to use the > > > LDAP adaptor classes that seem to be provided in the adaptors/ldap > > > directory. I assume these classes help in connecting to a LDAP server and > > > querying it. Could someone point me to some references/resources that > > > describe how to use these adaptor classes/how to connect to a LDAP server? > > > > > > Thanks. > > > > > > Ray. > > > > > > ------------------------------ > > > Bored stiff?<http://us.rd.yahoo.com/evt=49935/*http://games.yahoo.com>Loosen up... > > > Download and play hundreds of games for free<http://us.rd.yahoo.com/evt=49935/*http://games.yahoo.com>on Yahoo! Games. > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > ------------------------------ > > > Get your own web address.<http://us.rd.yahoo.com/evt=49678/*http://smallbusiness.yahoo.com/domains/?p=BESTDEAL> > > > Have a HUGE year through Yahoo! Small Business. > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > ------------------------------ > > It's here! Your new message! > > Get new email alerts<http://us.rd.yahoo.com/evt=49938/*http://tools.search.yahoo.com/toolbar/features/mail/>with the free Yahoo! > > Toolbar. > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > ------------------------------ > Have a burning question? Go to Yahoo! Answers<http://answers.yahoo.com/;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx>and get answers from real people who know. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ------------------------------ Check out the all-new Yahoo! Mail beta<http://us.rd.yahoo.com/evt=43257/*http://advision.webevents.yahoo.com/mailbeta>- Fire up a more powerful email and get things done faster. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
