Uday Kari <[EMAIL PROTECTED]> writes:
>
> Indeed, I am VERY interesting in this capability as well (that is
> returning more than just username).
>
> Specifically, the servlet specification seems to suggest that HTTP
> request needs to
>
> A) return the login username as a result of request.getRemoteUser()
> B) return "true" for request.isUserInRole("rolename")
> C) return non-null UserPrincipal object for request.getUserPrincipal()
>
> Is there a way to do this "roles-aware" type of login using Yale CAS
> server/client out-of-the-box for tomcat?
Yes, there is out-of-box support for this within tomcat.
JAAS is based on role.
And I know josso(another opensource sso product) dose just what you said based
on JAAS and tomcat.
Do you mean CAS 3.1 M3 or later will support doing like that?
But I still think returning extra info using xml
(casServiceValidationSuccess.jsp??) is a better idea.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
