On 5/22/07, Andrew William Petro <[EMAIL PROTECTED]> wrote:
Andrew, > However, my boss wants the JA-SIG client as it wraps the HttpServletResponse to override the getRemoteUser method. The Yale Java CAS Client does this as well. There's an initialization parameter to the CASFilter governing whether it wraps the response. > After removing this, the issue became clear that my Cas20ProxyTicketValidator needed to be configured to accept any proxy. If you do not discriminate among incoming proxy tickets' proxying applications, you open yourself to illicit proxies through any application using your CAS server. You must examine the identity of the proxying application. The Yale Java CAS Client CASFilter implements this behavior by allowing you to specify allowed proxies, again as an initialization parameter.
The JA-SIG CAS Client also implements this behavior as a parameter. It also gives you the option of accepting any proxy. -Scott Andrew
Andrew R Feller wrote: I figured out the issue. =P With the JA-SIG 3.0 client, I included all of the JARs in the bin directory to the webapp's WEB-INF/lib directory instead of just the cas-client-core JAR. After removing this, the issue became clear that my Cas20ProxyTicketValidator needed to be configured to accept any proxy. Thanks regardless, A- Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 ------------------------------ *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] *On Behalf Of *Andrew R Feller *Sent:* Tuesday, May 22, 2007 8:38 AM *To:* [email protected] *Subject:* JA-SIG CAS Client 3 setup Good morning, When I originally started setting up a test instance of the CAS server and clients, I could not get the JA-SIG 3.0 client working, so I ended going with the Yale CAS Java client. However, my boss wants the JA-SIG client as it wraps the HttpServletResponse to override the getRemoteUser method. Whenever I go to CAS-ify a simple Hello World application, I get errors related to the ContextLoaderListener. I have pasted my web.xml, securityConfiguration.xml, and the errors logged in hopes that someone could help get me straight; I would appreciate any help! Thank you, Andy _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
