>From a friends email: ... is that the filters are run after the authentication because often filters use your Security
principal... Is this true? Is this why CAS runs after the JBoss authentication? And further on: When we integrated CAS into JBoss at a client we had to change Tomcat to support a new authentication, "CAS_AUTH" that told client apps to use CAS for authentication. That way you could use "Basic" or "Form" in some environments, but then if you are in a CAS environment, just change that method to "CAS_AUTH" and your webapp started querying CAS for the data. He did this work a few years ago. Is it still necessary to write a custom authenticator like http://www.mail-archive.com/[EMAIL PROTECTED]/msg72827.html? Or is there some other path I can go down? Thanks in advance, Tom
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
