OK, it's all working now. Here's my attempt to be a good participant by compiling the result. Hopefully it will be easy to find for others in the future.
To make it work, I did the following:
* Modified the JSP in our custom UI theme to contain a checkbox for
"workstationType".
* Extended UsernamePasswordCredentials to contain the value.
* Modified casServlet.xml to tell the authenticationViaFormAction about the new
credentials by setting two new properties on the "authenticationViaFormAction"
bean like
so:
<bean id="authenticationViaFormAction"
class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"
p:formObjectName="credentials"
p:formObjectClass="mypackage.MyNewCredentialsClass" />
* Added an AuthenticationMetaDataPopulator to put that value on the
authentication
attribute map.
* Modified deployerConfigContext to configure the new MetaData. Add a new
property to the
"authenticationManager" bean like so:
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
...other properties...
<property name="authenticationMetaDataPopulators">
<list>
<bean class="mypackage.MyNewMetaDataPopulator" />
</list>
</property>
</bean>
* Added an ExpirationPolicy to make use of that value to decide between two
timeout
values.
* Modified ticketExpirationPolicies.xml to configure the new ExpirationPolicy
like so:
<bean id="grantingTicketExpirationPolicy"
class="mypackage.MyNewExpirationPolicy">
<!-- This argument is the time a ticket can exist before its considered
expired.
-->
<!-- Argument 0 is for "Private" machines (the default) -->
<!-- 7200000 ms == 2 hours -->
<constructor-arg
index="0"
value="7200000" />
<!-- Argument 1 is for "Public" machines -->
<!-- 1800000 ms == 30 min -->
<constructor-arg
index="1"
value="1800000" />
</bean>
Not a huge deal of work, but sure is complicated to find the info! Many thanks
to Scott
(directly) and Andrew (indirectly) for the assistance finding it.
:)
Tim
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott
Battaglia
Sent: Wednesday, May 28, 2008 12:43 PM
To: Yale CAS mailing list
Subject: Re: "Lab" timeout different than "Office" timeout?
And no need for a custom resolver unless you are doing more stuff than just
returning the
username.
-Scott
On Wed, May 28, 2008 at 3:42 PM, Scott Battaglia <[EMAIL PROTECTED]> wrote:
Tim,
You can set the Credentials class on the AuthenticationViaForm action.
You'll need
to set the formObjectClass and the formObjectName properties (you should be
able to just
set formObjectName to "credentials").
-Scott
On Wed, May 28, 2008 at 12:17 PM, Tim Mc Laughlin <[EMAIL PROTECTED]>
wrote:
Beautiful. Makes perfect sense, now that I know where to look.
I'm also making a CredentialsToPrincipalResolver to make use of
the new
Credentials
subclass. Did I need to do that? Can't find a place in the
xml/properties files to tell
it which Credentials class to use, just the Resolver.
Thanks!
Tim
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Scott
Battaglia
Sent: Tuesday, May 27, 2008 3:55 PM
To: Yale CAS mailing list
Subject: Re: "Lab" timeout different than "Office" timeout?
Tim,
You should extend the UsernamePasswordCredentials to accept
your new
property. Then
create a MetaDataPopulator to take that property and dump it
into the
attributes for the
Authentication object. Configure that all using the Spring
magic ;-) And
then your
custom ticket expiration policy will have the value.
-Scott
On Tue, May 27, 2008 at 5:13 PM, Tim Mc Laughlin <[EMAIL
PROTECTED]>
wrote:
OK, spoke too soon.
The difference between what I'm trying to do and what
Trenton Adams
wanted is that
I'd
like to be able to have the user select which role
they're in, via
a checkbox on
the login
form.
I've located where and how to implement a new
TicketExpirationPolicy, but I'm not
sure how
to let the value of the checkbox flow through to that
code. Is
that possible
without
changing core code? I'd like to stick to recognized
extension
points only.
Thanks,
Tim
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Tim Mc
Laughlin
Sent: Tuesday, May 27, 2008 11:55 AM
To: [email protected]
Subject: "Lab" timeout different than "Office" timeout?
I am almost sure I've seen this question fly across the
list, but
none of my
queries have
been right to find it in the archives, so apologies in
advance.
I've been asked if we can implement variable timeouts
based on
role, the most
straightfoward of which will be a checkbox on the login
form that
can be checked
if you're
on a "Lab" or "Public" computer. Checking this would
result in a
shorter CAS
timeout than
an "Office" or "Private" computer.
Can someone point me in the right direction?
Thanks,
Tim
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
