Tim, If you get a moment, feel free to add this to our Wiki to help others :-)
Thanks! -Scott On Thu, May 29, 2008 at 1:00 PM, Tim Mc Laughlin <[EMAIL PROTECTED]> wrote: > OK, it's all working now. Here's my attempt to be a good participant by > compiling the > result. Hopefully it will be easy to find for others in the future. > > > To make it work, I did the following: > > * Modified the JSP in our custom UI theme to contain a checkbox for > "workstationType". > > * Extended UsernamePasswordCredentials to contain the value. > > * Modified casServlet.xml to tell the authenticationViaFormAction about the > new > credentials by setting two new properties on the > "authenticationViaFormAction" bean like > so: > > <bean id="authenticationViaFormAction" > class="org.jasig.cas.web.flow.AuthenticationViaFormAction" > p:centralAuthenticationService-ref="centralAuthenticationService" > p:warnCookieGenerator-ref="warnCookieGenerator" > p:formObjectName="credentials" > p:formObjectClass="mypackage.MyNewCredentialsClass" /> > > * Added an AuthenticationMetaDataPopulator to put that value on the > authentication > attribute map. > > * Modified deployerConfigContext to configure the new MetaData. Add a new > property to the > "authenticationManager" bean like so: > > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > > ...other properties... > > <property name="authenticationMetaDataPopulators"> > <list> > <bean class="mypackage.MyNewMetaDataPopulator" /> > </list> > </property> > </bean> > > * Added an ExpirationPolicy to make use of that value to decide between two > timeout > values. > > * Modified ticketExpirationPolicies.xml to configure the new > ExpirationPolicy like so: > > <bean id="grantingTicketExpirationPolicy" > class="mypackage.MyNewExpirationPolicy"> > <!-- This argument is the time a ticket can exist before its > considered expired. > --> > <!-- Argument 0 is for "Private" machines (the default) --> > <!-- 7200000 ms == 2 hours --> > <constructor-arg > index="0" > value="7200000" /> > > <!-- Argument 1 is for "Public" machines --> > <!-- 1800000 ms == 30 min --> > <constructor-arg > index="1" > value="1800000" /> > </bean> > > > Not a huge deal of work, but sure is complicated to find the info! Many > thanks to Scott > (directly) and Andrew (indirectly) for the assistance finding it. > > :) > Tim > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Scott > Battaglia > Sent: Wednesday, May 28, 2008 12:43 PM > To: Yale CAS mailing list > Subject: Re: "Lab" timeout different than "Office" timeout? > > And no need for a custom resolver unless you are doing more stuff than just > returning the > username. > -Scott > > > On Wed, May 28, 2008 at 3:42 PM, Scott Battaglia < > [EMAIL PROTECTED]> wrote: > > > Tim, > > You can set the Credentials class on the AuthenticationViaForm > action. You'll need > to set the formObjectClass and the formObjectName properties (you should be > able to just > set formObjectName to "credentials"). > > -Scott > > > On Wed, May 28, 2008 at 12:17 PM, Tim Mc Laughlin < > [EMAIL PROTECTED]> wrote: > > > Beautiful. Makes perfect sense, now that I know where to > look. > > I'm also making a CredentialsToPrincipalResolver to make use > of the new > Credentials > subclass. Did I need to do that? Can't find a place in the > xml/properties files to tell > it which Credentials class to use, just the Resolver. > > Thanks! > Tim > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] On > Behalf Of Scott > Battaglia > Sent: Tuesday, May 27, 2008 3:55 PM > To: Yale CAS mailing list > > Subject: Re: "Lab" timeout different than "Office" timeout? > > Tim, > > You should extend the UsernamePasswordCredentials to accept > your new > property. Then > create a MetaDataPopulator to take that property and dump it > into the > attributes for the > Authentication object. Configure that all using the Spring > magic ;-) And > then your > custom ticket expiration policy will have the value. > > -Scott > > > On Tue, May 27, 2008 at 5:13 PM, Tim Mc Laughlin < > [EMAIL PROTECTED]> > wrote: > > > OK, spoke too soon. > > The difference between what I'm trying to do and what > Trenton Adams > wanted is that > I'd > like to be able to have the user select which role > they're in, via > a checkbox on > the login > form. > > I've located where and how to implement a new > TicketExpirationPolicy, but I'm not > sure how > to let the value of the checkbox flow through to that > code. Is > that possible > without > changing core code? I'd like to stick to recognized > extension > points only. > > Thanks, > > Tim > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Tim Mc > Laughlin > Sent: Tuesday, May 27, 2008 11:55 AM > To: [email protected] > Subject: "Lab" timeout different than "Office" > timeout? > > I am almost sure I've seen this question fly across > the list, but > none of my > queries have > been right to find it in the archives, so apologies > in advance. > > I've been asked if we can implement variable timeouts > based on > role, the most > straightfoward of which will be a checkbox on the > login form that > can be checked > if you're > on a "Lab" or "Public" computer. Checking this would > result in a > shorter CAS > timeout than > an "Office" or "Private" computer. > > Can someone point me in the right direction? > > Thanks, > Tim > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
