Hi,
There is one application named TCMManager ,all users loggin from TCMManager and
click the URL List to visit other applications .
and the url list dynamically produced according to the database
tables---r_user_application(id,staffid,appid);
For example,user jack have the right to visit appone and apptwo,but not
appthree. so jack visit TCMManager, and it
redirect to CAS server ,after he login ,it return to the TCMManager.Now he has
the appone and apptwo's urls,and he can click to
visit them as he likes. The problem is if he knows the appthree's url ,he can
visit the appthree in the same browser window when
he type the url in the address bar.This is not allow because he doesn't have
the right.What can I do to prohibit this??
I have put cas client code in the TCMManger,appone,apptwo,appthree using
the cas1 protocal.configure like this:
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://qing:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://qing:8443/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>qing:8888</param-value>
</init-param>
</filter>
in cas server I user jdbcAuthenticate Handler ,
<bean
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select password from
t_staff where username=?" />
<property name="dataSource" ref="dataSource" />
</bean>
..
can I prohibit this by modify the "sql" ?
or is it right for me to use cas1 protocal in this situation?
Can anybody give me some advice?
thanks,
qingzhao,
---------------------------------
雅虎邮箱,您的终生邮箱!_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
