We currently have a login page that uses j_security_check to do our authentication. We need to switch this to use CAS. Our current login code opens a connection to the j_security_check servlet and passed the username/password, and then checks for some headers to see if the user is authenticated. My question is, can I do the same thing with CAS, that is, open a connection to the CAS login page like this (http://some.server.com:9089/cas/login?username=test&password=password) and then using javascript take the parameters passed in, fill in the form fields username, password, lt, and submit the form using javascript and authenticate? Or, better yet, can I call the login page (servlet?) using the url above and invoke the authentication from CAS without using some javascript form posting? I am completely new to CAS & authentication in general. Below is the code I am trying to use to call the CAS server from our login page. If I can call the login without having to use a javascript submit for the CAS login page, how would I generate the "lt" variable from my login page (I believe this is required for the login, right)?
StringBuffer url = new StringBuffer(200); url.append(http://dev-server:8080/cas/login); url.append("?"); url.append("&username="); url.append(j_username); url.append("&password="); url.append(j_password); URL authenticationURL = new URL(url.toString()); HttpURLConnection.setFollowRedirects(false); HttpURLConnection authenticationURLConnection = (HttpURLConnection) authenticationURL.openConnection(); authenticationURLConnection.setRequestMethod("POST"); authenticationURLConnection.setInstanceFollowRedirects(false); StringBuffer sb = new StringBuffer(200); sb.append("JSESSIONID="); sb.append(sessionId); authenticationURLConnection.setRequestProperty("Cookie",sb.toString());/*"JSESSIONID=0000" + jsessionid + ":-1")*/; authenticationURLConnection.connect(); logger.debug("cas server returned: " + authenticationURLConnection.getResponseCode() + ": " + authenticationURLConnection.getResponseMessage()); String remoteUser = facesContext.getExternalContext().getRemoteUser(); String nextLocation = authenticationURLConnection.getHeaderField("Location"); String headerValue = authenticationURLConnection.getHeaderField("Set-Cookie"); authenticationURLConnection.disconnect(); I need to get the CASTGC cookie header value to check if they were authenticated, right? I am trying to use the "headerValue" variable above to do that. Thanks for any and all help!! ________________________________ Disclaimer: This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify us immediately by e-mail and delete the original message. This e-mail expresses views only of the sender, which are not to be attributed to Rite Aid Corporation and may not be copied or distributed without this statement.
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
