Hi Scott, Finally getting back to this.
You can transition to an error screen on error, you'll just need to write one :-) Re-thinking it, here's what I actually would probably recommend: 1. Extend UsernamePasswordCredentials to include a Certificate (i.e. create CertificateAndUsernamePasswordCredentials)
O.K that shouldn't be too hard
2. Create a CredentialsBinder class that can obtain the certificate from the Request and call certificateAndUsernamePasswordCredentials.setCertificate(certificate)
Presumably, there is somewhere code that does the obtaining of the certificate and maybe even storing it in a credentials object. Is that code anywhere obvious?
3. Create a delegating AuthenticationHandler (or a custom AuthenticationManager) that will essentially call both the Ldap handler and something you write to validate the certificate.
I would hope that I could extend the LDAP handler as I can use the E-mail address from the certificate to match the appropriate entry in LDAP. Does that sound sensible?
4. Configure everything in the Spring XML configuration.
O.K. That's straight forward right?
5. Everything else should work like magic :-)
That would indeed be magic! Thanks -- Matthew Jones Interactive Data Managed Solutions Ltd ----------------------------------------------------------------------- Registered in England Company Number 3691868 Registered Office: Fitzroy House, 13-17 Epworth Street, London, EC2A 4DL Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109 [EMAIL PROTECTED] http://www.interactivedata-ms.com/694133This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in error, please delete this message from your system and notify the sender immediately. An unintended recipient's disclosure, copying, distribution, or use of this message or any attachments is prohibited and may be unlawful. Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office: Fitzroy House 13-17 Epworth Street. London. EC2A 4DL
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
