Hi!
I already posted this in Spring Security forums but I'll post it here too
because this should be the best place to get some help.
I'm new to Cas and Spring Security, but I've been involved in a project that
needs to use it.
The point is that we have an application portal, where applications login can
be done in 2 different ways:
1) With a 2 fields form, username and password (the usual)
2) With a 3 fields form, username, password and an aditional code.
What I want to do is that CAS recognice what kind of login form is been used
an, if it's the 3 fields form, include a .jar I already have that let's me
check if the 3rd fields is correct.
If it isn't, CAS should not grant permissions.
I've been thinking about reimplementing some class in CAS server like I did
with Spring Security (I reimplemented AuthenticationProcessingFilter and it
worked fine), but as far as I understand form the sequence diagram in
mattfleming.com/node/269, the login proccess is completely managed by the CAS
server and acegi just manages authorization.
I've been reading, googling and looking CAS server source by my self but I'm
having no success.
Thanks for your help and sorry if I didn't use english properly
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
