Shishir K. Singh wrote:
Hi Ben,
Tried posting this on "[EMAIL PROTECTED]" but for some reason it's bouncing back. Therefore sending directly to you.
I have not tested it out, but my understanding after going through the contacts sample for cas authorization is that when the authentication fails in CasProcessingFilter, the failure url is "/casfailed.jsp". What if the the use case is to go to _https://localhost:8443/cas/login_ directrly instead of "/casfailed.jsp".
If there is not workaround to the above, I was wondering if it makes sense to check if failureUrl starts with http/https and if so, then just redirect it to the failureUrl, else do as the existing code is doing, instead of always doing httpRequest.getContextPath() + failureUrl.
I think I am missing something here ,not sure though .
The AbstractProcessingFilter.authenticationFailureUrl (CasProcessingFilter's superclass) will only be used if the ticket provided by the CAS server is invalid for some reason. Typically, the CasProxyTicketValidator delegates to CAS' ProxyTicketValidator.validate() method which returns false to proxyTicketValidator.isAuthenticationSuccessful(). Put differently, you'll only see /casfailed.jps if there is something fundamentally wrong with the ticket. This will usually only happen if the user has attempted to do something invalid, like POSTing a false ticket to /j_acegi_cas_security_check. Normal user interaction takes place on the CAS server, and invalid passwords cause the re-display of the CAS server login page so they can try again.
HTH Ben
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
