Hello all, I am currently attempting to implement CAS authentication with dynamically defined service URLs, since we have various domain mappings (for dynamic theming) that point to the same application(s).
We need url-a.com/ to work identically to url-b.com/, for example, and we have made some progress towards this by overriding the *createServiceUrl* method in CasAuthenticationEntryPoint (on the CAS client side of things). Initially, we just returned a dynamically constructed String from the HttpServletRequest, but it became apparent that further "behind the scenes" processing was still directly referencing the properties file. Following on from that, we put a lot of effort into overriding the ServiceProperties class. The key method (*getService()*) is final, and cannot be overridden (which would have solved our problems immediately), so we spent time in trying to implement our own ServiceProperties class and attempt to change all references over to this via the xml config - but again this failed. The latest attempt to at least get *something* working was to use the public method *setService()* in ServiceProperties, and call it just before we return from createServiceUrl in CasAuthenticationEntryPoint. This proved to work in an isolated fashion: The behind-the-scenes processing worked, and the dynamic domain/URL didn't pose a problem. *However*, further examination proved that this method was setting the value of *service* globally for all sessions, such that if user A visited the login screen via domain A, and user B visited the login screen via domain B - before user A had entered their login details - then authentication would fail since user A continued to effectively authenticate against domain B. We've basically created a race condition. Naturally, setting anything globally for what should essentially be an individual solution is not ideal, but can anyone suggest a solution? Is there an aesthetically pleasing way of overriding the getService() method in ServiceProperties? And, if so, would this actually solve what we are aiming to do? Thanks in advance, Matty -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
