On Thu, Aug 20, 2009 at 12:24 PM, Marvin Addison <marvin.addi...@gmail.com>wrote:
> Two CAS client features have been discussed in the not-too-distant > past, and I'd like to reinvigorate the discussion to either move > forward or dismiss them. > > 1. Tomcat integration, http://www.ja-sig.org/issues/browse/CASC-33. > It's not clear from the issue whether it would include both > authentication and role-based authorization support, but it's my hope > that both would be supported. This issue was a placeholder because Joe at Yale had done some work with the Yale CAS Client that he was interested in porting over for the Jasig CAS Client. I'm not sure if he still has time or is interested in that. We can obviously evolve from the original reason for creating the JIRA issue. > > 2. Make HttpServletRequestWrapperFilter respond to requests about > role data by querying the cached principal for attributes. I don't > believe there's a Jira issue for this feature. I don't believe there currently is a JIRA issue for this. I think the thought behind it was making those attributes available for any application that used the standard API (it clearly wouldn't help anything that happens at the container level). This would allow people to use the standard API where possible at the application-level if that is what people do (we don't actually at Rutgers since we use Spring Security). Cheers, Scott > > > I believe #1 should be pretty straightforward. Based on some recent > work with a colleague to develop a custom Tomcat Authenticator, I > don't believe #2 as written is possible. In Tomcat role-based > authorization is performed before filters fire, so it's not possible > to provide role data from the filter since it's too late. I'm fairly > certain this logic would need to live in a custom CASAuthenticator > class, which would make it a Tomcat-specific feature that could > possibly be integrated with #1. > > I know some folks out there use container-managed authn/authz, but I > wonder whether there is enough interest to merit the work involved. > If you would use these features, please speak up. > > M > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
