> but I wrote it to return always false (unsuccessfull authentication) so the > auth work was performed by successive Handler.
I learned something from your situation. Subsequent handlers for a supported credential are executed if authenticate returns false; the short-circuit process I described only occurs if authenticate returns true. > - I'm logged in liferay as "user" also if I typed wrong password I can't explain that behavior based on what you've provided. One of the handlers for supported credentials _must_ return true for a given credential in order for CAS login to succeed; the fact that you're logging in suggests one returned true. Can you duplicate this behavior if you remove your custom handler? Regardless of this problem, I believe a better solution is to code your password update utility as an authentication post-processing action. I just did some research and learned that the LDAP handlers extend from org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler, which calls the following method on authentication: boolean postAuthenticate( final Credentials credentials, final boolean authenticated); It should be trivial to extend the fast bind handler and put your password update code in that method. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
