[Acegisecurity-developer] Re: AbstractProcessingFilter
Shishir K. Singh wrote: Hi Ben, Tried posting this on [EMAIL PROTECTED] but for some reason it's bouncing back. Therefore sending directly to you. I have not tested it out, but my understanding after going through the contacts sample for cas authorization is that when the authentication fails in CasProcessingFilter, the failure url is /casfailed.jsp. What if the the use case is to go to _https://localhost:8443/cas/login_ directrly instead of /casfailed.jsp. If there is not workaround to the above, I was wondering if it makes sense to check if failureUrl starts with http/https and if so, then just redirect it to the failureUrl, else do as the existing code is doing, instead of always doing httpRequest.getContextPath() + failureUrl. I think I am missing something here ,not sure though . The AbstractProcessingFilter.authenticationFailureUrl (CasProcessingFilter's superclass) will only be used if the ticket provided by the CAS server is invalid for some reason. Typically, the CasProxyTicketValidator delegates to CAS' ProxyTicketValidator.validate() method which returns false to proxyTicketValidator.isAuthenticationSuccessful(). Put differently, you'll only see /casfailed.jps if there is something fundamentally wrong with the ticket. This will usually only happen if the user has attempted to do something invalid, like POSTing a false ticket to /j_acegi_cas_security_check. Normal user interaction takes place on the CAS server, and invalid passwords cause the re-display of the CAS server login page so they can try again. HTH Ben --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] RE: AbstractProcessingFilter
Thanks. That clears it. -Original Message- From: Ben Alex [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 4:36 PM To: Shishir K. Singh; [EMAIL PROTECTED] Subject: Re: AbstractProcessingFilter Shishir K. Singh wrote: Hi Ben, Tried posting this on [EMAIL PROTECTED] but for some reason it's bouncing back. Therefore sending directly to you. I have not tested it out, but my understanding after going through the contacts sample for cas authorization is that when the authentication fails in CasProcessingFilter, the failure url is /casfailed.jsp. What if the the use case is to go to _https://localhost:8443/cas/login_ directrly instead of /casfailed.jsp. If there is not workaround to the above, I was wondering if it makes sense to check if failureUrl starts with http/https and if so, then just redirect it to the failureUrl, else do as the existing code is doing, instead of always doing httpRequest.getContextPath() + failureUrl. I think I am missing something here ,not sure though . The AbstractProcessingFilter.authenticationFailureUrl (CasProcessingFilter's superclass) will only be used if the ticket provided by the CAS server is invalid for some reason. Typically, the CasProxyTicketValidator delegates to CAS' ProxyTicketValidator.validate() method which returns false to proxyTicketValidator.isAuthenticationSuccessful(). Put differently, you'll only see /casfailed.jps if there is something fundamentally wrong with the ticket. This will usually only happen if the user has attempted to do something invalid, like POSTing a false ticket to /j_acegi_cas_security_check. Normal user interaction takes place on the CAS server, and invalid passwords cause the re-display of the CAS server login page so they can try again. HTH Ben --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Gleb Urobushkin/ZL/USA/Zurich is out of the office.
I will be out of the office starting 11/16/2004 and will not return until 12/02/2004. While I am away, I can be reached at my cell phone number 847-224-0412. I will be checking my office e-mail at least once a day, and try to respond to your message as soon as I can. Thank you. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer