[cas-dev] Unauthorized Service Handling
Marvin S. Addison
serac at exchange.vt.edu
Thu Aug 16 14:48:03 EDT 2007
> CAS 3.1 returns a server 500 error. I've added a JIRA issue to return
> that as the XML response (even though we're not officially adding
> another error code to the specification).
http://www.ja-sig.org/issues/browse/CAS-549 -- Thanks.
> We won't add that to the CAS 3.0.7 server because service
> authorization is not explicitly supported in CAS 3.0.x (the code is an
> example of a possible way of doing it) [though if anyone supplied a
> patch we would consider a 3.0.8 release to update the example code]
In an attempt to take you up on the hint, I started work on this today.
After a fair amount of work, I don't think there's a good (general)
solution using the existing classes that extend MethodBeforeAdvice. The
whole point of before advice is to generalize the conditions on which a
method can be called. To solve the problem at hand, however, we would
need specific information on the calling method to throw the right
exception. So we would need to assume some things about configuration
in the code -- don't want to go there.
I can imagine solutions where we rework the advice, but seems like a lot
of work for a relatively small problem. I'm inclined to leave as is,
unless someone has a relatively simple, general solution.
M
More information about the cas-dev
mailing list