[cas-dev] CredentialsToPrincipalResolvers
Scott Battaglia
scott.battaglia at gmail.com
Wed Jan 31 13:14:47 EST 2007
Stephen,
The failure of a CredentialsToPrincipalResolver to return a principal will
result in an AuthenticationException being thrown. That solution would
work.
I think in the long term though, we've seen a need for people to *mostly*
use the supplied handlers (most people never need to modify them).
Sometimes people need pre/post actions, and we should probably create an
AbstractAuthenticationHandler that provides these template methods.
Thoughts?
-Scott
On 1/31/07, Stephen A. Cochran <stephen.a.cochran at dartmouth.edu> wrote:
>
>
> I need to add an additional check to our X509 flow, basically
> checking to make sure the username in the cert hasn't expired from
> our LDAP server.
>
> I could modify the AuthenticationHandler itself, but right now I'm
> already using the stock one and the less I modify the better obviously.
>
> I have a custom X509CredentialsToPrincipalResolvers which creates a
> DartmouthPrincipal object. Either of those classes could do the
> check. My question is can a failure in one of those classes "trickle
> back" and cause the same flow that a failure in the AuthHandler
> itself would cause?
>
> Thanks,
> Steve
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070131/9279360b/attachment.html
More information about the cas-dev
mailing list