[cas-dev] Sharing Cas JBoss Client?
Eric Pugh
epugh at opensourceconnections.com
Thu Nov 1 17:27:37 EDT 2007
Hi all,
I've developed, against the Java Cas Client 3.0.0-final a integration
module for JBoss that adds a new web authenticator to the ususal FORM
and BASIC called CAS.
The code is built using Maven, and follows the same structure as the
cas-client-core project. What is the best way for me to share it and
submit it for inclusion? Open a ticket or put up a wiki page?
Here is a summary from the readme that I wrote:
1. INTRODUCTION
This module is designed to support CAS as an authentication mechanism
for JBoss based web applications. Most users
wrap their web app in some Servlet Filters that provide the CAS
authentication mechanism. The filter populates the
user Principal, and then the webapp can make decisions based on that.
However, the "filter" approach is a bit clumsy
since we already have defined in the <auth-method/> paremeter of
web.xml the ability to specify how to authenticate a webapp:
From the specification: "Legal values are "BASIC","DIGEST", "FORM",
"CLIENT-CERT", or a vendor-specific authentication scheme."
So this code adds a new vendor-specific authentication scheme to
JBoss: CAS.
Additionally, using the filter approach means that the authenticatin
information never reaches the EJB layer, so if you are using
principals and roles in your EJB's, then the filter won't work.
Thanks,
Eric
-----------------------------------------------------
Eric Pugh | Principal | OpenSource Connections, LLC | 434.466.1467 |
http://www.opensourceconnections.com
More information about the cas-dev
mailing list