[cas-dev] Question on docs for Remember Me function
Eric Pierce
epierce at usf.edu
Mon Aug 11 14:08:45 EDT 2008
I followed the docs for setting up Remember Me
(http://www.ja-sig.org/wiki/display/CASUM/Remember+Me) and I found a
problem, but I wanted to make sure I'm fixing it correctly before
updating the wiki. The wiki says to change
authenticationViaFormAction in cas-servlet.xml to the following:
<bean id="authenticationViaFormAction"
class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:formObjectClass="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"
p:formObjectName="credentials"
p:warnCookieGenerator-ref="warnCookieGenerator" />
However, when I did that, the Long-Term ticket was created, but none
of the values that I entered into the login form were validated. I
could type in my username and leave the password field blank and the
authentication would succeed. It seems that a credential validator
needs to be configured to check for missing username/password. Here's
what I came up with:
<bean id="UsernamePasswordCredentialsValidator"
class="org.jasig.cas.validation.UsernamePasswordCredentialsValidator"
/>
<bean id="authenticationViaFormAction"
class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:formObjectClass="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"
p:formObjectName="credentials"
p:validator-ref="UsernamePasswordCredentialsValidator"
p:warnCookieGenerator-ref="warnCookieGenerator" />
This works, I just wanted to make sure I was fixing it the "right" way
and wasn't causing some other problem.
-Eric
--
Eric Pierce, RHCE -- University of South Florida -- (813) 974-8868 --
epierce at usf.edu
More information about the cas-dev
mailing list