[cas-dev] RE ST API returning TGT

dale77 Dale.Ogilvie at trimble.co.nz
Sun Oct 12 21:30:50 EDT 2008 

Hi Scott,

we are adding the following piece of code to our code base, to support our
flash client that:

1. Can't handle a 201 response status
2. Can't access the response headers

Perhaps this could be added to the CAS code base to support flash and
similarly brain-dead clients in an almost RESTful manner? This code to
return a TGT resides alongside the standard REST interface in our setup. It
was not necessary to modify the service ticket API as this already returns
200 status with the ST in the response body. 

Normal RESTful clients use the standard protocol:

1. POST /cas/v1/tickets
201, /cas/v1/tickets/TGT in location response header
2. POST /cas/v1/tickets/TGT
200, ST in response

Our flash client works like this:

1. POST /cas/nqr/tickets
200, TGT in response
2. POST /cas/v1/tickets/TGT
200, ST in response

public class NotQuiteRESTTicketResource extends Resource {
...
    public final void acceptRepresentation(final Representation entity)
        throws ResourceException {
        if (log.isDebugEnabled()) {
            log.debug("Obtaining credentials...");
            log.debug(getRequest().getEntityAsForm().toString());
        }
     
        final Credentials c = obtainCredentials();
        try {
            final String ticketGrantingTicketId =
this.centralAuthenticationService.createTicketGrantingTicket(c);
            getResponse().setEntity(ticketGrantingTicketId,
MediaType.TEXT_PLAIN);
            getResponse().setStatus(Status.SUCCESS_OK);
            final Reference ticket_ref =
getRequest().getResourceRef().addSegment(ticketGrantingTicketId);
            getResponse().setLocationRef(ticket_ref);
        } catch (final TicketException e) {
            log.error(e,e);
            getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST,
e.getMessage());
        }
    }



scott_battaglia wrote:
> 
> We return it in the Location header because we're giving you the fully
> constructed URL of where the newly created object resides.  That's from
> what
> I can tell, the "standard" way of doing it.  And by standard, I mean, the
> way everyone else recommends doing it. :-)  The difference between the TGT
> and the ST responses is that the TGT refers to a new resource that has
> been
> constructed and can be accessed via a URL.  The ST doesn't have that.
> You're essentially just being returned a token identifier that you pass to
> an application.
> 

-- 
View this message in context: http://www.nabble.com/REST-API-returning-TGT-tp19680442p19947753.html
Sent from the CAS Dev mailing list archive at Nabble.com.

More information about the cas-dev mailing list