HttpClient instead of browser
Velpi
velpi at industria.be
Tue Jul 11 20:10:57 EDT 2006
> I had deployed the cas successfully, but I want to access the protected
> resource with HttpClient, not with a browser, my question is:
> How can I provide username and password for authentication with
> HttpClient instead of web browser.
Actually you should not let any machine contact any CAS component with a
username and password. Doing that would mean you're either asking your user to
supply his central password to your application (which is a bad thing in the
context of security & central SSO), or you're storing a password somewhere in
clear text.
If you're trying to access a resource by a machine, then you'll probably want to
do that as certain user (which you just asked for his/her credentials). The
right way to do this is to use the "proxy" specification of CAS. This means your
calling application would be protected by CAS. That application would be
configured to use the proxy functionality so the application will be able to
request a ticket on behalf of the user. This new ticket can then be used by your
calling application to contact the protected resource ("backend").
If that doesn't work for you, then I suggest to take a look at
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
and see if something similar might work. Or you can also have a look at client
certificate based authentication.
Good luck and keep us posted!
-- Velpi
More information about the cas
mailing list