Redirect to Service with POST

Adam Rybicki arybicki at unicon.net
Thu Jul 13 18:02:23 EDT 2006 

All,

I have submitted this patch on behalf of a client.  Personally, I don't 
have much time to contribute further to this patch.  You all have worked 
with CAS much longer than I, so you can decide the best course of action.

With that said, I would like to point out that very few applications 
require this patch.  AFAIK, they only come from one vendor.  :-)  I 
implemented this patch with Andrew's guidance, and I think that it is 
elegant, and it solves this particular problem quite well.  While I 
would welcome further contributions to this solution, anyone 
contemplating such contributions would have to come up with time to do 
it and justify the commitment of time to his or her manager.  ;-)

Adam

Scott Battaglia wrote:
> Andrew,
> 
> I don't think we've evaluated this solution enough to determine whether 
> it should be in CVS or not.
> 
> The solution in the patch exposes a different login endpoint for 
> authentication, which I'm not convinced is the best solution.  It 
> appears there are three ways to handle this scenario:
> 
> 1.  Expose a different URL endpoint with a different flow for handling 
> the POST scenario
> 2.  Expose a request parameter such as returnMethod (defaults to GET) 
> which would cause the web flow to choose either a normal redirect or a 
> JavaScript POST.
> 3.  Add post capabilities on the client applicaion side (either as part 
> of the CAS client or inform people to handle it locally in their 
> application)
> 
> [there may be other scenarios, these are just the ones I thought of off 
> the top of my head]
> 
> Each scenario has its strengths and weaknesses.  Until we've evaluated 
> the best method for handling this I'd rather not commit anything into 
> CVS at this point.  Anything committed to CVS would need to be supported 
> in the future, regardless of whether we found a better solution or not.
> 
> -Scott
> 
> Andrew Petro wrote:
>> Jeff, 
>>
>> I appreciate your positive attitude, but I think it would be best if we got
>> this patch into CAS source control and kept it up to date and as
>> no-heroics-required as possible.
>>
>> In that vein, where would be appropriate for this to go into CVS, Scott?
>> Should CAS ship this example?  Stick it under a contrib directory?
>>
>> Andrew
>>
>>   
>>> -----Original Message-----
>>> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On
>>> Behalf Of Jeffrey M Goodwin
>>> Sent: Monday, July 10, 2006 7:49 AM
>>> To: Yale CAS mailing list
>>> Subject: RE: Redirect to Service with POST
>>>
>>> Hi Scott,
>>>
>>> I agree.  I am in the process of doing so right now.  I am just so new
>>> to both CAS and spring's web flow api it is taking a bit longer than I
>>> had hoped.  Oh well, I guess it is a good introduction to both
>>> technologies.
>>>
>>> Thanks,
>>> Jeff
>>>     
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>   
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: arybicki.vcf
Type: text/x-vcard
Size: 355 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20060713/5344e62e/arybicki.vcf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20060713/5344e62e/smime.bin

More information about the cas mailing list