Auth handler giving more than Y/N?
Scott Battaglia
scott.battaglia at gmail.com
Mon Oct 1 13:58:49 EDT 2007
Troy,
You should create a custom CredentialsToPrincipalResolver which returns a
complete Principal and attributes such as email address.
There is also a AuthenticationMetaDataPopulator for returning information
about the actual authentication.
-Scott
On 9/30/07, Troy Davis <troy at nack.net> wrote:
>
> Hi,
>
> Is there a clean or recommended way for an authentication handler
> (custom one extending AbstractUsernamePasswordAuthenticationHandler) to
> feed data back to the CAS client, beyond accept/reject?
>
> Example: user authenticates as "bob" with password "cow". I'd like to
> return their email address and assorted other data so the calling CAS
> client can make full use of its local functionality.
>
> Other example: return authorization/permissions info beyond just
> authentication (allow feature1, deny feature2).
>
> Anyone know a clean way to do that?
>
> As a workaround, is there a way for an AH to get the servlet container
> and set a cookie that (given correct cookie scope) the caller could
> honor? Obviously the cookie would be subject to user modification.
>
> Troy
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071001/455d866d/attachment.html
More information about the cas
mailing list