Anyone have ideas?--Re: Authenticating web service calls via CAS..
Scott Battaglia
scott.battaglia at gmail.com
Mon Oct 15 09:49:55 EDT 2007
Comments in-line.
On 10/10/07, tedzo <tedzo2003 at yahoo.com> wrote:
>
> I need to figure out a way to pass the session info to CAS when I make a
> remote method call using xFire. Someone has to have needed to do
> this...Anyone?
>
> ----- Original Message ----
> From: tedzo <tedzo2003 at yahoo.com>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Monday, October 8, 2007 3:03:52 PM
> Subject: Re: Authenticating web service calls via CAS..
>
> Ok, a bit of digging around-
> I found the remoteCentralAuthenticationService and
> xFireCentralAuthenticationService beans defined and commented. The comment
> asked for the bean to be uncommented in order to allow access as a web
> service (using xFire, which is good). Here is what I was thinking-
> 1. From client stub (of my web service that is to be exposed), pass
> credentials and query remoteCAS for a ticket.
> 2. Pass the ticket to my web service.
> 3. Validate the ticket from my web service (the actual implementation of
> the service to be exposed). If the ticket validates, then go ahead with the
> service. ELse fail.
>
> Does this seem to make sense?
>
Yes, this makes sense. Though if your user has already authenticated to
your application I recommend you just obtain a proxy ticket.
Questions-
> 1. Once a ticket is used/validated, it is no longer recognized by CAS. So,
> this essentially means my web service stub needs to validate everytime the
> client accesses the web service. So, how do I obtain a ticket that lasts
> longer than 1 call?
>
There are no service tickets that last longer than one call. You either
need to get a new service ticket each time, or use a framework such as Acegi
to secure the application. Acegi utilizes the existing ticket to maintain a
session locally for a defined period of time.
-Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071015/c5c57ddf/attachment.html
More information about the cas
mailing list