Question about JBoss/Tomcat Custom Authenticators and CAS
Scott Battaglia
scott.battaglia at gmail.com
Tue Sep 25 23:28:33 EDT 2007
Tom,
I'm not familiar enough with JBoss to comment on how its security code
executes. The JBoss forums might be able to better help. Or is there a way
to disable authentication on the JBoss container?
-Scott
On 9/21/07, Healey, Thomas <HealeyT at darden.virginia.edu> wrote:
>
> From a friends email:
>
> … is that the filters are run after the authentication because often
> filters use your Security
>
> principal...
>
> Is this true? Is this why CAS runs after the JBoss authentication?
>
> And further on:
>
>
>
> When we integrated CAS into JBoss at a client we had to change Tomcat to
>
> support a new authentication, "CAS_AUTH" that told client apps to use
>
> CAS for authentication. That way you could use "Basic" or "Form" in
>
> some environments, but then if you are in a CAS environment, just
>
> change that method to "CAS_AUTH" and your webapp started querying CAS
>
> for the data.
>
>
>
> He did this work a few years ago. Is it still necessary to write a custom
> authenticator like
>
> http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg72827.html?
>
>
>
> Or is there some other path I can go down?
>
>
>
> Thanks in advance,
>
> Tom
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070925/a0c96121/attachment.html
More information about the cas
mailing list