Server side validation of login servlet form submission

Andrew R Feller afelle1 at lsu.edu
Thu Jan 3 14:27:51 EST 2008 

Hey Scott,

 

While looking into the UsernamePasswordCredentialsValidator, we
encountered an issue with the initAction method of
AuthenticationViaFormAction class.  We were setting the validator
property via Spring, however it was being overwritten by the default
UsernamePasswordCredentialsValidator class.  Looking at the code in
AuthenticationViaFormAction, it appears that the validator is overridden
if the form object class isn't set.

 

Is this the correct behavior?

 

Andrew R Feller, Analyst

University Information Systems

200 Fred Frey Building

Louisiana State University

Baton Rouge, LA, 70803

(225) 578-3737 (office)

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Andrew R Feller
Sent: Tuesday, December 18, 2007 10:06 AM
To: Yale CAS mailing list
Subject: RE: Server side validation of login servlet form submission

 

Scott,

 

Thanks for the reply; that is exactly what I was looking for!

 

Sincerely,

Andy

 

Andrew R Feller, Analyst

University Information Systems

200 Fred Frey Building

Louisiana State University

Baton Rouge, LA, 70803

(225) 578-3737 (office)

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Scott Battaglia
Sent: Tuesday, December 18, 2007 9:51 AM
To: Yale CAS mailing list
Subject: Re: Server side validation of login servlet form submission

 

Andrew,

 

Out of the box CAS provides a UsernamePasswordValidator (which
implements Spring's Validator interface).  You can replace our default
with your own custom validator (you can plug it into the
AuthenticationViaForm as a dependency). 

 

-Scott

On Dec 18, 2007 10:37 AM, Andrew R Feller <afelle1 at lsu.edu> wrote:

Hey everybody,

 

Due to a past of poor choices, we have to deal with denying users
logging in with particular username formats such as email address.  What
is the recommended way to handle this scenario? 

 

Thanks,

 

Andrew R Feller, Analyst

University Information Systems

200 Fred Frey Building

Louisiana State University

Baton Rouge, LA, 70803

(225) 578-3737 (office)

 


_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu 
http://tp.its.yale.edu/mailman/listinfo/cas




-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080103/8e2946df/attachment.html

More information about the cas mailing list