"Lab" timeout different than "Office" timeout?
Scott Battaglia
scott.battaglia at gmail.com
Wed Jun 4 10:15:47 EDT 2008
Tim,
If you get a moment, feel free to add this to our Wiki to help others :-)
Thanks!
-Scott
On Thu, May 29, 2008 at 1:00 PM, Tim Mc Laughlin <Tim.McLaughlin at wwu.edu>
wrote:
> OK, it's all working now. Here's my attempt to be a good participant by
> compiling the
> result. Hopefully it will be easy to find for others in the future.
>
>
> To make it work, I did the following:
>
> * Modified the JSP in our custom UI theme to contain a checkbox for
> "workstationType".
>
> * Extended UsernamePasswordCredentials to contain the value.
>
> * Modified casServlet.xml to tell the authenticationViaFormAction about the
> new
> credentials by setting two new properties on the
> "authenticationViaFormAction" bean like
> so:
>
> <bean id="authenticationViaFormAction"
> class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
> p:centralAuthenticationService-ref="centralAuthenticationService"
> p:warnCookieGenerator-ref="warnCookieGenerator"
> p:formObjectName="credentials"
> p:formObjectClass="mypackage.MyNewCredentialsClass" />
>
> * Added an AuthenticationMetaDataPopulator to put that value on the
> authentication
> attribute map.
>
> * Modified deployerConfigContext to configure the new MetaData. Add a new
> property to the
> "authenticationManager" bean like so:
>
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
> ...other properties...
>
> <property name="authenticationMetaDataPopulators">
> <list>
> <bean class="mypackage.MyNewMetaDataPopulator" />
> </list>
> </property>
> </bean>
>
> * Added an ExpirationPolicy to make use of that value to decide between two
> timeout
> values.
>
> * Modified ticketExpirationPolicies.xml to configure the new
> ExpirationPolicy like so:
>
> <bean id="grantingTicketExpirationPolicy"
> class="mypackage.MyNewExpirationPolicy">
> <!-- This argument is the time a ticket can exist before its
> considered expired.
> -->
> <!-- Argument 0 is for "Private" machines (the default) -->
> <!-- 7200000 ms == 2 hours -->
> <constructor-arg
> index="0"
> value="7200000" />
>
> <!-- Argument 1 is for "Public" machines -->
> <!-- 1800000 ms == 30 min -->
> <constructor-arg
> index="1"
> value="1800000" />
> </bean>
>
>
> Not a huge deal of work, but sure is complicated to find the info! Many
> thanks to Scott
> (directly) and Andrew (indirectly) for the assistance finding it.
>
> :)
> Tim
>
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On
> Behalf Of Scott
> Battaglia
> Sent: Wednesday, May 28, 2008 12:43 PM
> To: Yale CAS mailing list
> Subject: Re: "Lab" timeout different than "Office" timeout?
>
> And no need for a custom resolver unless you are doing more stuff than just
> returning the
> username.
> -Scott
>
>
> On Wed, May 28, 2008 at 3:42 PM, Scott Battaglia <
> scott.battaglia at gmail.com> wrote:
>
>
> Tim,
>
> You can set the Credentials class on the AuthenticationViaForm
> action. You'll need
> to set the formObjectClass and the formObjectName properties (you should be
> able to just
> set formObjectName to "credentials").
>
> -Scott
>
>
> On Wed, May 28, 2008 at 12:17 PM, Tim Mc Laughlin <
> Tim.McLaughlin at wwu.edu> wrote:
>
>
> Beautiful. Makes perfect sense, now that I know where to
> look.
>
> I'm also making a CredentialsToPrincipalResolver to make use
> of the new
> Credentials
> subclass. Did I need to do that? Can't find a place in the
> xml/properties files to tell
> it which Credentials class to use, just the Resolver.
>
> Thanks!
> Tim
>
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:
> cas-bounces at tp.its.yale.edu] On
> Behalf Of Scott
> Battaglia
> Sent: Tuesday, May 27, 2008 3:55 PM
> To: Yale CAS mailing list
>
> Subject: Re: "Lab" timeout different than "Office" timeout?
>
> Tim,
>
> You should extend the UsernamePasswordCredentials to accept
> your new
> property. Then
> create a MetaDataPopulator to take that property and dump it
> into the
> attributes for the
> Authentication object. Configure that all using the Spring
> magic ;-) And
> then your
> custom ticket expiration policy will have the value.
>
> -Scott
>
>
> On Tue, May 27, 2008 at 5:13 PM, Tim Mc Laughlin <
> Tim.McLaughlin at wwu.edu>
> wrote:
>
>
> OK, spoke too soon.
>
> The difference between what I'm trying to do and what
> Trenton Adams
> wanted is that
> I'd
> like to be able to have the user select which role
> they're in, via
> a checkbox on
> the login
> form.
>
> I've located where and how to implement a new
> TicketExpirationPolicy, but I'm not
> sure how
> to let the value of the checkbox flow through to that
> code. Is
> that possible
> without
> changing core code? I'd like to stick to recognized
> extension
> points only.
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu
> [mailto:cas-bounces at tp.its.yale.edu] On Behalf
> Of Tim Mc
> Laughlin
> Sent: Tuesday, May 27, 2008 11:55 AM
> To: cas at tp.its.yale.edu
> Subject: "Lab" timeout different than "Office"
> timeout?
>
> I am almost sure I've seen this question fly across
> the list, but
> none of my
> queries have
> been right to find it in the archives, so apologies
> in advance.
>
> I've been asked if we can implement variable timeouts
> based on
> role, the most
> straightfoward of which will be a checkbox on the
> login form that
> can be checked
> if you're
> on a "Lab" or "Public" computer. Checking this would
> result in a
> shorter CAS
> timeout than
> an "Office" or "Private" computer.
>
> Can someone point me in the right direction?
>
> Thanks,
> Tim
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080604/c2ebb97f/attachment.html
More information about the cas
mailing list