HELP

[Andrew R Feller]

Qingzhao,

 

The problem you are describing is not an authentication issue but rather an authorization issue; whether a user has the right to use an application or not.  Depending on your authorization situation, you might be able to use Spring Security (previously known as ACEGI) with your applications. (http://www.acegisecurity.org/)

 

Hope this helps,

 

Andrew R Feller, Analyst

University Information Systems

200 Fred Frey Building

Louisiana State University <http://www.lsu.edu/> 

Baton Rouge, LA, 70803

(225) 578-3737 (Office)

(225) 578-6400 (Fax)

 

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of qingzhao zheng
Sent: Monday, June 09, 2008 10:17 AM
To: cas at tp.its.yale.edu
Subject: HELP

 

Hi,
There is one application named TCMManager ,all users loggin from TCMManager and click the URL List to visit other applications .
and the url list dynamically produced according to the database tables---r_user_application(id,staffid,appid);
 For example,user jack have the right to visit appone and apptwo,but not appthree. so jack visit TCMManager, and it 
redirect to CAS server ,after he login ,it return to the TCMManager.Now he has the appone and apptwo's urls,and he can click to
visit them as he likes. The problem is  if he knows the appthree's url ,he can visit the appthree in the same browser window when 
he type the url in the address bar.This is not allow because he doesn't have the right.What can I do to prohibit this??

  I have put cas client code in the TCMManger,appone,apptwo,appthree using the cas1 protocal.configure like this:
              <filter> 
     <filter-name>CAS Filter</filter-name> 
     <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> 
     <init-param> 
       <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> 
       <param-value>https://qing:8443/cas/login</param-value> 
     </init-param> 
     <init-param> 
       <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> 
       <param-value>https://qing:8443/cas/serviceValidate</param-value> 
     </init-param> 
     <init-param> 
       <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> 
       <param-value>qing:8888</param-value> 
     </init-param> 
  </filter> 
  in cas server I user jdbcAuthenticate Handler ,
     <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
                            <property name="sql" value="select password from t_staff where username=?" />
                            <property name="dataSource" ref="dataSource" />
    </bean>
.
can I prohibit this by modify the "sql" ?
or is it right for me to use cas1 protocal in this situation?
Can anybody give me some advice?
                                                                   thanks,
                                                                       qingzhao,

  

________________________________

ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡 <http://cn.mail.yahoo.com/> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080609/88c0bdfd/attachment.html