"Lab" timeout different than "Office" timeout?
Tim Mc Laughlin
Tim.McLaughlin at wwu.edu
Thu May 29 13:00:52 EDT 2008
OK, it's all working now. Here's my attempt to be a good participant by compiling the
result. Hopefully it will be easy to find for others in the future.
To make it work, I did the following:
* Modified the JSP in our custom UI theme to contain a checkbox for "workstationType".
* Extended UsernamePasswordCredentials to contain the value.
* Modified casServlet.xml to tell the authenticationViaFormAction about the new
credentials by setting two new properties on the "authenticationViaFormAction" bean like
so:
<bean id="authenticationViaFormAction"
class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"
p:formObjectName="credentials"
p:formObjectClass="mypackage.MyNewCredentialsClass" />
* Added an AuthenticationMetaDataPopulator to put that value on the authentication
attribute map.
* Modified deployerConfigContext to configure the new MetaData. Add a new property to the
"authenticationManager" bean like so:
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
...other properties...
<property name="authenticationMetaDataPopulators">
<list>
<bean class="mypackage.MyNewMetaDataPopulator" />
</list>
</property>
</bean>
* Added an ExpirationPolicy to make use of that value to decide between two timeout
values.
* Modified ticketExpirationPolicies.xml to configure the new ExpirationPolicy like so:
<bean id="grantingTicketExpirationPolicy"
class="mypackage.MyNewExpirationPolicy">
<!-- This argument is the time a ticket can exist before its considered expired.
-->
<!-- Argument 0 is for "Private" machines (the default) -->
<!-- 7200000 ms == 2 hours -->
<constructor-arg
index="0"
value="7200000" />
<!-- Argument 1 is for "Public" machines -->
<!-- 1800000 ms == 30 min -->
<constructor-arg
index="1"
value="1800000" />
</bean>
Not a huge deal of work, but sure is complicated to find the info! Many thanks to Scott
(directly) and Andrew (indirectly) for the assistance finding it.
:)
Tim
-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Scott
Battaglia
Sent: Wednesday, May 28, 2008 12:43 PM
To: Yale CAS mailing list
Subject: Re: "Lab" timeout different than "Office" timeout?
And no need for a custom resolver unless you are doing more stuff than just returning the
username.
-Scott
On Wed, May 28, 2008 at 3:42 PM, Scott Battaglia <scott.battaglia at gmail.com> wrote:
Tim,
You can set the Credentials class on the AuthenticationViaForm action. You'll need
to set the formObjectClass and the formObjectName properties (you should be able to just
set formObjectName to "credentials").
-Scott
On Wed, May 28, 2008 at 12:17 PM, Tim Mc Laughlin <Tim.McLaughlin at wwu.edu> wrote:
Beautiful. Makes perfect sense, now that I know where to look.
I'm also making a CredentialsToPrincipalResolver to make use of the new
Credentials
subclass. Did I need to do that? Can't find a place in the
xml/properties files to tell
it which Credentials class to use, just the Resolver.
Thanks!
Tim
-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On
Behalf Of Scott
Battaglia
Sent: Tuesday, May 27, 2008 3:55 PM
To: Yale CAS mailing list
Subject: Re: "Lab" timeout different than "Office" timeout?
Tim,
You should extend the UsernamePasswordCredentials to accept your new
property. Then
create a MetaDataPopulator to take that property and dump it into the
attributes for the
Authentication object. Configure that all using the Spring magic ;-) And
then your
custom ticket expiration policy will have the value.
-Scott
On Tue, May 27, 2008 at 5:13 PM, Tim Mc Laughlin <Tim.McLaughlin at wwu.edu>
wrote:
OK, spoke too soon.
The difference between what I'm trying to do and what Trenton Adams
wanted is that
I'd
like to be able to have the user select which role they're in, via
a checkbox on
the login
form.
I've located where and how to implement a new
TicketExpirationPolicy, but I'm not
sure how
to let the value of the checkbox flow through to that code. Is
that possible
without
changing core code? I'd like to stick to recognized extension
points only.
Thanks,
Tim
-----Original Message-----
From: cas-bounces at tp.its.yale.edu
[mailto:cas-bounces at tp.its.yale.edu] On Behalf
Of Tim Mc
Laughlin
Sent: Tuesday, May 27, 2008 11:55 AM
To: cas at tp.its.yale.edu
Subject: "Lab" timeout different than "Office" timeout?
I am almost sure I've seen this question fly across the list, but
none of my
queries have
been right to find it in the archives, so apologies in advance.
I've been asked if we can implement variable timeouts based on
role, the most
straightfoward of which will be a checkbox on the login form that
can be checked
if you're
on a "Lab" or "Public" computer. Checking this would result in a
shorter CAS
timeout than
an "Office" or "Private" computer.
Can someone point me in the right direction?
Thanks,
Tim
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4811 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080529/f86dc087/attachment.bin
More information about the cas
mailing list