Hello, need some help.
Carlos del Campo
legolas2001 at hotmail.com
Thu Jan 22 07:16:15 EST 2009
Hi!
I already posted this in Spring Security forums but I'll post it here too because this should be the best place to get some help.
I'm new to Cas and Spring Security, but I've been involved in a project that needs to use it.
The point is that we have an application portal, where applications login can be done in 2 different ways:
1) With a 2 fields form, username and password (the usual)
2) With a 3 fields form, username, password and an aditional code.
What I want to do is that CAS recognice what kind of login form is been used an, if it's the 3 fields form, include a .jar I already have that let's me check if the 3rd fields is correct.
If it isn't, CAS should not grant permissions.
I've been thinking about reimplementing some class in CAS server like I did with Spring Security (I reimplemented AuthenticationProcessingFilter and it worked fine), but as far as I understand form the sequence diagram in mattfleming.com/node/269, the login proccess is completely managed by the CAS server and acegi just manages authorization.
I've been reading, googling and looking CAS server source by my self but I'm having no success.
Thanks for your help and sorry if I didn't use english properly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20090122/b1cd3381/attachment.html
More information about the cas
mailing list