PDA

View Full Version : Using CAS in remote application

Seasons
Sep 15th, 2004, 12:07 AM
Hi,

I'm writing a remote application work with CAS. But I don't know how to get the CAS ticket after the first login by providing user name and password. Could anyone post the sample codes for me?

By the way, how to use the ticket for future client-server communication? I have read the Acegi Security System for Spring Reference Documentation and trying the packed client application. For this case, how to change this client application to get the ticket and how to use the ticket for further service request?

Thanks
Ben Alex
Sep 15th, 2004, 06:52 PM
Is your question how to obtain a CAS service ticket which can then be used as a password for future web services requests (in conjunction with CasProcessingFilter.CAS_STATEFUL_IDENTIFIER)?

Acegi Security provides no code which does this, as basically you'll need your client application to POST to the CAS Server and parse the response. In the response you'll receive the service ticket. Scott Battaglia has done this - he might be able to send you his code. I have an old version laying around somewhere, but Scott would of course have the latest version.
Ben Alex
Sep 15th, 2004, 06:54 PM
I should mention if someone wanted to donate a utility class with a method like this:

public String getServiceTicket(String casServerHttpsUrl, String webServiceHttpsUrl, String username, String password);

I think it would be a good addition to Acegi Security. Scott, if you send me your latest code I could easily write it.
Scott Battaglia
Sep 17th, 2004, 08:09 AM
Ben,

What do you want? The specific implementations of the CredentialsSource interface? We have created a few based on different versions of CAS (i.e. a CAS web service vs. parsing the CAS login screen vs. a special CAS servlet to post to).
Ben Alex
Sep 17th, 2004, 07:12 PM
Probably AcegiCasHtmlResponseCredentialsSource, but in a utility class with a static method so it can be used simply from a web services client application.
Scott Battaglia
Sep 19th, 2004, 01:05 PM
I don't have the most recent source at home so I'll try and grab it at work on Monday.

I'm not sure however that the class can be a static method. Its heavily dependent on the actual parsing of the HTML page which can change depending on how you've implemented your CAS login page.