-
Hi,
happy new year and thanks for your contribution about CAS support !
i've updated the feature request about supporting CAS (https://sourceforge.net/tracker/index.php?func=detail&aid=1641505&group_id=107276&atid=).
when the jguard 2.0 will be out, CAS support will be part of the top items added to 2.x releases.
about jguard 2.0 development:
a new infrastructure has been added for a better...
2010-01-02 18:50:02 UTC by diabolo512
-
a jguard user has implemented the feature with jguard 1.0.4:
https://sourceforge.net/projects/jguard/forums/forum/407993/topic/3498619.
2010-01-02 18:43:06 UTC by diabolo512
-
I am wanting to take the number out of jg_user.id and put it into other table rows of my webapp database to show who modified a row last. Is there a build in jguard method to get the jg_user.id of the current authenticated in user?
Also is there a jguard built in method to go back from jg_user.id to get a public credential's about that jg_user.id? Since one user can look at entries modified...
2010-01-01 05:27:12 UTC by maremv
-
diabolo512 committed revision 3417 to the jGuard SVN repository, changing 2 files.
2009-12-31 17:29:14 UTC by diabolo512
-
diabolo512 committed revision 3416 to the jGuard SVN repository, changing 20 files.
2009-12-31 08:26:10 UTC by diabolo512
-
Ops! I mean: "I am happy to see...".
2009-12-30 12:31:15 UTC by vinipitta
-
Hi Yangz,
I happen to see that you achieve a fast solution. I guess if you lapidate it maybe Charles can add it to the jGuard ext package. :)
About the cookie, I actually don't get it. :) I mean, what you want to say with 'find no cookie'? The idea is that you generate it on the centralized login app and store in a cookie, but not mandatory as you already figured out. :)
The real...
2009-12-30 12:30:28 UTC by vinipitta
-
Hi,vinipitta
Thanks for your suggestion and your clear explanation, I did it follow what you said, it is a perfect solution really, hehe :)
so I tell you what I did:
I implements a new CASLoginModel , it's "validatePassword" method has been modified like this:
...
private boolean validatePassword(String cryptedPassword)
throws LoginException {...
2009-12-30 11:13:24 UTC by sweet_yangyz
-
Yangyz,
You are right about the security of this solution. There is no guarantee that the user have been previously authenticated. Anyone can simple insert this attribute with any value on the page and 'login'.
What is the idea behind the ticket? I assume that when you authenticate a user you generate an ticket (eg a string based on the current time + a random number and user login). This...
2009-12-29 12:52:31 UTC by vinipitta
-
Hello vinipitta:
Thanks for your help,I'm agree with you,and I think it's a good idea, so I tried to do it like that you said,but I used the user login value in HttpSession instead of the ticket form CAS server for authentication , I want to tell you how I did it:
Modified the "index.jsp" of all Applications in tomcat webapps folder like this:
1.Add "style" attribute with "display:none"...
2009-12-29 12:31:03 UTC by sweet_yangyz
