On 31.12.2009 11:44, Alessandro Bottoni wrote: > 2) An enterprise-level module, like Spring Security. This solution > should have to be flexible and extendible. It should be able to deal > with LDAP, OpenID, JASIG CAS and other providers. It would be used for > complex, enterprise-level apps. > When you mention CAS, do you know that by using it you can in fact use both JDBC, LDAP, Active Directory, Radius, JAAS, Kerberos behind it all at the same time.. CAS can authenticate your users from many sources and they will see only a single login page. I have pretty positive experience with JASIG CAS and we have been using it for 4 years now. We use it for single-sign-on accross several applications (uPortal, Moodle, Trac, our Course Enrollment project based on Tapestry, another ASP.Net project, few other PHP apps etc).
Why we decided on CAS. The userbase is mostly US universities with tens of thousands of students. If they trust it to keep users in or out of their services, why wouldn't we? 1. CAS has a service, which is a relatively small java web app (13MB war) that presents a login screen and redirects to your application if the user is authenticated. Very easy to configure. The setup is very very easy (XML based) and there are many configuration examples on the web and I was able to set it in under Tomcat and configure to connect to two active directory domains in just half an hour. So users from both domains can use my application and any other application that will be casified. 2. How to use it in the app? a. In your app you include a CAS client that checks the service if any user is logged in and what is the name of the user. This is again simple, you just read the username via some method from the client classes. b. If you don't like to put the client in your app, you can set it as a filter on the web server (in web.xml) to listen to several paths. So on each request if the user is logged in, a session variable will be set with the validated username. c. Both ways you get the username and you can then decide what to do about it. I think that's simple. Few XML configurations for the CAS service and a single line of code to get the username in your app.
smime.p7s
Description: S/MIME Cryptographic Signature
