Is there a way to be authenticated in a Spring Security application(with Spring MVC) that uses CAS client by only passing credentials through url? I have a working Spring MVC application that uses Spring Security and CAS client with a form-based login, A new requirement is to authenticate some users coming through a special URL where username and a hash key is passed to the application, and such users should also be able to view pages restricted with CAS as normal authenticated users who logged in through CAS form. May I need to request a valid CAS ticket from CAS server or any other alternative?
1 Answers
0
votes
We do something similar to this using the REST client.
https://wiki.jasig.org/display/CASUM/RESTful+API
Once you've got a username/password it's trivial to gather a service ticket and then validate it. Note that this completely changes the security model though, CAS is designed around transparently authenticating, using this method makes it quite explicit. Also there are some security implications to be aware of as the blurb at the top of that page mentions.
