CAS - Form Based Login

51 views
Skip to first unread message

Steve Cheung

unread,
Nov 20, 2019, 4:10:45 AM11/20/19
to CAS Community
Hi all,

I search around the Java-Cas-Client readme and it said CAS supporting JAAS. However, I really cant find much detail on how to configure it on my web application. 



I wanna keep the form based login in my web app and using the CAS backend as authentication service. Anyone has experience or useful link for me?

For example,  in web.xml, only the user with admin role is able to access the /admin page
<security-constraint>
  <web-resource-collection>
    <web-resource-name>Admin</web-resource-name>
    <url-pattern>/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>admin</role-name>
  </auth-constraint>
</security-constraint>

<security-role>
  <role-name>admin</role-name>
</security-role>

<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.html</form-error-page>
  </form-login-config>
</login-config>


Many thanks, Steve













Richard Frovarp

unread,
Nov 20, 2019, 10:54:39 AM11/20/19
to cas-...@apereo.org
The point of doing federated authentication is that you don't login through the application anymore. So you no longer need the login form. It becomes a button like all of the login with Facebook, Google, Twitter, etc options you see on a variety of sites.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/22c195a6-be47-443a-9652-c2dc3270c0b2%40apereo.org.


Steve Cheung

unread,
Nov 21, 2019, 2:00:44 AM11/21/19
to CAS Community
Hi Richard,

Thanks for your clarification. I think it is ok to use the cas login page for the login. However, Is it still possible to preserve the security-constraint setting in the web.xml? Or you have any recommendation how to integrate this web app with CAS? 



Thanks, Steve
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

Richard Frovarp

unread,
Nov 21, 2019, 1:37:01 PM11/21/19
to cas-...@apereo.org
Yeah, I think that should work. I've done it once or twice for a web application. You'll have to bring in the CAS Servlet filter to do it. Pretty much everything of mine is using Apache Shiro for security, so I'm not very familiar with the servlet based security constraints.  https://github.com/apereo/java-cas-client/blob/master/README.md
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f3ce0a9-1fed-4bf2-85bf-fd7b6a83cc54%40apereo.org.


Reply all
Reply to author
Forward
0 new messages