• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Mail
  • Advanced
  • activity.name

  • People Directory
• Log In

1. Dashboard
2. > Central Authentication Service
3. > CAS 3
4. > Yale Meetings
5. > 2005.02.04 Yale Discussion

• Log In

2005.02.04 Yale Discussion

Added by Susan Bramhall, last edited by Susan Bramhall on Feb 04, 2005

From generated class diagrams we examined interfaces and packages. This increased our collective understanding of the current code and led to some recommendations.

Authentication Module

There are several classes in the Authentication module (package) which handle validation not authentication. These should be renamed and moved to a new package named validation.

current package.class	new package.class
authentication.AuthenticationSpecification	validation.ValidationSpecification
authentication.Cas10ProtocolAuthenticationSpecification	validation.Cas10ProtocolValidationSpecification
authentication.Cas20ProtocolAuthenticationSpecification	validation.Cas20ProtocolValidationSpecification
authentication.Assertion	validation.Assertion
authentication.AssertionImpl	validation.AssertionImpl

Web Tier

Spring Validator(s)

The BasicCredentialsValidator should be in the web package since it is not related to authentication nor to ticket validation but is a part of form validation.

current package.class	new package.class
authentication.BasicCredentialsValidator	web.LoginFormValidator

---

Login Controller

Non-form based authentication is an important feature of CAS3. We are expecting to provide at least one other LoginController for handling non form based authentication. To be clear about the function of the current controller it should be renamed.

current package.class	new package.class
web.LoginController	web.LoginFormController

Ticket Module

We propose that the Authentication type never retain or return credentials.

Existing model Authentication object encapsulates Principal, Attributes, Credentials, AuthenticationDate Credentials should be eliminated from the type.

The entire authentication object is available from the ticket and is used during validation. This keeps around the primary Credentials and even has a method to retrieve them anytime in the future. Keeping primary credentials in memory - and even on disk if using a cache makes CAS an extremely attractive target for hacking. There is no reason that we know of to keep these.

Proposed Authentication type Authentication object encapsulates Principal, Attributes, AuthenticationDate

Labels parameters

Labels

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Powered by a free Atlassian Confluence Open Source Project License granted to Java Architectures Special Interest Group. Evaluate Confluence today.

• Powered by Atlassian Confluence 2.9, the Enterprise Wiki.
• Printed by Atlassian Confluence 2.9, the Enterprise Wiki.
• Bug/feature request –
• Atlassian news –
• Contact administrators