Reputation: 1840
Authentication with CAS for rest service call
In our current setup we have about a dozen web applications that deploy to a single Tomcat server. One of these applications is CAS which is used for all authorization.
This works pretty well and in our jRuby web application we use the rubycas-client gem, point to CAS and we're done.
Now we have a requirements where, in a Java component, we need to be able to call out to another web application via a rest service that resides on the same server. My first thought was to use CAS proxy tickets but the web application we have to hit currently doesn't have this enabled and, due to the nature of the environment, this cannot be changed.
So as far as I can tell we're left trying to impersonate the user by using an iframe in our web application that points to the other one (we're all on the same domain and server) and scrape its sessionid for impersonation and pass it down to the Java layer. But I really, really don't want to do this.
Am I missing anything? Is there any better ways of doing this? Is there a way to get the sessionid without an iframe maybe?
Thanks!
Upvotes: 1
Views: 445
Answers (1)
Reputation: 2699
If you want to call a web service from a web application using CAS identity, you certainly should use the CAS proxy feature. If you can't cassify your web service, there is another option for you : you could use the Apache module for CAS : https://wiki.jasig.org/display/CASC/mod_auth_cas.
Upvotes: 1
Related Questions
- CAS Rest Protocol Does not work without Generic Service Definition
- Spring Security with CAS rest (Direct login)
- Restful CAS client and Proxy Granting Tickets
- Securing Spring boot Rest services with CAS
- Rest Services and CAS validate
- CAS server 4.0.x restlet api supplied credentials are null
- CAS authentication of a RESTful web service
- Working Java REST Client Example to access CAS REST API
- Authenticate user for secure spring service with CAS RESTful API ticket
- Calling RESTful services using CAS Proxy and Spring Security