RESTful API + JSONP

>  
>
> We need the ability to create our own custom login page hosted on a
> server separate from the CAS server.  We’ve  played around with the
> RESTful API a little but noticed the result of the RESTful services do
> not appear to be JSONP.  If we use ajax to make a cross domain service
> call to the CAS server, we need the service response to be JSONP.  Is
> there an easy way to add a custom view that renders JSONP instead of
> html?  Is this reasonable or is there a better approach we could take
> to accomplish the same goal?
>
>  Thanks for your help,
>
>  Jordon
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev

>  
>
> We need the ability to create our own custom login page hosted on a
> server separate from the CAS server.  We’ve  played around with the
> RESTful API a little but noticed the result of the RESTful services do
> not appear to be JSONP.  If we use ajax to make a cross domain service
> call to the CAS server, we need the service response to be JSONP.  Is
> there an easy way to add a custom view that renders JSONP instead of
> html?  Is this reasonable or is there a better approach we could take
> to accomplish the same goal?
>
>  Thanks for your help,
>
>  Jordon
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev

> I am trying this link you provide and it failes to work, could you kindly check this out
> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>
>
> -----Original Message-----
> From: Shi Yusen [mailto:[hidden email]]
> Sent: Wednesday, April 22, 2009 10:30 AM
> To: [hidden email]
> Subject: Re: [cas-dev] RESTful API + JSONP
>
> We built a new UI for our CAS installations.
>
> Common UI is http://sso.langhua.org/cas/login
>
> iframe UI is http://sso.langhua.org/cas/floatLogin
>
> Float UI is http://sso.langhua.org/cas/floatLogin.jsp
>
> You can get the source code from
> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
> and deploy the cas.zip in your CAS.
>
> It's worked in CAS 3.3.1.
>
> Perhaps you can put the iframe one into your login page.
>
> Good Luck,
>
> Shi Yusen/Beijing Langhua Ltd.
>
>
>
> 在 2009-04-21二的 16:37 -0600，Jordon写道：
> >  
> >
> > We need the ability to create our own custom login page hosted on a
> > server separate from the CAS server.  We’ve  played around with the
> > RESTful API a little but noticed the result of the RESTful services do
> > not appear to be JSONP.  If we use ajax to make a cross domain service
> > call to the CAS server, we need the service response to be JSONP.  Is
> > there an easy way to add a custom view that renders JSONP instead of
> > html?  Is this reasonable or is there a better approach we could take
> > to accomplish the same goal?
> >
> >  Thanks for your help,
> >
> >  Jordon
> >
> >
> > --
> > You are currently subscribed to [hidden email] as: [hidden email]
> > To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev

> -------- Original Message --------
> From: Shi Yusen <[hidden email]>
>
> Sorry, a typo. It should be
> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.patch.zip/
>
>
>
> 在 2009-04-22三的 10:38 +0300，Koby Ram写道：
>> I am trying this link you provide and it failes to work, could you kindly check this out
>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>>
>>
>> -----Original Message-----
>> From: Shi Yusen [mailto:[hidden email]]
>>
>> We built a new UI for our CAS installations.
>>
>> Common UI is http://sso.langhua.org/cas/login
>>
>> iframe UI is http://sso.langhua.org/cas/floatLogin
>>
>> Float UI is http://sso.langhua.org/cas/floatLogin.jsp
>>
>> You can get the source code from
>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>> and deploy the cas.zip in your CAS.
>>
>> It's worked in CAS 3.3.1.
>>
>> Perhaps you can put the iframe one into your login page.
>>
>> Good Luck,
>>
>> Shi Yusen/Beijing Langhua Ltd.
>>
>>
>>
>> 在 2009-04-21二的 16:37 -0600，Jordon写道：
>> >  
>> >
>> > We need the ability to create our own custom login page hosted on a
>> > server separate from the CAS server.  We’ve  played around with the
>> > RESTful API a little but noticed the result of the RESTful services do
>> > not appear to be JSONP.  If we use ajax to make a cross domain service
>> > call to the CAS server, we need the service response to be JSONP.  Is
>> > there an easy way to add a custom view that renders JSONP instead of
>> > html?  Is this reasonable or is there a better approach we could take
>> > to accomplish the same goal?
>> >
>> >  Thanks for your help,
>> >
>> >  Jordon

> -------- Original Message --------
> From: Shi Yusen <[hidden email]>
>
> Sorry, a typo. It should be
> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.patch.zip/
>
>
>
> 在 2009-04-22三的 10:38 +0300，Koby Ram写道：
>> I am trying this link you provide and it failes to work, could you kindly check this out
>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>>
>>
>> -----Original Message-----
>> From: Shi Yusen [mailto:[hidden email]]
>>
>> We built a new UI for our CAS installations.
>>
>> Common UI is http://sso.langhua.org/cas/login
>>
>> iframe UI is http://sso.langhua.org/cas/floatLogin
>>
>> Float UI is http://sso.langhua.org/cas/floatLogin.jsp
>>
>> You can get the source code from
>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>> and deploy the cas.zip in your CAS.
>>
>> It's worked in CAS 3.3.1.
>>
>> Perhaps you can put the iframe one into your login page.
>>
>> Good Luck,
>>
>> Shi Yusen/Beijing Langhua Ltd.
>>
>>
>>
>> 在 2009-04-21二的 16:37 -0600，Jordon写道：
>> >  
>> >
>> > We need the ability to create our own custom login page hosted on a
>> > server separate from the CAS server.  We’ve  played around with the
>> > RESTful API a little but noticed the result of the RESTful services do
>> > not appear to be JSONP.  If we use ajax to make a cross domain service
>> > call to the CAS server, we need the service response to be JSONP.  Is
>> > there an easy way to add a custom view that renders JSONP instead of
>> > html?  Is this reasonable or is there a better approach we could take
>> > to accomplish the same goal?
>> >
>> >  Thanks for your help,
>> >
>> >  Jordon

> You can also simply have the client application render it's own login form with an action directed towards your CAS server.  As of CAS 3.0, you could leave out the "lt" (login ticket) parameter without harm.  (Note that this loophole may have been plugged in CAS versions after 3.0, and certainly wouldn't have worked in the 2.x line of CAS servers.)  Although this slightly decreases the security of CAS by removing the repost protection (the reason for "lt"), have employed this technique successfully in a few places.  We did make an enhancement to the CAS sever so that it will redirect back to the referring page with a special parameter in the event of an authentication failure (such as bad password) instead of displaying its own failure page.
>
> We are considering adding cross-domain AJAX capabilities to the CAS server to allow the client to request an "lt" on the fly when the user submits the login form.  This should be sufficient to re-introduce the repost protection offered by the out-of-the-box CAS server.  However, the way "lt" is handled by CAS 3.0 is less than ideal (i.e. overloading Spring Web Flow's "conversation" identifier parameter), so it might be tricky to pull this off without cleaning up that aspect of the CAS server.
>
> -Nathan
>
> -----Original Message-----
> From: Jordon [mailto:[hidden email]]
> Sent: Wednesday, April 22, 2009 11:08 AM
> To: [hidden email]
> Subject: Re: [cas-dev] RESTful API + JSONP
>
> These extensions look good, thanks for the links.  Unfortunately, I
> don't think they will work in our particular situation.
>
> I failed to mention that we need to decorate the username field on the
> client side (ie: javascript) before we submit the user credentials for
> an authentication ticket.  This is the main reason we need to create our
> own login page not deployed to the CAS server.
>
> It would be nice to use RESTful ajax for this, but it sounds like a
> reasonable alternative would be to create our own
> NonInteractiveCredentialsAction by extending
> AbstractNonInteractiveCredentialsAction using the Trusted Authentication
> Handler wiki page as a guide
> (http://www.ja-sig.org/wiki/display/CASUM/Trusted).
>
> Jordon
>
>> -------- Original Message --------
>> From: Shi Yusen <[hidden email]>
>>
>> Sorry, a typo. It should be
>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.patch.zip/
>>
>>
>>
>> 在 2009-04-22三的 10:38 +0300，Koby Ram写道：
>>> I am trying this link you provide and it failes to work, could you kindly check this out
>>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>>>
>>>
>>> -----Original Message-----
>>> From: Shi Yusen [mailto:[hidden email]]
>>>
>>> We built a new UI for our CAS installations.
>>>
>>> Common UI is http://sso.langhua.org/cas/login
>>>
>>> iframe UI is http://sso.langhua.org/cas/floatLogin
>>>
>>> Float UI is http://sso.langhua.org/cas/floatLogin.jsp
>>>
>>> You can get the source code from
>>> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>>> and deploy the cas.zip in your CAS.
>>>
>>> It's worked in CAS 3.3.1.
>>>
>>> Perhaps you can put the iframe one into your login page.
>>>
>>> Good Luck,
>>>
>>> Shi Yusen/Beijing Langhua Ltd.
>>>
>>>
>>>
>>> 在 2009-04-21二的 16:37 -0600，Jordon写道：
>>>>  
>>>>
>>>> We need the ability to create our own custom login page hosted on a
>>>> server separate from the CAS server.  We’ve  played around with the
>>>> RESTful API a little but noticed the result of the RESTful services do
>>>> not appear to be JSONP.  If we use ajax to make a cross domain service
>>>> call to the CAS server, we need the service response to be JSONP.  Is
>>>> there an easy way to add a custom view that renders JSONP instead of
>>>> html?  Is this reasonable or is there a better approach we could take
>>>> to accomplish the same goal?
>>>>
>>>>  Thanks for your help,
>>>>
>>>>  Jordon
>

> I am trying this link you provide and it failes to work, could you kindly check this out
> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
>
>
> -----Original Message-----
> From: Shi Yusen [mailto:[hidden email]]
> Sent: Wednesday, April 22, 2009 10:30 AM
> To: [hidden email]
> Subject: Re: [cas-dev] RESTful API + JSONP
>
> We built a new UI for our CAS installations.
>
> Common UI is http://sso.langhua.org/cas/login
>
> iframe UI is http://sso.langhua.org/cas/floatLogin
>
> Float UI is http://sso.langhua.org/cas/floatLogin.jsp
>
> You can get the source code from
> http://www.langhua.cn/viewvc/svn/CAS/cas-new-login/cas.pacth.zip/
> and deploy the cas.zip in your CAS.
>
> It's worked in CAS 3.3.1.
>
> Perhaps you can put the iframe one into your login page.
>
> Good Luck,
>
> Shi Yusen/Beijing Langhua Ltd.
>
>
>
>���� 2009-04-21������ 16:37 -0600���Jordon���������
> >  
> >
> > We need the ability to create our own custom login page hosted on a
> > server separate from the CAS server.  We���ve  played around with the
> > RESTful API a little but noticed the result of the RESTful services do
> > not appear to be JSONP.  If we use ajax to make a cross domain service
> > call to the CAS server, we need the service response to be JSONP.  Is
> > there an easy way to add a custom view that renders JSONP instead of
> > html?  Is this reasonable or is there a better approach we could take
> > to accomplish the same goal?
> >
> >  Thanks for your help,
> >
> >  Jordon
> >
> >
> > --
> > You are currently subscribed to [hidden email] as: [hidden email]
> > To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev