2

To casify web service I am planning to follow the following:

I have a application that requests for a web service, the web service will only server the client if the application passes a valid ticket string.

  1. The Java application sends a username/password combination to the CAS server using restful API.
  2. The CAS server replies with a ticket on successful authentication.
  3. The application sends the ticket my web service and ask for some data for some data.
  4. The web service receives the ticket and sends the ticket to the CAS server to validate it.
  5. If the CAS server returns a username/ or any kind of message that confirms the validity of the ticket, the web service replies back to the application a response to fulfill the application request.

The CAS server is returning the ticket to the application,the application posts the ticket string to web service, the web server accepts the ticket string. Now how do I send the ticket to CAS server for validation? Any ideas? Also is there any better way to casify the Web service?

I tried to draw what I want to archive:

Casifying web service

Brian Deragon
  • 2,929
  • 24
  • 44
user1070930
  • 21
  • 1
  • I have solved the problem of getting my ticket validated. now my question is Is this the best way to validate tickets – user1070930 Nov 29 '11 at 11:55
  • If having a valid ticket is the one and only way to get into the web application, then this is a secure method. I can't comment on the security of your implementation though because I don't know the details. What CAS software are you using? – littlegreen Feb 16 '12 at 12:09

1 Answers1

0

Since this is a java based application you can use the filters that are available with CAS to do the validation & authentication.

6ton
  • 4,174
  • 1
  • 22
  • 37