Versions Compared

Version Old Version 30 New Version 31
Changes made by

Andrew Petro

Andrew Petro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

That said, I think I have some concerns with the CredentialsBinder API and its associated LoginController implementation.

Executive summary

The abstraction provided by AbstractFormController is insufficiently flexible for implementation of the CAS 3 LoginController. LoginController will need to be implemented in terms of the BaseCommandController or AbstractController abstraction.

Discussion

Panel
titleLoginController inheritence

For reference, the following is the class hierarchy for LoginController. Highlighted methods are those involved in the discussion below.

Tip
iconfalse
titleLoginController

extends

Note
iconfalse
titleSimpleFormController

extends

Note
iconfalse
titleAbstractFormController
  • protected abstract ModelAndView processFormSubmission(
    HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws Exception;
  • protected final Object getCommand(HttpServletRequest request) throws Exception;

extends

Note
iconfalse
titleBaseCommandController
  • protected Object getCommand(HttpServletRequest request) {}
  • protected final Object createCommand() throws InstantiationException, IllegalAccessException;
  • protected final ServletRequestDataBinder bindAndValidate(HttpServletRequest request, Object command) throws Exception {}

extends

Note
iconfalse
titleAbstractController

extends

Note
iconfalse
titleWebContentGenerator

extends

Note
iconfalse
titleWebApplicationObjectSupport

extends

Note
iconfalse
titleApplicationObjectSupport

...

What we see here is LoginController picking up the credentials from the "object" request parameter argument to this method (the Spring Web MVC command / form that this handler is going to handle). It binds the request to this object using its CredentialsBinder and then passes it into the CentralAuthenticationService service object to obtain the TGT string.

...