cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ajay Deshwal (Created) (JIRA)" <>
Subject [jira] [Created] (COCOON3-84) Add remeber-me feature in cocoon-shiro module
Date Fri, 23 Dec 2011 11:36:30 GMT
Add remeber-me feature in cocoon-shiro module

                 Key: COCOON3-84
             Project: Cocoon 3
          Issue Type: Improvement
          Components: cocoon-shiro
    Affects Versions: 3.0.0-beta-1
            Reporter: Ajay Deshwal

cocoon-shiro module should provide feature to remember authenticating user.

A remembered identity gives the system an idea who that person probably is, but in reality,
has no way of guaranteeing the remembered identity really is that user.

According to shiro docs:  Shiro follows same paradigm as all over the web. for eg: When you
visit and perform a login and ask it to 'remember me', it will set a cookie with
your identity. If you don't log out and your session expires, and you come back, say the next
day, Amazon still knows who you probably are: you still see all of your book and movie recommendations
and similar user-specific features since these are based on your (remembered) user id.

Some facts worth remembering about Shiro's remember me feature:
 if in filter chain definitons we set:
 /myurl=authc  > User has to authenticate no matter user had enabled remember-me in previous
 /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous
session(Assuming USER role has been assigned to requesting user).

Now, when writing your own webapp, whether you use the authc filter or simply depend on if
the user is remembered is entirely up to you.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message