Mailing-List: contact dev-help@cocoon.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cocoon.apache.org
Date: Fri, 23 Dec 2011 17:10:30 +0000 (UTC)
From: "Hudson (Commented) (JIRA)" <jira@apache.org>
To: dev@cocoon.apache.org
Message-ID: 
 <30009230.42820.1324660230612.JavaMail.tomcat@hel.zones.apache.org>
In-Reply-To: 
 <240482963.42233.1324640190641.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Commented] (COCOON3-84) Add remeber-me feature in
 cocoon-shiro module
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13175504#comment-13175504 ] 

Hudson commented on COCOON3-84:
-------------------------------

Integrated in Cocoon-trunk #116 (See [https://builds.apache.org/job/Cocoon-trunk/116/])
    COCOON3-84
Add remeber-me feature in cocoon-shiro module
Reporter/Patch: Ajay Deshwal 
As a remark plese the issue for explanation how to use it.
Thanks adeshwal at becompany dot ch

thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1222722
Files : 
* /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java

                
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
>                 Key: COCOON3-84
>                 URL: https://issues.apache.org/jira/browse/COCOON3-84
>             Project: Cocoon 3
>          Issue Type: Improvement
>          Components: cocoon-shiro
>    Affects Versions: 3.0.0-beta-1
>            Reporter: Ajay Deshwal
>            Assignee: Thorsten Scherler
>             Fix For: 3.0.0-beta-1
>
>         Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs:  Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
>  if in filter chain definitons we set:
>  /myurl=authc  > User has to authenticate no matter user had enabled remember-me in previous session.
>  /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira