shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérôme Leleu (JIRA) <>
Subject [jira] [Commented] (SHIRO-373) Complete CAS remember-me support
Date Wed, 17 Apr 2013 06:25:16 GMT


Jérôme Leleu commented on SHIRO-373:

You're welcome.

It's worth noticing I did that a long time ago : it's a basic filter based on CAS server behaviour
: first access is considered authenticated, others are seen as remembered. Not perfect, but
it does the job. On Spring Security side, to handle the CAS remember-me feature, the dev lead
asked me to build a solution based on timeout instead, which is still pending waiting for
the new CAS client version : 3.3.

To draw the big picture, CAS server will be added a LOA support this year, so after that,
it could be the right time to build something more complete on Shiro library.

> Complete CAS remember-me support
> --------------------------------
>                 Key: SHIRO-373
>                 URL:
>             Project: Shiro
>          Issue Type: Bug
>            Reporter: Jérôme Leleu
>             Fix For: 1.3.0
>         Attachments: svn-CasAuthenticatedUserFilter.patch
> I was preparing a demo on CAS support for Shiro :
and I did realize the remember-me feature is not fully addressed.
> One use case is missing : if the user is already remembered (by CAS) and want to be authenticated,
it should be redirected to CAS server with a specific parameter (renew=true) to force CAS
> For this use case, I created a CasAuthenticatedUserFilter which checks if the user is
authenticated (not remembered) and sends him to the CAS server if he's not (with the specific
parameter to force re-authentication if he's already remembered).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message