shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérôme Leleu (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SHIRO-373) Complete CAS remember-me support
Date Wed, 17 Apr 2013 06:25:16 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633821#comment-13633821
] 

Jérôme Leleu commented on SHIRO-373:
------------------------------------

You're welcome.

It's worth noticing I did that a long time ago : it's a basic filter based on CAS server behaviour
: first access is considered authenticated, others are seen as remembered. Not perfect, but
it does the job. On Spring Security side, to handle the CAS remember-me feature, the dev lead
asked me to build a solution based on timeout instead, which is still pending waiting for
the new CAS client version : 3.3.

To draw the big picture, CAS server will be added a LOA support this year, so after that,
it could be the right time to build something more complete on Shiro library.

                
> Complete CAS remember-me support
> --------------------------------
>
>                 Key: SHIRO-373
>                 URL: https://issues.apache.org/jira/browse/SHIRO-373
>             Project: Shiro
>          Issue Type: Bug
>            Reporter: Jérôme Leleu
>             Fix For: 1.3.0
>
>         Attachments: svn-CasAuthenticatedUserFilter.patch
>
>
> I was preparing a demo on CAS support for Shiro : https://github.com/leleuj/cas-shiro-demo
and I did realize the remember-me feature is not fully addressed.
> One use case is missing : if the user is already remembered (by CAS) and want to be authenticated,
it should be redirected to CAS server with a specific parameter (renew=true) to force CAS
re-authentication.
> For this use case, I created a CasAuthenticatedUserFilter which checks if the user is
authenticated (not remembered) and sends him to the CAS server if he's not (with the specific
parameter to force re-authentication if he's already remembered).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message