You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by "Ajay Deshwal (Created) (JIRA)" <ji...@apache.org> on 2011/12/23 12:36:30 UTC
[jira] [Created] (COCOON3-84) Add remeber-me feature in
cocoon-shiro module
Add remeber-me feature in cocoon-shiro module
---------------------------------------------
Key: COCOON3-84
URL: https://issues.apache.org/jira/browse/COCOON3-84
Project: Cocoon 3
Issue Type: Improvement
Components: cocoon-shiro
Affects Versions: 3.0.0-beta-1
Reporter: Ajay Deshwal
cocoon-shiro module should provide feature to remember authenticating user.
A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
Some facts worth remembering about Shiro's remember me feature:
if in filter chain definitons we set:
/myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
/myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (COCOON3-84) Add remeber-me feature in
cocoon-shiro module
Posted by "Thorsten Scherler (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thorsten Scherler reassigned COCOON3-84:
----------------------------------------
Assignee: Thorsten Scherler
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
> Key: COCOON3-84
> URL: https://issues.apache.org/jira/browse/COCOON3-84
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Assignee: Thorsten Scherler
> Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
> if in filter chain definitons we set:
> /myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
> /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (COCOON3-84) Add remeber-me feature in cocoon-shiro
module
Posted by "Thorsten Scherler (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thorsten Scherler closed COCOON3-84.
------------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0-beta-1
revision 1222722.
Thanks ajay for the patch
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
> Key: COCOON3-84
> URL: https://issues.apache.org/jira/browse/COCOON3-84
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Assignee: Thorsten Scherler
> Fix For: 3.0.0-beta-1
>
> Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
> if in filter chain definitons we set:
> /myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
> /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COCOON3-84) Add remeber-me feature in
cocoon-shiro module
Posted by "Ajay Deshwal (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13176114#comment-13176114 ]
Ajay Deshwal commented on COCOON3-84:
-------------------------------------
Thank you Thorsten for prompt response.
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
> Key: COCOON3-84
> URL: https://issues.apache.org/jira/browse/COCOON3-84
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Assignee: Thorsten Scherler
> Fix For: 3.0.0-beta-1
>
> Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
> if in filter chain definitons we set:
> /myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
> /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COCOON3-84) Add remeber-me feature in
cocoon-shiro module
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13175504#comment-13175504 ]
Hudson commented on COCOON3-84:
-------------------------------
Integrated in Cocoon-trunk #116 (See [https://builds.apache.org/job/Cocoon-trunk/116/])
COCOON3-84
Add remeber-me feature in cocoon-shiro module
Reporter/Patch: Ajay Deshwal
As a remark plese the issue for explanation how to use it.
Thanks adeshwal at becompany dot ch
thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1222722
Files :
* /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
> Key: COCOON3-84
> URL: https://issues.apache.org/jira/browse/COCOON3-84
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Assignee: Thorsten Scherler
> Fix For: 3.0.0-beta-1
>
> Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
> if in filter chain definitons we set:
> /myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
> /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COCOON3-84) Add remeber-me feature in
cocoon-shiro module
Posted by "Ajay Deshwal (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ajay Deshwal updated COCOON3-84:
--------------------------------
Attachment: COCOON3-84.patch
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
> Key: COCOON3-84
> URL: https://issues.apache.org/jira/browse/COCOON3-84
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
> if in filter chain definitons we set:
> /myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
> /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira