You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by "Thorsten Scherler (Assigned) (JIRA)" <ji...@apache.org> on 2011/12/23 12:48:30 UTC
[jira] [Assigned] (COCOON3-84) Add remeber-me feature in
cocoon-shiro module
[ https://issues.apache.org/jira/browse/COCOON3-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thorsten Scherler reassigned COCOON3-84:
----------------------------------------
Assignee: Thorsten Scherler
> Add remeber-me feature in cocoon-shiro module
> ---------------------------------------------
>
> Key: COCOON3-84
> URL: https://issues.apache.org/jira/browse/COCOON3-84
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Assignee: Thorsten Scherler
> Attachments: COCOON3-84.patch
>
>
> cocoon-shiro module should provide feature to remember authenticating user.
> A remembered identity gives the system an idea who that person probably is, but in reality, has no way of guaranteeing the remembered identity really is that user.
> According to shiro docs: Shiro follows same paradigm as all over the web. for eg: When you visit Amazon.com and perform a login and ask it to 'remember me', it will set a cookie with your identity. If you don't log out and your session expires, and you come back, say the next day, Amazon still knows who you probably are: you still see all of your book and movie recommendations and similar user-specific features since these are based on your (remembered) user id.
> Some facts worth remembering about Shiro's remember me feature:
> if in filter chain definitons we set:
> /myurl=authc > User has to authenticate no matter user had enabled remember-me in previous session.
> /myurl=roles[USER] > User will be granted access if user had enabled remember-me in previous session(Assuming USER role has been assigned to requesting user).
> Now, when writing your own webapp, whether you use the authc filter or simply depend on if the user is remembered is entirely up to you.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira