Ben, I've been looking at SEC-348 <http://opensource.atlassian.com/projects/spring/browse/SEC-348> (http://opensource.atlassian.com/projects/spring/browse/SEC-348) and I'm not sure its a problem with the CAS portion of Acegi. It appears the person is trying to use _cas_stateless_ in a stateful fashion. However, even though the "stateful" portion of BasicProcessingFilter would fail, the ticket should never be re-validated as it should be in the CasAuthenticationProviders cache (if configured). Is that correct?
Would we want to change the behavior of BasicProcessingFilter to have the behavior that the original bug requestor suggested? I think the scope of this issue is larger than CAS so I don't want to modify anything without discussing it first. Thanks -Scott ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
