We're not storing anything sensitive in the flow (to my knowledge) so we don't encrypt it. If you're storing anything sensitive, you should.
Cheers, Scott On Tue, Jan 5, 2010 at 1:49 PM, Mihir Patel <[email protected]> wrote: > Thanks for the quick reply, Scott. > > I found the config change. I changed cas-servlet.xml and added > repository-type="client" to the "flow:executor" tag. That's it! Updated > <flow:executor> looks like below, > > <flow:executor id="flowExecutor" repository-type="client" > registry-ref="flowRegistry"> > <flow:execution-attributes> > <flow:alwaysRedirectOnPause value="false"/> > </flow:execution-attributes> > </flow:executor> > > Now, one more question on this setting, I read the warning in the java doc > of ClientContinuationFlowExecutionRepository which is what is used when we > change the repository-type to client. With your implementation at Rutgers, > are you guys using custom FlowExecutionRepository by extending > ClientContinuationFlowExecutionRepository to override decode and encode > methods to make the state on client side more secure? If yes, what > encryption you are using and why? Just trying to learn from your experience, > so your answers are greatly appreciated. > > Thanks again! > Mihir > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
