(Sorry this is so late; meant to respond sooner.) I think you're going to have to write code either way, and the RememberMe components are farther from what you really want. The ExpiraitonPolicy interface, on the other hand, is what you want and it's meant to be extensible by deployers. It's on only a single methods after all.
The difficulty will be getting the remote IP address into your custom expiration policy. Ideally you'd be able to get that information from the Authentication or TicketState object, but it's not there. Good news is that the auditing components need this sort of information way down the line in a non-Web context, and the com.github.inspektr.common.web.ClientInfoThreadLocalFilter component in the Web stack records the remote IP and exposes it in ThreadLocal storage for components way down the line. You could use that strategy to interrogate the remote IP in a custom ExpirationPolicy. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
