Thankyou Jérôme, i feared that there might not be an out of the box solution for this one. I think i'll need a bit of time to get up to speed on both CAS and spring security. Right now i don't have too much time but as soon as i do i'll have a look.
Thanks for the leads that you've given me, i'll start by looking there. I imagine that the best reusable solution would be to study the spring security remember me filter, services, token and provider and try to decouple them in a way that would allow integration with CAS remember me to be plugged in. This would an improvement for spring security. However judging on what you've said this would be more difficult. Do you not think that it would be worth it? Max On Sun, May 6, 2012 at 8:22 AM, jleleu <[email protected]> wrote: > Hi Max, > > It seems to me a difficult issue and I couldn't achieve an easy and > complete solution so far. > > Spring Security has its own mechanism to handle remember me based on local > cookies : remember me filter, services, token and provider are tidely > linked together. > > Spring security also supports CAS authentication but without native bridge > with remember me authentication. But in SAML ticket validation (or custom > regular ticket validation), you will get a parameter telling you that it's > a CAS remember me authentication. > > If you want to test if the user is in remember me mode > (IS_AUTHENTICATED_REMEMBERED), you will indirectly use the > AuthenticationTrustResolver class (through the ExceptionTranslationFilter > class), which tests the class of the token (RememberMeAuthenticationToken > class). > > So, in order to have CAS remember me in Spring Security, I would start by > not using the default Spring Security remember me services and overriding > the AuthenticationTrustResolver to consider remember me mode if the token > is a CAS one (CasAuthenticationToken) with the CAS remember me parameter. > In this case, you would face the problem of authenticating (or not) a user > on an anonymous url (not protected url) -> use of gateway parameter, add of > a custom notification cookie... I remember several discussions about that. > Check the mailing list... > > Hope it helps. > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
