I am using user authorities inside of Spring Security to manage access to different resources in my application. I constantly make changes to these authorities and I wanted the new user details to be populated on every request. The only way I can get this to work is if I have CAS send out a new service ticket on every request. I haven't been able to get CAS to do this so I can't make CasAuthenticationProvider repopulate the GrantedAuthorities of my Authority object inside of the SecurityContext.
The work around I had was to set SecurityContextHolder.getContext().setAuthentication(null); at the end of every request to make CAS send out the service ticket back to the Spring filter. This solution doesn't work on a multi app server system though, since the authentication might still be out of date on the other app servers. Is there an easy way to make the user details load on every request? Let me know if there was something unclear. Thank you, Thanh
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
