Also, to reiterate - JSecurity can perform role or permission checks for any user, whether they are authenticated or not. This is why the Authorizer interface (and by extension, the Realm interface) only takes in a PrincipalCollection, which has no knowledge of current authentication or session state. It just answers "does user x have role y or permission z".
Yet another way to say this is that authorization operations are purely orthoganal to authentication or session operations in JSecurity. On Fri, Jul 18, 2008 at 12:34 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: > This is really an end-user decision, based on how they write their > application. > > JSecurity only requires authentication if the end-user requires it, i.e. if > they use > > <jsec:authenticated> tag lib > > or the authc filter for a url. > > So, if they configure either of those, JSecurity will enforce it. > > The key is that authentication by definition is the verification of a > user's identity. If you auto-login a user, you're not verifying their > identity, thus it cannot be called authentication. We can call that > auto-login if we like, but it is most definitely not authentication ;) > > Remember Me is supposed to address this - it is essentially auto-login. > > So, ultimately, if they don't want to force a user to authenticate if > they're not already authenticated, they shouldn't use the > <jsec:authenticated> tag or authc filter. They should use the > <jsec:remembered> and remembered filters instead. > > Does that help? > > > On Fri, Jul 18, 2008 at 12:26 PM, Peter Ledbrook <[EMAIL PROTECTED]> > wrote: > >> Hi, >> >> I've just been asked this on the Grails mailing list: >> >> I am using the jsec plugin, but I dont want my users to have to >> authenticate every time - I want if they check the remember me >> checkbox to "auto-login" the user next time they come to the site for >> say 2 weeks (which is a common way sites around the web do signing in) >> - how can I do that with jsecurity? >> >> What's the preferred way of doing this? Is it possible? >> >> Thanks, >> >> Peter >> > >
