I think the confusion here may be that, unless I'm reading the grails-user list comments incorrectly, that the Grails plugin enforces that a user must be authenticated in order for it to perform a role or permission check. This shouldn't be the case if the Grails plugin is to mirror the JSecurity framework functionality.
On Fri, Jul 18, 2008 at 12:45 PM, Jeremy Haile <[EMAIL PROTECTED]> wrote: > Peter, > > Remember Me is extremely easy to setup and use with JSecurity. > > Just set the rememberMe property true in UsernamePasswordToken when > authenticating. Or if you are using a custom token, make sure it implements > RememberMeAuthenticationToken and returns true for isRememberMe(). > > The effect will be that when the user revisits your site getPrincipals() > will return their principals, but isAuthenticated() will return false (since > they haven't acutally authenticated this session) > > The <jsec:user/> tag (not <jsec:remembered/> which was renamed) will only > render if principals are not-null, such as when the user is remembered. > > For web URL rules, the "user" rule allows access if the user is known > (principals aren't null). Whereas "authc" requires them to have actually > authenticated this session. > > Does that make sense? If not, please ask more questions! > > Jeremy > > > > > On Jul 18, 2008, at 12:26 PM, Peter Ledbrook wrote: > > Hi, >> >> I've just been asked this on the Grails mailing list: >> >> I am using the jsec plugin, but I dont want my users to have to >> authenticate every time - I want if they check the remember me >> checkbox to "auto-login" the user next time they come to the site for >> say 2 weeks (which is a common way sites around the web do signing in) >> - how can I do that with jsecurity? >> >> What's the preferred way of doing this? Is it possible? >> >> Thanks, >> >> Peter >> > >
