Yep, just for completeness or for those interested, in order of level of restriction, from least restrictive to most restrictive, it is:
jsec:guest < jsec:user < jsec:authenticated On Fri, Jul 18, 2008 at 12:49 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: > I think the confusion here may be that, unless I'm reading the grails-user > list comments incorrectly, that the Grails plugin enforces that a user must > be authenticated in order for it to perform a role or permission check. > This shouldn't be the case if the Grails plugin is to mirror the JSecurity > framework functionality. > > > On Fri, Jul 18, 2008 at 12:45 PM, Jeremy Haile <[EMAIL PROTECTED]> wrote: > >> Peter, >> >> Remember Me is extremely easy to setup and use with JSecurity. >> >> Just set the rememberMe property true in UsernamePasswordToken when >> authenticating. Or if you are using a custom token, make sure it implements >> RememberMeAuthenticationToken and returns true for isRememberMe(). >> >> The effect will be that when the user revisits your site getPrincipals() >> will return their principals, but isAuthenticated() will return false (since >> they haven't acutally authenticated this session) >> >> The <jsec:user/> tag (not <jsec:remembered/> which was renamed) will only >> render if principals are not-null, such as when the user is remembered. >> >> For web URL rules, the "user" rule allows access if the user is known >> (principals aren't null). Whereas "authc" requires them to have actually >> authenticated this session. >> >> Does that make sense? If not, please ask more questions! >> >> Jeremy >> >> >> >> >> On Jul 18, 2008, at 12:26 PM, Peter Ledbrook wrote: >> >> Hi, >>> >>> I've just been asked this on the Grails mailing list: >>> >>> I am using the jsec plugin, but I dont want my users to have to >>> authenticate every time - I want if they check the remember me >>> checkbox to "auto-login" the user next time they come to the site for >>> say 2 weeks (which is a common way sites around the web do signing in) >>> - how can I do that with jsecurity? >>> >>> What's the preferred way of doing this? Is it possible? >>> >>> Thanks, >>> >>> Peter >>> >> >> >
