Which programattically translates to:
jsec:guest -> subject.getPrincipal() == null
This is a completely unauthenticated user who is not remembered. All
role and permission checks will fail.
jsec:user -> subject.getPrincipal() != null
This is a user who may be authenticated or remembered. Role and
permission checks are allowed.
jsec:authenticated -> subject.isAuthenticated() == true
This is a user who has authenticated during the current session. Role
and permission checks are allowed.
On Jul 18, 2008, at 12:53 PM, Les Hazlewood wrote:
Yep, just for completeness or for those interested, in order of
level of
restriction, from least restrictive to most restrictive, it is:
jsec:guest < jsec:user < jsec:authenticated
On Fri, Jul 18, 2008 at 12:49 PM, Les Hazlewood <[EMAIL PROTECTED]>
wrote:
I think the confusion here may be that, unless I'm reading the
grails-user
list comments incorrectly, that the Grails plugin enforces that a
user must
be authenticated in order for it to perform a role or permission
check.
This shouldn't be the case if the Grails plugin is to mirror the
JSecurity
framework functionality.
On Fri, Jul 18, 2008 at 12:45 PM, Jeremy Haile <[EMAIL PROTECTED]>
wrote:
Peter,
Remember Me is extremely easy to setup and use with JSecurity.
Just set the rememberMe property true in UsernamePasswordToken when
authenticating. Or if you are using a custom token, make sure it
implements
RememberMeAuthenticationToken and returns true for isRememberMe().
The effect will be that when the user revisits your site
getPrincipals()
will return their principals, but isAuthenticated() will return
false (since
they haven't acutally authenticated this session)
The <jsec:user/> tag (not <jsec:remembered/> which was renamed)
will only
render if principals are not-null, such as when the user is
remembered.
For web URL rules, the "user" rule allows access if the user is
known
(principals aren't null). Whereas "authc" requires them to have
actually
authenticated this session.
Does that make sense? If not, please ask more questions!
Jeremy
On Jul 18, 2008, at 12:26 PM, Peter Ledbrook wrote:
Hi,
I've just been asked this on the Grails mailing list:
I am using the jsec plugin, but I dont want my users to have to
authenticate every time - I want if they check the remember me
checkbox to "auto-login" the user next time they come to the site
for
say 2 weeks (which is a common way sites around the web do
signing in)
- how can I do that with jsecurity?
What's the preferred way of doing this? Is it possible?
Thanks,
Peter
