CAS Server
  1. CAS Server
  2. CAS-1011

Interoperability with Spring Security 3.1.0.M2

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.4.8
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      Linux

      Description

      As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

      <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
      <sec:authentication-provider ref="casAuthenticationProvider" />
      </sec:authentication-manager>

        Activity

        Karthik Iyer created issue -
        Andrew Petro made changes -
        Field Original Value New Value
        Description As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invoation of eraseCredentials.

        <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
                <sec:authentication-provider ref="casAuthenticationProvider" />
            </sec:authentication-manager>
        As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

        <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
                <sec:authentication-provider ref="casAuthenticationProvider" />
            </sec:authentication-manager>
        Scott Battaglia made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Karthik Iyer
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: