CAS Server
  1. CAS Server
  2. CAS-1011

Interoperability with Spring Security 3.1.0.M2

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.4.8
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      Linux

      Description

      As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

      <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
      <sec:authentication-provider ref="casAuthenticationProvider" />
      </sec:authentication-manager>

        Activity

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Karthik Iyer
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: