AbstractUsernamePasswordAuthenticationHandler & PasswordEncoder
Scott Battaglia
scott.battaglia at gmail.com
Tue Feb 20 22:44:27 EST 2007
We don't run the password encoder on the Credentials class as we don't want
to modify the original input (plus since most people probably don't use the
PasswordEncoder it would be an unnecessary method call).
There is an example of it here:
http://developer.ja-sig.org/source/browse/jasig/cas3/cas-server-support-jdbc/src/main/java/org/jasig/cas/adaptors/jdbc/QueryDatabaseAuthenticationHandler.java?r=1.2
You are correct, however, in most instances PasswordEncoder is not used.
-Scott
On 2/20/07, Carlos.Fernandez at usitc.gov <Carlos.Fernandez at usitc.gov> wrote:
>
> Just wondering . . .
>
> Why doesn't the AbstractUsernamePasswordAuthenticationHandler encode the
> password before passing the credentials to the subclass for
> authentication?
>
> I haven't seen a subclass that does anything with the PasswordEncoder.
>
> Carlos
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070220/7fdd9a47/attachment.html
More information about the cas
mailing list