AbstractUsernamePasswordAuthenticationHandler & PasswordEncoder
Carlos.Fernandez at usitc.gov
Carlos.Fernandez at usitc.gov
Wed Feb 21 10:08:48 EST 2007
- -> We don't run the password encoder on the Credentials class as we
don't want to modify the original input
Since afterPropertiesSet defaults the passwordEncoder to
PlainTextPasswordEncoder, the credentials will go through as clear text
unless the authenticationHandler was otherwise configured.
--> plus since most people probably don't use the PasswordEncoder it
would be an unnecessary method call
I haven't profiled it, but the PlainTextPasswordEncoder should be pretty
speedy. Given, the amount of indirection and delegation seen in CAS I
would think that the invocation of the passwordEncoder prior to calling
the templated method would be a non-issue.
However, I am the typical whinny "never contribute" OSS consumer ;)
Most of this was a result of wiring up the acegi authentication handler
with the CAS MD5 encoder . . . and it never called the password encoder.
Carlos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070221/c25477d7/attachment.html
More information about the cas
mailing list