Getting CAS/Spring Security to load user details on every request.
Thanh Thai
tthaidev at gmail.com
Sun Nov 16 00:40:55 EST 2008
I am using user authorities inside of Spring Security to manage access to
different resources in my application. I constantly make changes to these
authorities and I wanted the new user details to be populated on every
request. The only way I can get this to work is if I have CAS send out a
new service ticket on every request. I haven't been able to get CAS to do
this so I can't make CasAuthenticationProvider repopulate the
GrantedAuthorities of my Authority object inside of the SecurityContext.
The work around I had was to set
SecurityContextHolder.getContext().setAuthentication(null); at the end of
every request to make CAS send out the service ticket back to the Spring
filter. This solution doesn't work on a multi app server system though,
since the authentication might still be out of date on the other app
servers.
Is there an easy way to make the user details load on every request?
Let me know if there was something unclear.
Thank you,
Thanh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081115/6e362247/attachment.html
More information about the cas
mailing list