Getting CAS/Spring Security to load user details on every request.
Scott Battaglia
scott.battaglia at gmail.com
Mon Nov 17 23:31:18 EST 2008
This is an issue specific to Spring Security. You may wish to ask on
their forums.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Sun, Nov 16, 2008 at 12:40 AM, Thanh Thai <tthaidev at gmail.com> wrote:
> I am using user authorities inside of Spring Security to manage access to
> different resources in my application. I constantly make changes to these
> authorities and I wanted the new user details to be populated on every
> request. The only way I can get this to work is if I have CAS send out a
> new service ticket on every request. I haven't been able to get CAS to do
> this so I can't make CasAuthenticationProvider repopulate the
> GrantedAuthorities of my Authority object inside of the SecurityContext.
>
> The work around I had was to set
> SecurityContextHolder.getContext().setAuthentication(null); at the end of
> every request to make CAS send out the service ticket back to the Spring
> filter. This solution doesn't work on a multi app server system though,
> since the authentication might still be out of date on the other app
> servers.
>
> Is there an easy way to make the user details load on every request?
>
> Let me know if there was something unclear.
>
> Thank you,
> Thanh
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
More information about the cas
mailing list