Uploaded image for project: 'CAS Server'
  1. CAS-1011

Interoperability with Spring Security 3.1.0.M2

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.4.8
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      Linux

      Description

      As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

      <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
      <sec:authentication-provider ref="casAuthenticationProvider" />
      </sec:authentication-manager>

        Attachments

          Activity

            People

            • Assignee:
              battags ScottS
              Reporter:
              kar488 Karthik Iyer
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: