If the goal of CAS project becomes to prevent folks shooting themselves in the foot, I would just get rid of that authentication handler all together :-)
Cheers, Dmitriy. On Apr 4, 2013, at 3:53 PM, "William G. Thompson, Jr." <[email protected]> wrote: > I don't think the warning is sufficient. From my perspective It is > *never* OK to have SimpleTestHandler code deployed to production. > There are no cases where I would be pleased (as a service owner) to > see the proposed warning show up in a production deployment. > > Having the build generate a separate cas-test.war seems like a shorter > path and more secure code way to satisfy both requirements. > > Best, > Bill > > > On Thu, Apr 4, 2013 at 2:46 PM, jleleu <[email protected]> wrote: >> I may be missing the point here, but what about a warning on login page when >> using the simpletesthandler ? >> >> It seems to me that it takes the best of both worlds : no new cas-test.war >> to create/maintain..., works out of the box thanks to the pre-installed >> simpletesthandler and can't be forgotten in production because of the >> warning ? >> >> Best, >> Jérôme >> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
