On Thu, Apr 4, 2013 at 4:04 PM, Dmitriy Kopylenko <[email protected]> wrote: > If the goal of CAS project becomes to prevent folks shooting themselves in > the foot, I would just get rid of that authentication handler all together :-)
It's not a terrible idea. We could achieve the same level of convenience and utility for testing/demoing purposes by leveraging the AcceptUsersAuthenticationHandler and declaring test users in the bean config. At least if this one got deployed into production one wouldn't be able to impersonate every single user. see: https://wiki.jasig.org/display/CASUM/Generic So here's an alternate proposal: * remove SimpleTestAuthenticationHandler altogether * replace it with AcceptUsersAuthenticationHandler as the default * add a single sample user in deployerConfigContext.xml Best, Bill > > Cheers, > Dmitriy. > > On Apr 4, 2013, at 3:53 PM, "William G. Thompson, Jr." <[email protected]> > wrote: > >> I don't think the warning is sufficient. From my perspective It is >> *never* OK to have SimpleTestHandler code deployed to production. >> There are no cases where I would be pleased (as a service owner) to >> see the proposed warning show up in a production deployment. >> >> Having the build generate a separate cas-test.war seems like a shorter >> path and more secure code way to satisfy both requirements. >> >> Best, >> Bill >> >> >> On Thu, Apr 4, 2013 at 2:46 PM, jleleu <[email protected]> wrote: >>> I may be missing the point here, but what about a warning on login page >>> when using the simpletesthandler ? >>> >>> It seems to me that it takes the best of both worlds : no new cas-test.war >>> to create/maintain..., works out of the box thanks to the pre-installed >>> simpletesthandler and can't be forgotten in production because of the >>> warning ? >>> >>> Best, >>> Jérôme >>> >>> -- >>> You are currently subscribed to [email protected] as: [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
