> * remove SimpleTestAuthenticationHandler altogether > * replace it with AcceptUsersAuthenticationHandler as the default > * add a single sample user in deployerConfigContext.xml
+1 Sounds like a win/win generally. Supports the simple demonstration case and testing flows for the most part and is clearly a security improvement. There is some value to being able to impersonate users arbitrarily for deep integration testing, but is dangerous enough that it should take some work to configure explicitly. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
