- -> We don't run the password encoder on the Credentials class as we don't want to modify the original input Since afterPropertiesSet defaults the passwordEncoder to PlainTextPasswordEncoder, the credentials will go through as clear text unless the authenticationHandler was otherwise configured.
--> plus since most people probably don't use the PasswordEncoder it would be an unnecessary method call I haven't profiled it, but the PlainTextPasswordEncoder should be pretty speedy. Given, the amount of indirection and delegation seen in CAS I would think that the invocation of the passwordEncoder prior to calling the templated method would be a non-issue. However, I am the typical whinny "never contribute" OSS consumer ;) Most of this was a result of wiring up the acegi authentication handler with the CAS MD5 encoder . . . and it never called the password encoder. Carlos
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
