Well - just avoid using @RequiresAuthentication. Or write a filter and corresponding realm that, if the user is not authenticated but only remembered, authenticates it using a special token that doesn't check the password. Generally I don't think it's a good idea to use rememberMe as authentication, as it's less secure.
On Thu, Sep 18, 2014 at 12:01 PM, niels <[email protected]> wrote: > RememberMe works as design. The user isn't authenticated only known. So the > question is, is it possible to handle a remembered user as fully > authenticated? > > Must I wrote a subclass of FormAuthenticationFilter or extend the Realm? Or > is there a build in functionality. Would be nice if someone give me a hint > to the right direction. > > Regards > Niels > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580245.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- *Alessio Stalla* | Software Architect M: +39 340 7824743 | T: +39 010 566441 | F: +39 010 8900455 [email protected] | www.manydesigns.com MANYDESIGNS s.r.l. Via G. D'Annunzio, 2/51 | 16121 Genova (GE) | Italy
