Christian Mueller created GEOS-5293 |
Issue Type: |
Bug |
Affects Versions: |
2.3-beta1, 2.2 |
Assignee: |
|
Components: |
Security |
Created: |
03/Sep/12 2:10 AM |
Description: |
Stateless authentication filters use an authentication cache to improve performance. The cas proxy ticket filter uses the proxy ticket as part of the cache key. CAS proxy tickets are one time tickets and may not be reused. The danger is to have an identical proxy ticket for different users. The solution is to use the user name as cache key instead. The performance penalty is a CAS request for each geoserver request to a stateless service. |
Project: |
|
Priority: |
Major |
Reporter: |