[Geoserver-devel] [jira] (GEOS-5293) CAS proxy tickets must not be used as key for the authentication cache

Christian Mueller created BugGEOS-5293
CAS proxy tickets must not be used as key for the authentication cache

Issue Type:

BugBug

Affects Versions:

2.3-beta1, 2.2

Assignee:

Christian Mueller

Components:

Security

Created:

03/Sep/12 2:10 AM

Description:

Stateless authentication filters use an authentication cache to improve performance. The cas proxy ticket filter uses the proxy ticket as part of the cache key. CAS proxy tickets are one time tickets and may not be reused.

The danger is to have an identical proxy ticket for different users. The solution is to use the user name as cache key instead. The performance penalty is a CAS request for each geoserver request to a stateless service.

Project:

GeoServer

Priority:

MajorMajor

Reporter:

Christian Mueller

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your [JIRA administrators](https://jira.codehaus.org/secure/ContactAdministrators!default.jspa). For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)