Closed josebarrueta closed 10 years ago
This will impede dynamic assignment of Permissions by means of Custom Data. User will need to logout and re-login in order for permissions to take affect. The sample Spring Security app will also need to be modified. Are we ok with this?
Currently, the StormpathUserDetails object retains the user's password after a successful authentication, this must be fixed to clear the password and not keeping it in the session.