Clear the password from the StormpathUserDetails object after a successful authentication

stormpath / stormpath-spring-security

Spring Security plugin for Stormpath

9 stars 11 forks source link

Clear the password from the StormpathUserDetails object after a successful authentication #5

Closed josebarrueta closed 10 years ago

josebarrueta commented 10 years ago

Currently, the StormpathUserDetails object retains the user's password after a successful authentication, this must be fixed to clear the password and not keeping it in the session.

mrioan commented 10 years ago

This will impede dynamic assignment of Permissions by means of Custom Data. User will need to logout and re-login in order for permissions to take affect. The sample Spring Security app will also need to be modified. Are we ok with this?