Colin Sampaleanu wrote:
As a follow-up, from memory (it's been about a year) I believe I used a custom SecureContext to also pass along some EJB related security information (principal name, or the ejb run-as user) between different layers along with the Acegi specific info. The app in question was a mixed EJB and Spring app, using the EJB version of OSWorkflow.
Thanks for the feedback Colin. I've just checked into CVS refactorings which adopt the following design:
SecurityContextHolder:InheritableThreadLocal -> SecurityContext:Interface -> Authentication:Interface
SecurityContextHolder guarantees to never return a null SecurityContex, so this refactoring delivers extensibility for cases such as Colin mentioned whilst not requiring casting or null checking as had been the case with the old ContextHolder / SecureContext approach.
Cheers Ben
------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer