Hi Luke, Yeah, the DaoProvider is definitely agnostic to access channels (i.e. web tiers, http request/response, remote clients, etc.) ... so its not straightforward.
Regarding removing credentials from the cache .... Does it make sense to 1.) login.... do stuff... 2.) logout... then still have your credentials in the cache.... ? I guess there are 2 ways to approach the problem.... 1.) Find a way to determine the actual first successful logon attempt... or 2.) Find a way to identify the user logged out (and clear the cache?) The HttpSessionContextIntegrationFilter should be able to set some sort of indicator that this is the first logon attempt since it generates a new SecurityContext.... however this wouldnt work for remote client authentication? Thoughts, comments? Cheers Mark On 8/3/05, Luke Taylor <[EMAIL PROTECTED]> wrote: > At this level (i.e. at the Dao provider level), I'm not sure you can > differentiate between a "login" with an existing cache entry and the > authentication that takes part as part of each invocation. > > How would you define a "logout" in the scenario defined above (assuming > it didn't involve removing credentials from the cache). The usage might > not be tied to an HTTP session, for example, it could be a remote client. > > Mark St.Godard wrote: > > Yes definitely, its not as simple as moving the publish event outside > > of the cache check, as this would trigger it when we really dont want > > to. > > > > Ben et al, (as per your comments) is this the expected behavior of > > the event model? > > I would think we need to uniquely identify the 2nd logon and publish > > accordingly. > > > > Cheers, > > Mark > > > > > -- > Luke Taylor. Monkey Machine Ltd. > PGP Key ID: 0x57E9523C http://www.monkeymachine.ltd.uk > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer