[EMAIL PROTECTED] wrote:
Hello,
I was told that the CVS distribution now avoided reauthentication if
a SecurityContextHolder was found by the HttpSessionContextIntegration
filter,
but this is not the case, it is still calling the authentication dao.
Could this feature be integrated into acegi? I cannot cache the user
records because they are modified in the backend without notification.
I also
would like the user to be able to continue the session without having
to reauthenticate if he changes his password (via another system) while
he has the application open.
Thanks
Fernando Mato Mira
Is Authentication.isAuthenticated() returning true for your
Authentication object? This is a requirement to avoid reauthentication
by AbstractSecurityInterceptor. It doesn't have anything to do with
HttpSessionContextIntegrationFilter. If you think everything is correct,
please post a DEBUG log and your configuration XML to a forum support
post and I'll take a closer look.
Cheers
Ben
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
