[EMAIL PROTECTED] wrote:
It is not the AbstractSecurityInterceptor that is reauthenticating, it
is
the ProviderManager
The only two places in Acegi Security that call AuthenticationManager
(of which ProviderManager is the only concrete implementation) is
AbstractSecurityInterceptor and the authentication mechanisms (the
latter being classes like AuthenticationProcessingFilter). So what is
calling ProviderManager repeatedly? AbstractSecurityInterceptor will not
call ProviderManager if
SecurityContextHolder.getContext().getAuthentication().isAuthenticated()
= true and AbstractSecurityInterceptor.alwaysReauthenticate = false (the
default).
Cheers
Ben
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer