[EMAIL PROTECTED] wrote:
Hello,
Doing an authentication against my database takes about half a second,
and we can have dozens of requests for one user operation (eg., getting
each document from a set of XML documents, this is done like this
because it's easier than having one huge XML result that is cut up by
the application into individual documents).
If we cache, the user cannot login immediately with a new password
after changing it. Also, when the cache is invalidated, the provider
will try to authenticate with the old password in the middle of a
session when the password is changed (always from another application).
What's the problem with always checking if there's an HttpSession with
a valid Authentication, and only calling the manager if there's none?
That should be super fast.
I don't have a problem with making BASIC and Digest check the
SecurityContextHolder so people who want to use HttpSession can benefit
from it. Please add a task to JIRA and I'll get the various
authentication mechanisms updated.
Best regards
Ben
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
