Hi Ben >HttpSessionContextIntegrationFilter has a finally clause that >should clear the SecurityContextHolder. It should appear in >your FilterChainProxy before BasicProcessingFilter.
Uh, I'm not using HttpSessionContextIntegrationFilter. Is it necessary to use it even if you're using basic authentication and never store anything in the http session? If so, the name is somewhat misleading. Thanks Tom ************************************************************************ The information in this e-mail together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any form of review, disclosure, modification, distribution and/or publication of this e-mail message is prohibited. If you have received this message in error, you are asked to inform the sender as quickly as possible and delete this message and any copies of this message from your computer and/or your computer system network. ************************************************************************ ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer