RE: [Acegisecurity-developer] Contexts left in ThreadLocal, leading to user switching?
We've used acegi in production now for 6 months and have not experienced this behavior. AFAIK the filter correctly clears the thread local upon exit. Filter order could affect this if somehow the filter chain exits before completion and skips this filter. Are you using filter to bean proxy? Can you post your filter order? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitriy Kopylenko Sent: Saturday, July 09, 2005 6:10 AM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Contexts left in ThreadLocal, leading to user switching? Seth, we've also experienced the same behavior in one of our apps (the setup is pretty much the same: Acegy 0.7, jdk 1.4, Tomcat 5.0.28). I don't think it's a known Acegi bug, which it might be. Dmitriy. Seth Ladd wrote: Hello, We are experiencing this very odd situation, and am hoping that others have experienced it. Once in a while, when a user logs in, they will have someone else's information for their user details. We are using Acegi 0.7, Spring 1.1.5, and JDK 1.4, with Tomcat 5.0. We are using CAS here, but we've also seen this behavior with a stock webapp security configuratin. The fact that we've seen this behavior with two different installs of Acegi is now concerning us. I noticed there was this bug, recently fixed: http://opensource.atlassian.com/projects/spring/browse/SEC-20 Would filter order have anything to do with this? I'll include our filter order here. Any ideas? Was this a known bug, hopefully fixed in a newer version? Thanks, Seth filter-mapping filter-nameAcegi Http Session Context Integration Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameAcegi CAS Processing Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameAcegi Context Holder Aware Request Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameAcegi Reloading Authentication Authorities Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameAcegi Security Enforcement Filter/filter-name url-pattern/*/url-pattern /filter-mapping --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Captcha
marc antoine garrigue wrote: Hi all, I have some question regarding the development rules: -Where to commit my code? In the sand box or directly in the core -Should I add a new package for captcha related stuff (context, channel, filter ect..) or should I commit it in the existing packages. Hi Marc Yes, just create new packages under core as appropriate for the Captcha design you're implementing. Cheers Ben --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Any support for multiple login pages ?
Pascal Gehl wrote: Hi guys, Sorry to send to the developper mailing list but I can't get answers from the spring mailing list. I have a requirement to have different login pages depending on which ressource is accessed. I checked the acegi API and found nothing. Is there a hidden way to do that ? thanks Pascal Gehl You'd need your AuthenticationEntryPoint to be customised: public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) throws IOException, ServletException; You can check the ServletRequest to determine the URL being requested, and then redirect accordingly. Base it on AuthenticationProcessingFilterEntryPoint. Cheers Ben --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Struts menu with Acegi
Marco Mistroni wrote: will this be a correct declaration in web.xml? filter filter-nameContextHolderAware Filter/filter-name filter-classnet.sf.acegisecurity.util.FilterToBeanProxy/filter-class init-param param-nametargetClass/param-name param-valuenet.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter/param-value /init-param /filter filter-mapping filter-nameContextHolderAware Filter/filter-name url-pattern/*/url-pattern /filter-mapping This looks correct to me. Are your filter orders correct? See http://acegisecurity.sourceforge.net/docbook/acegi.html#security-filters-order. Best regards Ben --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Contexts left in ThreadLocal, leading to user switching?
March, Andres wrote: We've used acegi in production now for 6 months and have not experienced this behavior. AFAIK the filter correctly clears the thread local upon exit. Filter order could affect this if somehow the filter chain exits before completion and skips this filter. Are you using filter to bean proxy? Can you post your filter order? 0.7.0 used the old well-known-request model, which was dependent on AbstractIntegrationFilter: http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/core/src/main/java/net/sf/acegisecurity/ui/Attic/AbstractIntegrationFilter.java?rev=1.7view=auto Reading the code shows no cleanup handling of IOExceptions or ServletExceptions. Thus, there is a bug, but it is corrected in the current CVS HEAD as others mentioned. Cheers Ben --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
