Dunstan Tom wrote:
Uh, I'm not using HttpSessionContextIntegrationFilter. Is it necessary
to use it even if you're using basic authentication and never store
anything in the http session? If so, the name is somewhat misleading.
Yeah, it should be used but in your case with
HttpSessionContex
Hi Ben
>HttpSessionContextIntegrationFilter has a finally clause that
>should clear the SecurityContextHolder. It should appear in
>your FilterChainProxy before BasicProcessingFilter.
Uh, I'm not using HttpSessionContextIntegrationFilter. Is it necessary
to use it even if you're using basic aut
Dunstan Tom wrote:
This is all using basic authentication, with the acegi filters ordered
thusly (in the filterChainProxy): basicProcessingFilter,
anonymousProcessingFilter, securityEnforcementFilter.
Hi Tom
HttpSessionContextIntegrationFilter has a finally clause that should
clear the Secu
Hi Ben and
all
I've occasionally
seen some odd behaviour with access to an anonymous client being allowed with
one request and disallowed with the next, but today I managed to track down what's happening.
Running CVS HEAD
from a couple of days ago, I can log in to our application as one