Thanks, I discovered that I was wrong; the problem was not with the session.
I followed some of the advice in this forum: http://forum.magnolia-cms.com/forum/thread.html?threadId=c3cd6a2b-aab5-463e-9bd3-c789809f210f and bypassed the cms filter for the section of the site that I wanted to protect with spring security. However, of course if I bypass the cms filter for a chunk of the site, it won't be rendered. If I don't bypass then spring security does not intercept the request to ensure that the authentication happens. So now I'm trying to figure out where the spring security filter needs to be configured/placed in the filter chain to make sure that it is called, but it does not replace the cms filter. Suggestions? Am I attempting to solve this in a way it's not meant to be? The reason why I'm not just using a JAAS filter is that I want to reuse a token/cookie spring security solution that we have already working in other projects. Thanks for your feedback. Claudia -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=e8fc4df7-15bd-49de-ae4f-27dc66ed6a45 ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
