Hi Costa, ---- Costa Basil <[EMAIL PROTECTED]> schrieb: > Simon, again me. I think you might be right about the thread-safety. I > checked out closely the access log and in two cases there was the same > pattern. > Each user triggered the login action (j_security_check) twice when they > logged in. And they were the first users that accessed the system. Then the > app might hit some framework code that is not thread-safe. After the login > the framework acted as if the web.xml file was not parsed and the filter > mappings were not read.
Servlet containers read their web.xml file on startup, not on user login. And the filter-chain is then set up for all users (filters are stateless and a single instance handles all matching requests). The web.xml is then never read again by the webserver (well, unless it has some fancy "development autoreload" feature). So while there may well be a threadsafety bug somewhere, it is not going to be in "the web.xml parsing". Regards, Simon
