Re: [Acegisecurity-developer] Event not firing from DaoAuthenticationProvider.java

Wed, 03 Aug 2005 12:16:15 -0700 

Yes definitely, its not as simple as moving the publish event outside
of the cache check, as this would trigger it when we really dont want
to.

Ben et al,  (as per your comments) is this the expected behavior of
the event model?
I would think we need to uniquely identify the 2nd logon and publish
accordingly.

Cheers,
Mark

On 8/3/05, Gustavo Faerman <[EMAIL PROTECTED]> wrote:
> Mark,  you might be pretty aware of this, but just in case,  I am not that
> sure I get the point, but IMHO it might be a potential problem here. Reading
> the documented method call in there
> "   if (!cacheWasUsed) {
>             // Put into cache
>             this.userCache.putUserInCache(user);
> 
>             // As this appears to be an initial login, publish the event
>  if (this.context != null) {
>                 context.publishEvent(new AuthenticationSuccessEvent(
>                         authentication, user));
>             }
> "
> since once Acegi is in charge of security, with every secure method
> execution there is an authentication check "behind the scenes". Then we just
> need to be pretty secure this event is properly fired when a real login
> action has been performed not just an authentication with no cacheUsed.
> 
> Thanks,
> Gustavo.
> 
> 
> 
> 
> On 8/3/05, Mark St.Godard <[EMAIL PROTECTED]> wrote:
> > Cameron, this does not sound like the desired semantics.  I have also
> > confirmed that this is happening on the contacts sample.
> > 
> > Ben, I can create a JIRA entry and fix, test and commit this today.
> > 
> > Cheers,
> > Mark
> > 
> > Re:
> > --------------------------------------------------
> > 
> > "DaoAuthenticationProvider.java around line 300, publishes an
> > AuthenticationSuccessEvent when the user has logged in.  However – it
> > only does this if the cache wasn't used… This seems odd and incorrect 
> > to me.
> > 
> > Since this sequence of events misses the second event :
> > 
> > 1)       login as user A – event is fired
> > 2)       logout
> > 3)       login as user A – event isn't fired
> > 
> > It's a simple change – does someone mind to do it ?" 
> > 
> > I would make a patch – but CVS is failing.
> > 
> > Thanks
> > 
> > Cameron
> > 
> 
>

Reply via email to