Tim Kettering wrote:
My gut says this is a bug, but since this code was committed back in
July, I find it strange that nobody else has encountered this by
now... is there something I'm missing?
I've modified the AnonymousProcessingFilter to now only clear the
SecurityContextHolder if the Authentication contained therein has not
changed from that of a fresh anonymous authentication token. This relies
on the AnonymousAuthenticationToken.equals(Object) method to work, but
should be sufficient and accommodate people using MVC Controllers to
populate the SecurityContextHolder.
The reason nobody else probably encountered this so far is because most
use the filters for authentication. The filter chain ordering is that
AnonymousProcessingFilter should appear after the authentication
filters, so this issue would not ordinarily arise.
Cheers
Ben
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
