Hi,
I'm experiencing similar behavior on Sun Application Server 7.
I think it is caused by the finally block in the
HttpSessionContextIntegrationFilter.doFilter method NOT being executed
when the CasProcessingFilter (AbstractProcessingFilter) does a
sendRedirect to my targetUrl in its successfulAuthentication method.
In this finally block the SecurityContextHolder.getContext() is set on
the HttpSession as the ACEGI_SECURITY_CONTEXT_KEY.
In this particular case the finally block is not executed and after the
redirect I do not have a valid context...
I have worked around this by subclassing the CasProcessingFilter and
implemented the onSuccessfulAuthentication method. There I do a simple
request.getSession().setAttribute("ACEGI_SECURITY_CONTEXT",
SecurityContextHolder.getContext());
This works for me, but I am not sure whether I actually analyzed the
problem correct...
Kind regards,
Ruben Sprangemeijer
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0944&bid$1720&dat�1642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
