It's part of the language specification that finally blocks are always
executed, so this shouldn't be possible, barring a JVM bug.
Sprangemeijer, Ruben wrote:
> Hi,
>
> I'm experiencing similar behavior on Sun Application Server 7.
> I think it is caused by the finally block in the
> HttpSessionContextIntegrationFilter.doFilter method NOT being executed
> when the CasProcessingFilter (AbstractProcessingFilter) does a
> sendRedirect to my targetUrl in its successfulAuthentication method.
>
> In this finally block the SecurityContextHolder.getContext() is set on
> the HttpSession as the ACEGI_SECURITY_CONTEXT_KEY.
> In this particular case the finally block is not executed and after the
> redirect I do not have a valid context...
>
> I have worked around this by subclassing the CasProcessingFilter and
> implemented the onSuccessfulAuthentication method. There I do a simple
> request.getSession().setAttribute("ACEGI_SECURITY_CONTEXT",
> SecurityContextHolder.getContext());
>
> This works for me, but I am not sure whether I actually analyzed the
> problem correct...
>
> Kind regards,
> Ruben Sprangemeijer
>
>
--
Luke Taylor. Monkey Machine Ltd.
PGP Key ID: 0x57E9523C http://www.monkeymachine.ltd.uk
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
