Kimball, Mark W wrote: > In AbstractUserDetailsAuthenticationProvider the authenticate() method > calls the additionalAuthenticationChecks() method in a try block and can > catch an AuthenticationException. The code in the catch block (line 147 > for rel 1.0.1) calls the retrieveUser() and > additionalAuthenticationChecks() methods. If the user details used for > the call in the try block came from the cache, I understand why this > makes sense. However, if cacheWasUsed is false, the call to retrieve > the user details obtains the exact same user details. > > Perhaps the catch block should only repeat those method calls if > cacheWasUsed is true, and throws the caught AuthenticationException if > cacheWasUsed is false.
I agree, this should be changed. Please add it to JIRA and I'll take care of it. Cheers Ben ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
