Hi Colin > Ben, I've been very very busy the last while so I only had a > chance today to try the 0.51 release. I was previously using > the CVS HEAD version from around May 27th, which is a couple > of days before you reworked the user caching code. > > There seems to be a problem when digest passwords are used. > By the time isPasswordCorrect DaoAuthenticationProvider is > call the 2nd and subsequent times, the authentication and > user (from the cache) objects it is fed both have the hashed > password strings. Then MD5PasswordEncoder tries to rehash > what it thinks is the raw pass (coming from the > Authentication object), so authentication fails. > > I think this is a probably a very trivial fix, but this is my > last day at this position, so I don't know if I will have > time to fix this and check in a fix right now, I'm running > out of time with lots of stuff to do left, so I may just roll > back to the previous version for the time being.
I think this is the same issue as came up on acegisecurity-developers a few days ago. Check the thread, "DaoAuthenticationProvider doesn't work with passwordEncoder in 0.51". There is a fix in CVS HEAD. Ben ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
