Patrick Burleson wrote:
I'm just wondering why Acegi Security fails on the second pass. Your earlier email mentioned a null gets put into the SecureContext, but I'm not sure how or why you're seeing this. A debug-level log would be great.Well, I figured out why I am getting extra requests. Weblogic reruns the filters when RequestDispatcher.include() is invoked. SiteMesh does this in its PageFilter class.
I have noticed a work around for this silly behavior (which becomes configurable in the 2.4 servlet spec) in the SiteMesh code. They put a Session Marker when the filter is first run to say "I've been run" and they don't re-run their own filter. (Otherwise I see infinite loops) If Acegi's AbstractIntegrationFilter could do something similiar, it might fix this problem. It might be slightly more complicated since this filter is typically called from a FilterToBeanProxy. So maybe each Implementation of the AbstractIntegrationFilter has to provide a String to identify the fact that it's been run for this request?
Thoughts? Am I missing some Acegi configuration that might get around this without changing the Acegi code?
Best regards Ben
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer