I also just changed my FilterSecurityInterceptor configuration so that
the page that the IFRAME contains does not require authentication
anymore, but that doesn't seem to help. The problem continues unless I
remove the IFRAME completely.
Thompson
Thompson Marzagao wrote:
Hello Ben,
I figured what is happening but I don't know how to fix it. I narrowed
down the problem to the presence of an IFRAME inside the jsp view of
my protected page.
If I have the IFRAME, the problem happens and I get the DEBUG messages
as you have seen in my earlier message. If I don't have the IFRAME,
acegi behaves as expected, requiring authentication to every call to
the protected page.
The IFRAME contains a protected page itself and that seems to be
affecting how acegi's IntegrationFilter is handling the Authorization
object.
I need this IFRAME because I have a drop-down called "sub-group" in my
form that needs to change whenever I change the selected option in
another drop-down called "group" and I don't want to refresh the
entire page. So, when I change the "group" drop-down, I use javascript
to refresh this IFRAME so that it loads new information from the
database and calls another javascript function to change the options
in the drop-down "sub-group" accordingly.
My use of this IFRAME is equivalent to the technique presented here:
http://www.convert2online.com/articles/examples/8.php
Thompson
Ben Alex wrote:
Thompson Marzagao wrote:
Hi all,
I am having a problem with HTTP Session authentication where the
Authentication object somehow seems like is being cached even across
sessions it seems. This causes user A to be immediately successfully
authenticated as user B when caling a protected URL, if user B
logged in a few moments earlier. Terrible. If user A then calls the
same or any other protected URL again, only then is he required to
login.
Does anybody know what might be causing this?
Hi Thompson
I cannot see anything wrong with your configuration, although I
recommend using FilterToBeanProxy for the Auto Integration Filter:
<filter>
<filter-name>Acegi Security System for Spring Auto Integration
Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value>
</init-param>
</filter>
Does the Contacts sample app behave properly in your container? We
test with Tomcat 5, so I'd be a little surprised if that was the
problem.
Would you please confirm you're not doing anything special with
HttpSessions or threads or the ContextHolder.
For this sort of thread/session related problem, the main class to
look at is HttpSessionIntegrationFilter. In your configuration you're
using AutoIntegrationFilter, which automatically tries the
HttpSession first and delegates to HttpSessionIntegrationFilter. For
this reason I'd recommend you try using HttpSessionIntegrationFilter
directly and then switching on debug level logging, seeing if that
gives any clues.
If you can't resolve it using the above, please post the debug-level
log for HttpSessionIntegrationFilter in particular to the list.
Thanks
Ben
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
