Bogdan Craciun wrote:
Hi !
I work on a project which uses the acegi framework. This is a swing application which uses spring rich client and security package from that. The application is deployed on JBoss and we have stateless session beans which must be secured using declarative security. The login config file from client was configured to use the JBoss SRP Login Module and the Client Login Module. The Login command work fine but the LogoutCommand don’t call the logout on the created LoginContext. When I execute the LoginCommand twice the JBoss and the Client throws a exception.
How I can solve the problem? How can I store the LoginContext created at login time and retrieve at logout to do the logout call?
Thanks in advance!
I'm not sure what Acegi Security classes you're using in this sort of configuration and where.
Acegi Security does provide a JBoss adapter but I strongly recommend people review whether they can use Acegi Security natively without any JAAS/JBoss security integration. The only time you'd need JBoss security integration is if you _must_ use EJB declarative security. If your EJBs are all Spring beans, you can achieve much better security flexibility by just using Acegi Security's MethodSecurityInterceptor and the standards Rich Client integration which is based on BASIC authentication.
Best regards Ben
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
