On 5/18/05, Mansoor, Ghazenfer (EDS) <[EMAIL PROTECTED]> wrote: > > >-----Original Message----- > >Mansoor, Ghazenfer (EDS) wrote: > > > >> How about adding this check at one central place, > >AuthenticationManager? > >> > >>I am doing this and I do not see any problem. I set the > >authenticate to > >>true after successful authentication, and check for > >isAuthentication() > >>before every call. > >> > >What sets your Authentication.isAuthenticated() back to false > >at the start of each request? > > Why should it be set to false at the start of each request? It should be > set to false only at the end of each user session. > Logout code will set the context to null (Authentication object prior to > .9 version) and user no longer have access to Authentication Object. New > session will created a new Authentication Object to start. >
I am also a bit puzzled as to why we should reset the flag at the start of each request? In a typical web app, authentication is done once per session. Any pointers to how SecurityContext is propagated for RMI calls? Regards, --Venkat. ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12&alloc_id344&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer