I'm working on a
project and we are looking to use Acegi Security. Our J2EE container
will be a WebLogic (WLS) clustered architecture. From my research
thus far, it looks like I will not have to worry about hitting the same WLS
instance where a user authenticated (IP Stickyness). This is my
understanding because of how Acegi Security stores the ContextHolder,
SecurityContext, and subsequent Authentication object in the HTTPSession.
Since WLS will replicate the HTTPSession in the cluster, I should be able to
access the Authentication object in a different WLS instance than the one where
the user was originally authenticated, knowing that the HttpSessionContextIntegrationFilter will pick
it up in the filter chain. Each WLS cluster will have the Acegi
Security data stored in cache.
Will someone
please verify my assumption?
Thanks,
John
�
