We've used acegi in production now for 6 months and have not experienced this behavior. AFAIK the filter correctly clears the thread local upon exit. Filter order could affect this if somehow the filter chain exits before completion and skips this filter. Are you using filter to bean proxy? Can you post your filter order?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Dmitriy Kopylenko > Sent: Saturday, July 09, 2005 6:10 AM > To: acegisecurity-developer@lists.sourceforge.net > Subject: Re: [Acegisecurity-developer] Contexts left in ThreadLocal, > leading to user switching? > > Seth, > > we've also experienced the same behavior in one of our apps (the setup > is pretty much the same: Acegy 0.7, jdk 1.4, Tomcat 5.0.28). I don't > think it's a known Acegi bug, which it might be. > > Dmitriy. > > > Seth Ladd wrote: > > > Hello, > > > > We are experiencing this very odd situation, and am hoping that others > > have experienced it. > > > > Once in a while, when a user logs in, they will have someone else's > > information for their user details. > > > > We are using Acegi 0.7, Spring 1.1.5, and JDK 1.4, with Tomcat 5.0. > > We are using CAS here, but we've also seen this behavior with a stock > > webapp security configuratin. The fact that we've seen this behavior > > with two different installs of Acegi is now concerning us. > > > > I noticed there was this bug, recently fixed: > > > > http://opensource.atlassian.com/projects/spring/browse/SEC-20 > > > > Would filter order have anything to do with this? I'll include our > > filter order here. > > > > Any ideas? Was this a known bug, hopefully fixed in a newer version? > > > > Thanks, > > Seth > > > > <filter-mapping> > > <filter-name>Acegi Http Session Context Integration > > Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > <filter-mapping> > > <filter-name>Acegi CAS Processing Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > <filter-mapping> > > <filter-name>Acegi Context Holder Aware Request Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > <filter-mapping> > > <filter-name>Acegi Reloading Authentication Authorities > > Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > <filter-mapping> > > <filter-name>Acegi Security Enforcement Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by the 'Do More With Dual!' webinar > > happening > > July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual > > core and dual graphics technology at this free one hour event hosted > > by HP, AMD, and NVIDIA. To register visit > > http://www.hp.com/go/dualwebinar > > _______________________________________________ > > Home: http://acegisecurity.sourceforge.net > > Acegisecurity-developer mailing list > > Acegisecurity-developer@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the 'Do More With Dual!' webinar > happening > July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual > core and dual graphics technology at this free one hour event hosted by > HP, > AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
