Hello all, I was working on a custom filter to integrate in Acegi filter chain, for forcing password change, when I discovered two odd Acegi behaviors. The first one is not related to my filter:
1. Sometimes (at the moment I cannot say why and predict when), after user authentication through the DaoAuthenticationProvider, while browsing "protected" pages, Acegi tries to re-authenticate the user, even if he's already so: this happens because the isAuthenticated() method of the UsernamePasswordAuthenticationToken returns false. The second one is instead related to the password change, but also to the first behavior: 2. After password changing, and after firing re-authentication as a consequence to the first point, the authentication process always fails because the password stored in the authentication token is different from the one stored into the database, because the former is still the "old" password, while the latter is the new one. This causes a loop in the authentication process, which ends up with a "redirection limit" message. I hope to give you more details after studying and debugging more Acegi source code. Regards, Sergio B. -- Sergio Bossa (http://sbtourist.blogspot.com/) - Pro-Netics s.r.l. (http://www.pro-netics.com) - Montag, Web Services System for XML Database Interaction (http://montag.sourceforge.net) - QuickNote (http://quicknote.sourceforge.net) ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
