Hi Sergio, Once you have successfully changed the password, you will also need to do the following (if you havent already)...
- remove the user from the cache, (if you are caching the credentials) - replace the token with the new credentials and update the context holder You were probably successfully changing the password, however the username/password was cached and used in the re-authentication attempts See this post on the Spring Security forums for more info on how to refresh the password info: http://forum.springframework.org/viewtopic.php?t=4624&highlight=change+password Cheers, Mark On 8/15/05, Sergio Bossa <[EMAIL PROTECTED]> wrote: > Hello all, > > I was working on a custom filter to integrate in Acegi filter chain, for > forcing password change, when I discovered two odd Acegi behaviors. > The first one is not related to my filter: > > 1. Sometimes (at the moment I cannot say why and predict when), after user > authentication through the DaoAuthenticationProvider, while browsing > "protected" pages, Acegi tries to re-authenticate the user, even if he's > already so: this happens because the isAuthenticated() method of the > UsernamePasswordAuthenticationToken returns false. > > The second one is instead related to the password change, but also to the > first behavior: > > 2. After password changing, and after firing re-authentication as a > consequence to the first point, the authentication process always fails > because the password stored in the authentication token is different from > the one stored into the database, because the former is still the "old" > password, while the latter is the new one. > > This causes a loop in the authentication process, which ends up with a > "redirection limit" message. > > I hope to give you more details after studying and debugging more Acegi > source code. > > Regards, > > Sergio B. > > -- > Sergio Bossa > (http://sbtourist.blogspot.com/) > - Pro-Netics s.r.l. > (http://www.pro-netics.com) > - Montag, Web Services System for XML Database Interaction > (http://montag.sourceforge.net) > - QuickNote > (http://quicknote.sourceforge.net) > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
