Ben Alex <[EMAIL PROTECTED]> writes: > Because the same thread is used for the duration of the HTTP request, > and the thread has security information removed from it at the end of > each request, there should not be any problem in a large web > application. You may like to confirm this yourself by using a stress > testing tool such as Grinder.
no, I think you misunderstand Peter. Peter's webapp (uPortal, no?) uses its own thread pool to process a portion of a given request. A single HTTP request might end up being serviced by many different threads. I doubt there's any code already in acegi to handle this, but I don't think it'd be too hard to deal with. your worker threads are just going to have to (carefuly) copy the security context from the original HTTP request handling thread before starting their work, and (carefully) clear the local context at the end of the task. -- joe ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer