Ben Alex <[EMAIL PROTECTED]> writes:

> Because the same thread is used for the duration of the HTTP request,
> and the thread has security information removed from it at the end of
> each request, there should not be any problem in a large web
> application. You may like to confirm this yourself by using a stress
> testing tool such as Grinder.

no, I think you misunderstand Peter.  Peter's webapp (uPortal, no?)
uses its own thread pool to process a portion of a given request.  A
single HTTP request might end up being serviced by many different
threads.

I doubt there's any code already in acegi to handle this, but I don't
think it'd be too hard to deal with.  your worker threads are just
going to have to (carefuly) copy the security context from the
original HTTP request handling thread before starting their work, and
(carefully) clear the local context at the end of the task.

-- 

joe


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to