Joseph, Ben,
Joseph Dane wrote:
Ben Alex <[EMAIL PROTECTED]> writes:
Because the same thread is used for the duration of the HTTP request,
and the thread has security information removed from it at the end of
each request, there should not be any problem in a large web
application. You may like to confirm this yourself by using a stress
testing tool such as Grinder.
no, I think you misunderstand Peter. Peter's webapp (uPortal, no?)
yes :)
uses its own thread pool to process a portion of a given request. A
single HTTP request might end up being serviced by many different
threads.
that's correct.
I doubt there's any code already in acegi to handle this, but I don't
think it'd be too hard to deal with. your worker threads are just
going to have to (carefuly) copy the security context from the
original HTTP request handling thread before starting their work, and
(carefully) clear the local context at the end of the task.
That's what I am currently doing. The ugliness comes in the first
request, when the Context has not yet been placed into the session
(since the filter does it at the end of the request processing).
Since HttpSessionContextIntegrationFilter has to be placed before
authentication processing filters, I ended up inserting a trivial
integration filter at the end of the filter chain that puts Context into
a request attribute. It works, I was just wondering if there's a better way.
thanks,
-peter.
====
This message and any attachments are confidential. Unauthorized use
or disclosure of this message is strictly prohibited, and this message
must be destroyed immediately if received by an unauthorized recipient.
====
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
