Re: [Acegisecurity-developer] How to invalidate Authentication when a user's account is disabled or deleted?

Mon, 29 Jan 2007 09:03:43 -0800 

What I have done in an app to address this issue is to extend the "doFilter"
method in the org.acegisecurity.context.HttpSessionContextIntegrationFilterclass
to do what you are talking about.  That should give you the access
that you need to the request object and underlying sessions and
Authorization objects.

Hope that helps,
--Brad

On 1/29/07, CJ <[EMAIL PROTECTED]> wrote:


Luc Boudreau <[EMAIL PROTECTED]> writes:

> See : org.acegisecurity.ui.logout.LogoutFilterYou should use this filter
> with a config looking like this :
> <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter
">


Maybe I'm just misunderstanding, but I don't see how LogoutFilter would
help.
Say you have:
* Session #1 - user "admin"
* Session #2 - user "joe"

The "admin" user in Session #1 goes to a management page and deletes the
"joe"
user account. Meanwhile in Session #2, Joe tries to load some secure page.
His
account has just been deleted by "admin" concurrently, but Joe himself has
not
clicked Logout or any such thing.

The Session #2 in use by Joe needs to be invalidated from the "admin"
user's
context (Session #1) when admin deletes the "joe" account. If the admin
were to
use the LogoutFilter, his own session would be invalidated instead of
Joe's.



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to