TorqueSecurity service classes

Tue, 20 Nov 2007 00:15:25 -0800 

I'm setting up a 2 node tomcat cluster running 
my app which is based on Turbine 2.3.1

I was having a problem with session serialization and managed to
pin it down to Turbine placing its access control list in the session.
The access control list contained the default TorqueSecurity classes
which are as follows

org.apache.turbine.services.security.torque.TorqueUser
org.apache.turbine.services.security.torque.TorqueRole
org.apache.turbine.services.security.torque.TorquePermission
org.apache.turbine.services.security.torque.TorqueGroup

None of these classes implement java.io.Serializable, hence session
serialization between nodes always fails with a NotSerializableException.

I was able to overcome the problem by subclassing these classes and
adding the Serilization marker interface.


But i am wondering is this by design or is it a bug, and if it 
is a concious design decision then why?






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to