Subject reset when page refreshed with F5 the second time

Thu, 02 Apr 2009 07:43:08 -0700 

Hi everyone,

I'm new to both Grails and JSecurity. I'm trying to integrate JSecurity
into our existing webapp.
I've implemented a custom Realm and am using a 'non-remember me' token.
My Account returns  
string-based permissions.

Now to the actual problem I'm facing: Whenever I refresh a page using F5
on Firefox (haven't tested 
on other browsers yet) my Subject gets reset the second time. However,
if I continue browsing the 
pages by clicking on the various links my Subject doesn't get reset. Any
idea why this is happening 
and how I can avoid the Subject reset?

Below is a summary of my grails bootstrap code and log outputs.

 Code in Grails Bootstrap:
 =========================
    def init = {servletContext ->
        println '--- BootStrap ---'
                
        // Initialize the jSecurity realm
        DefaultSecurityManager securityManager = new
DefaultSecurityManager();
        securityManager.setRealm(new MyCustomRealm());
        SecurityUtils.setSecurityManager(securityManager);

        println '1a - ThreadContext.securityManager: ' +
org.jsecurity.util.ThreadContext.getSecurityManager()
        println '1b - ThreadContext.securityManager.subject: ' +
org.jsecurity.util.ThreadContext.getSecurityManager()?.getSubject()
        println '2 - SecurityUtils.securityManager.subject' +
org.jsecurity.SecurityUtils.securityManager?.getSubject()
    }


 Summary of Console Outputs:
 ===========================
 --- BootStrap ---
 1a - ThreadContext.securityManager: null
 1b - ThreadContext.securityManager.subject: null
 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@165391b

 // The login page
 session.originalRequestParams.zipcode = 76092
 hasPermission:'admin|reviewer' -> false : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@13f8
66 with timeout 1800000 and principal null Grails session  id:
4v2u9cqs9y4i
 1a - ThreadContext.securityManager: null
 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@17ff60e

 // Login successful
 Login: Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000

 // Home page after login
 hasPermission:'admin|reviewer' -> true : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER Grails  session id:
4v2u9cqs9y4i
 1a - ThreadContext.securityManager: null
 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@17ff60e
 lacksPermission:'admin|reviewer' -> false : Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER

 // Refresh using F5 first time
 hasPermission:'admin|reviewer' -> true : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER Grails session id:
4v2u9cqs9y4i
 1a - ThreadContext.securityManager: null
 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@17ff60e
 lacksPermission:'admin|reviewer' -> false : Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER

 // Refresh using F5 second time
 hasPermission:'admin|reviewer' -> false : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cc43
64 with timeout 1800000 and principal null Grails session  id:
4v2u9cqs9y4i
 1a - ThreadContext.securityManager: null
 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@5c775d
 lacksPermission:'admin|reviewer' -> true : Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cc43
64 with timeout 1800000 and principal null
 
Thanks,

Shams

Reply via email to