I was able to confirm that the contacts-filter sample works fine. I'm
fine with a 0.8.1 since I have workarounds (redirect and
ContextHolder.setContext(null)) for both my apps.
Matt
On Mar 20, 2005, at 3:38 PM, Ben Alex wrote:
Matt Raible wrote:
Unfortunately, I looked at
Matt Raible wrote:
I updated from CVS and tried the new JAR on AppFuse and the security
chapter's sample application. The behavior continues to happen. I'll
try it on the Contacts sample app in few days. Maybe anonymous CVS is
not in synch.
Perhaps... The latest version of
On Tue, 15 Mar 2005 06:00:42 -0700, Matt Raible [EMAIL PROTECTED] wrote:
I was able to reproduce this problem in the Contacts sample
application. If logout.jsp *doesn't* do a redirect, the problem occurs
and the user stays logged in. If it *does* a redirect, everything works
and the user is
I was able to reproduce this problem in the Contacts sample
application. If logout.jsp *doesn't* do a redirect, the problem occurs
and the user stays logged in. If it *does* a redirect, everything works
and the user is logged out and prompted to login again.
I'm guessing the desired behavior
On Mar 12, 2005, at 6:46 PM, Ben Alex wrote:
Matt Raible wrote:
Here's a link to AppFuse's applicationContext-security.xml file - the
filters are specified in the first bean at the top.
http://tinyurl.com/6y4jd
Matt, did you get it working in the end?
Nope.
As the Contacts Sample is working,
Ben Alex wrote:
Andreas Brenk wrote:
You could use a HttpSessionListener to keep the coupling to Acegi
Security separate from your controller.
See http://forum.springframework.org/viewtopic.php?t=1106 for an
earlier discussion.
Perhaps this should be mentioned in the upgrade readme.
Regards,
On Mar 11, 2005, at 2:17 AM, Ben Alex wrote:
Matt Raible wrote:
For some reason, calling session.invalidate() (in a filter or in a
JSP) doesn't seem to help get rid of any Acegi authentication
information. Adding ContextHolder.setContext(null) in a filter
that's mapped to logout.jsp seems
On Mar 11, 2005, at 6:28 AM, Matt Raible wrote:
On Mar 11, 2005, at 2:17 AM, Ben Alex wrote:
Matt Raible wrote:
For some reason, calling session.invalidate() (in a filter or in a
JSP) doesn't seem to help get rid of any Acegi authentication
information. Adding ContextHolder.setContext(null)
You could use a HttpSessionListener to keep the coupling to Acegi
Security separate from your controller.
See http://forum.springframework.org/viewtopic.php?t=1106 for an earlier
discussion.
Perhaps this should be mentioned in the upgrade readme.
Regards,
Andreas
Matt Raible wrote:
With Acegi
Matt Raible wrote:
Ben Alex wrote:
It seems to work OK for me in Tomcat 5.5 with the Contacts Sample
application's logout.jsp.
I tried building/deploying the contacts WAR with maven (according to
the Building with Maven instructions) - there is no web.xml included
in the WAR file.
Matt
You
With Acegi Security 0.7.0, I was able to use session.invalidate() to
logout a user - much like I do when using container-managed
authentication. However, with 0.8.0, I've found that I have to use
ContextHolder.setContext(null). Is there anyway to change back to the
old behavior so I don't
11 matches
Mail list logo