Alright, I've done some serious digging now, and I think I've found the heart of the issue.
I'm using the TorqueUser implementation of the User interface. At the start it makes a distinction between permanent storage, and temporary. These appear to refer to (database) and (session) respectively. The problem lies with the fact that there is no link between the two. The underlying user account object is stored in permanent storage and as such, if you update it's name, email, etc, it updates the permanent storage object in memory. However, the session has no record of this. This appears to be a serious limitation for sharing sessions across server nodes. I suppose I'll write/rewrite my own implementation of the User interface, such that the underlying user object is stored in the session too. And If its not too hackish, maybe I'll even submit it to the project lol.. > From: [email protected] > To: [email protected] > Subject: RE: ACL serialization. > Date: Tue, 15 Dec 2009 23:41:03 +0000 > > > So actually neither the User, nor the ACL is getting saved when the server > restarts. > It appeared like the user was because I have it linked to address tables, > etc. And > they were getting reloaded. > > So I set the user and acl when someone logs in via > > user = TurbineSecurity.getAuthenticatedUser( username, password ); > data.setUser(user); > > and the aforementioned ACL code. > > So why aren't these being stored in the session? And how do I go about > getting > them stored in the session? > > I could of course create a hashmap or custom object, store them in that, > and put it in the session manually or something clunky like that. > > It seems to me like there has to be a better way? > > > From: [email protected] > > To: [email protected] > > Subject: ACL serialization. > > Date: Tue, 15 Dec 2009 23:17:36 +0000 > > > > > > Hello, > > I'm trying to make sessions persistent, and set-up a cluster. > > I'm able to serialize and recall/reload all my defined session tools and > > subobjects > > defined via example: > > > > tool.session.queryData=org.simmental.util.QueryData > > > > However, the my Access control list doesn't seem to be serializing for some > > reason. > > > > AccessControlList acl = data.getACL(); > > if ( acl == null ) > > { > > acl = TurbineSecurity.getACL( data.getUser() ); > > data.getSession().setAttribute( > > AccessControlList.SESSION_KEY,(Object)acl ); > > } > > data.setACL(acl); > > data.save(); > > > > This code is in my login action. Now I thought that would save the ACL to > > the session, > > but whenever I restart Tomcat, the ACL is null on requests. > > > > Any thoughts as to what I'm doing wrong, and how I can get the ACL to > > persist with the > > session? > > > > Thanks > > Ross > > > > > > _________________________________________________________________ > > Hotmail: Free, trusted and rich email service. > > http://clk.atdmt.com/GBL/go/171222984/direct/01/ > > _________________________________________________________________ > Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. > http://clk.atdmt.com/GBL/go/171222985/direct/01/ _________________________________________________________________ Hotmail: Free, trusted and rich email service. http://clk.atdmt.com/GBL/go/171222984/direct/01/
