Problem solved!
mraible wrote:
>
> I've never done this, so unfortunately I don't have any examples to
> provide. I'd suggest searching Acegi's forums and, if you don't find
> anything, posting a question there.
>
I have added alwaysReauthenticate=true for filterInvocationInterceptor.
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="alwaysReauthenticate" value="true"/>
...
</bean>
But without the userCache the only problem was that for every request the DB
was reread for userDetails.
So I set back the userCach to the project and the userDetails are only
reread form DB when the user is removed from the cache.
Now for every user details operations (for example saving/deleting user
roles, user projects, user tasks) i have special userCacheAdvice called
which only remove the user from cache.
Thanks mraible for your help.
--
View this message in context:
http://www.nabble.com/UserCache-vs-SecurityContext-tf3400798s2369.html#a9512879
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
