Announcement Announcement Module
Collapse
No announcement yet.
AbstractAuthenticationToken implements equals but not hashCode Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AbstractAuthenticationToken implements equals but not hashCode

    Hi all,

    Since we have updated from acegi 0.8.2 to 0.9.0 i have recognized a slightly different behaviour of the HttpSessionContextIntegrationFilter. Its in the area where the SecureContext should be stored back in the session after processing the request. In 0.8.2 the context was stored back if a session existed. In 0.9.0 there is an additional check on the hashCode of the SecurityContextImpl (which is a delegate on the underlying Authentication).

    We are using the UsernamePasswordAuthenticationToken which is an extension to the AbstractAuthenticationToken. Now the AbstractAuthenticationToken implements the equals method but not the hashCode and as far as i know one should implement either both or none. What hashCode does the UsernamePasswordAuthenticationToken has?

    In our application the secure context is not updated even if the userdetails has changed (profile changes of a user). This worked fine in the previous version. We also use the DaoAuthenticationProvider which itself make use of the UsernamePasswordAuthenticationToken.

    Best regards,
    Sandro

  • #2
    I've created a JIRA issue to resolve this: http://opensource2.atlassian.com/pro...browse/SEC-125

    Comment

    Working...
    X