Announcement Announcement Module
Collapse
No announcement yet.
Security context ramdomly gets lost Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security context ramdomly gets lost

    Hi spring-flex users,

    We are using blazeds remote calls from an AIR client and are currently investigating a strange behaviour when sometimes the current thread has no Principal associated, e.g
    the call
    Authentication auth = SecurityContextHolder.getContext().getAuthenticati on();

    returns null !

    Our client offers the possibility to upload/download large binary data. For those cases we use standard http file upload / download via spring MVC controllers.
    Sometimes inbetween an upload/download request and the following blazeds call the authentication gets lost.

    Does anyone out there have any tips where we should look at ?

    I am desparately looking for an AIR based equivalent to the spring secured testdrive included in the spring flex distribution.

    Regards,
    Dirk

  • #2
    I don't have any specific AIR examples, but I would suggest checking two things:

    1. Make sure the sessionId is getting propagated correctly (usually this happens via a cookie)
    2. Make sure you have the DelegatingFilterProxy configured correctly in web.xml...for example:

    Code:
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
    
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>

    Comment


    • #3
      Hi Jeremy,

      The web.xml fragment you mentioned is exactly the one we use. The strange thing is that the application behaves correct in most cases, only from time to time there is no user associated with the current thread.
      Up to know I have found no deterministic way to reproduce the problem. It must be something with the cookie management of the AIR runtime or some session timeout - I have no idea.

      Anyway I would like to setup a totally stateless server requiring no session management and cookies at all but could not find anything in the documentation of blazeds or spring security that would allow me
      to turn the "problem" off.

      Regards,
      Dirk

      Comment

      Working...
      X