Announcement Announcement Module
Collapse
No announcement yet.
Security context is after authentication sometimes still empty Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security context is after authentication sometimes still empty

    Hello,

    I have so something in Flex:
    <s:RemoteObject id="dest1" destination="some_d"/>
    <s:RemoteObject id="dest2" destination="some_o_d"/>
    ...
    var channel:AMFChannel = new AMFChannel("my-amf", "url");
    var channelSet:ChannelSet = new ChannelSet();
    channelSet.addChannel(channel);
    dest1.channelSet = channelSet;
    var token:AsyncToken = dest1.channelSet.login("usr", "passwd");
    token.addResponder(new AsyncResponder(resultHandler, null));
    ....
    function resultHandler(event:ResultEvent,token : AsyncToken):void {
    dest2.call_method();
    }

    And in Java:
    public void call_method() {
    Authentication auth = SecurityContextHolder.getContext().getAuthenticati on();
    }

    Sometimes (1 of 3 runs) happens, that auth object is null. What am i doing wrong?

    User and his roles are writen in spring.xml. I see from logs, that Spring use DaoAuthenticationProvider.

    tHx,
    pH.


    PS: Using Spring BlazeDS 1.0.3 on Tomcat 6.

  • #2
    The one things I've seen cause such intermittent problems is not having the DelegatingFilterProxy configured correctly in web.xml (see https://jira.springframework.org/browse/FLEX-78 for some deeper investigation).

    There is an example of the necessary config for the DelegatingFilterProxy shown here:
    http://static.springsource.org/sprin...html/ch04.html

    Comment


    • #3
      mm, i have DelegatingFilterProxy in web.xml. From FlexContext i become the right FlexSession, but SecurityContext is empty. Application use ThreadLocalSecurityContextHolderStrategy so may be wrong thread? But how is possible, when FlexSession is set right (it use ThreadLocal too)

      Comment


      • #4
        Channel login and logout command are really executed in different threads (but login, logout use same thread) as the remote call self.

        When i trace some code (in debug) its not happening. So i delay the remote call by 5 seconds, but still same problem

        Comment


        • #5
          It seems that the problem is solved. I miss the <http auto-config="true"/> in spring config. Now Spring logs so 10x more lines, but it works ...i must find, what has changed...

          Comment

          Working...
          X