problems with Acegi and WebSphere 6.1
I've just run into a problem with a Spring/Acegi web app, trying to run it on a WebSphere 220.127.116.11 server. Basically, it appears that WebSphere v18.104.22.168 (and at least v.22.214.171.124) has a bug that generates a 404 error instead of invoking filters on URI requests that aren't actually present in the web app.
This means that /myapp/j_acegi_security_check returns a 404 instead invoking ANY of the filters for the app (including ones with URI patterns like /*). So Acegi doesn't appear to function with 126.96.36.199/5, which are the versions that I've actually tried.
This issue is similar to IBM bug PK27620, http://www-1.ibm.com/support/docview...id=swg1PK27620, which describes the same filter issue, only specifically with JSP resources. That bug is supposed to have been fixed in v188.8.131.52.
It looks like the issue I describe is a variant of that problem. I have submitted a problem report to IBM.
Has anybody found a workaround to get Acegi working?
I'm using Acegi 1.0.2/3.
what about j_acegi_logout?
Seems like the fix only works fine for the login part.
When using Acegi's LogoutFilter (mapped on /j_acegi_logout) it seems that WAS v6.1 calls the logouthandlers set in the logout filter get called twice. As such the session is recreated, and for some other reason the delete of the remember-me cookie gets lost somewhere due to WASv6.1 not handling filter logic as should.
On WASv6.0, Tomcat4 and Tomcat5.4 the logout works fine.
Did someone manage to write acegi logout code that actually works on Websphere v6.1?