Dec 11th, 2005, 02:53 PM
AbstractAuthenticationToken implements equals but not hashCode
Since we have updated from acegi 0.8.2 to 0.9.0 i have recognized a slightly different behaviour of the HttpSessionContextIntegrationFilter. Its in the area where the SecureContext should be stored back in the session after processing the request. In 0.8.2 the context was stored back if a session existed. In 0.9.0 there is an additional check on the hashCode of the SecurityContextImpl (which is a delegate on the underlying Authentication).
We are using the UsernamePasswordAuthenticationToken which is an extension to the AbstractAuthenticationToken. Now the AbstractAuthenticationToken implements the equals method but not the hashCode and as far as i know one should implement either both or none. What hashCode does the UsernamePasswordAuthenticationToken has?
In our application the secure context is not updated even if the userdetails has changed (profile changes of a user). This worked fine in the previous version. We also use the DaoAuthenticationProvider which itself make use of the UsernamePasswordAuthenticationToken.
Dec 13th, 2005, 07:54 PM