Results 1 to 3 of 3

Thread: X509 Authentication question

  1. Jan 16th, 2006, 06:24 PM #1
    Rolf Arne Corneliussen
    Rolf Arne Corneliussen is offline Junior Member
    Join Date
    Dec 2005
    Location
    Oslo, Norway
    Posts
    15

    Default X509 Authentication question

    When you use authentication with username/password you end up with a UsernamePasswordAuthenticationToken with authenticated set to 'true'. On the other hand, if you use X509 Authentication you end up with a X509AuthenticationToken with autheticated set to 'false'.

    Is there any rationale behind this difference in behaviour that is obvious or explained somewhere? I ask because using X509 Authentication leads to a reauthentication in the service layer, but I cannot see the benfit.
  2. Jan 17th, 2006, 07:11 PM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    The explanation is probably that it was written before the alwaysReauthenticate property was added to AbstractSecurityInterceptor and at that time the "authenticated" property wasn't relevant to it. It should probably be brought into line with UsernamePasswordAuthenticationToken. I'll have a look at the code.

    Thanks for pointing this out.
  3. Jan 26th, 2006, 07:09 AM #3
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    JIRA Tracker:

    http://opensource2.atlassian.com/pro...browse/SEC-158
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules