Mar 3rd, 2008, 11:01 AM
'SecurityContextHolder now cleared' after succesful authentication
I have a strange issue in my configuration.
When I logon to my application, the user is authenticated, the granted authorities are filled, but once the authorisation is done and the struts2 action is executed, I cannot access the Authentication object.
I use the SecurityContextHolder to retrieve the Context, but the Authentication object that is returned is always null.
The last significant log message I get is that the SecurityContextHolder is now cleared.
Anyone have an idea what could cause this?
Mar 3rd, 2008, 01:17 PM
Please refer to HttpSessionContextIntegrationFilter class. The normal acegi process : 1)request in. 2)acegi HttpSessionContextIntegrationFilter starts doFilter. 3)go through rest of acegi filters. 4)hit your web controller(if any) 5)your requested web page(jsp) 6)HttpSessionContextIntegrationFilter clears the SecurityContextHolder. 7)HttpSessionContextIntegrationFilter adds the SecurityContext to your http session.
You should be able to access the Authentication object from SecurityContextHolder up to step 5 above. After step 6, you need to look at http session..