Digest authentication problem

[Ghed]

Hi All!
I am trying to use digest authentication support in my web app but I am encountering several problems.
When I try to access to a protected resource the browser popup with the request of username/password but, after I filled the blanks, it seems that username and password are invalid because the browser request credentials again.

I am guessing that problem is something related with password encryption but for now I am not able to resolve this issue.
Any idea?

Thanks in advance.

Here is my config:

Code:

<http entry-point-ref="digestProcessingFilterEntryPoint">
		<intercept-url pattern="/secure/extreme/**"
			access="ROLE_SUPERVISOR" />
		<intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR" />
		<intercept-url pattern="/**" access="ROLE_SUPERVISOR" />
		


	</http>





	<authentication-provider>
		<!-- il tag user-service instanzia un bean con la classe InMemoryDAOImpl -->
		<user-service id="userService">

			<user name="bob" password="bob"
				authorities="ROLE_SUPERVISOR,ROLE_USER" />
			<user name="dianne" password="dianne"
				authorities="ROLE_USER" />
			<user name="scott" password="scott" authorities="ROLE_USER" />
		</user-service>

	</authentication-provider>



	<beans:bean id="digestProcessingFilter"
		class="org.springframework.security.ui.digestauth.DigestProcessingFilter">
		<beans:property name="userDetailsService" ref="userService"></beans:property>
		<beans:property name="authenticationEntryPoint"
			ref="digestProcessingFilterEntryPoint">
		</beans:property>

		<beans:property name="passwordAlreadyEncoded" value="false"></beans:property>
	</beans:bean>


	<beans:bean id="digestProcessingFilterEntryPoint"
		class="org.springframework.security.ui.digestauth.DigestProcessingFilterEntryPoint">
		<beans:property name="key"
			value="private">
		</beans:property>
		<beans:property name="nonceValiditySeconds" value="10"></beans:property>
		<beans:property name="realmName" value="bojaccia"></beans:property>

	</beans:bean>

[Ghed]

Hi!
Finally I fixed troubles with digest authentication, but one issue remains: the authentication context is not cleared after logout. Why? I am still able to access protected resources after logout.
Can anyone help me?

Here is my config:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:security="http://www.springframework.org/schema/security"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">


	 <security:authentication-provider >
       <security:user-service id="springSecurityService">
            <security:user name="bob" password="bob" authorities="ROLE_USER, ROLE_ADMIN" />
        </security:user-service>
	</security:authentication-provider>




	 <security:authentication-provider user-service-ref="springSecurityService"/>



	<security:authentication-manager alias="authenticationManager" />

	<bean id="digestProcessingFilter"
        class="org.springframework.security.ui.digestauth.DigestProcessingFilter">
        <property name="userDetailsService" ref="springSecurityService" />
        <property name="authenticationEntryPoint" ref="digestProcessingFilterEntryPoint" />
    </bean>

    <bean id="digestProcessingFilterEntryPoint"
        class="org.springframework.security.ui.digestauth.DigestProcessingFilterEntryPoint">
        <property name="realmName"
            value="Bojaccia Digest Authentication" />
        <property name="key" value="acegi" />
        <property name="nonceValiditySeconds" value="300" />
    </bean>

	<bean id="springSecurityFilterChain"
		class="org.springframework.security.util.FilterChainProxy">
		<security:filter-chain-map path-type="ant">
			<security:filter-chain pattern="/**"
				filters="httpSessionContextIntegrationFilter, logoutFilter, digestProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
		</security:filter-chain-map>
	</bean>

	<bean id="httpSessionContextIntegrationFilter"
		class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />

	<bean id="filterSecurityInterceptor"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="accessDecisionManager" ref="accessDecisionManager" />
        <property name="objectDefinitionSource" ref="invocationDefinition">
            <!--
            <security:filter-invocation-definition-source>
            <security:intercept-url pattern="/secure/**" access="ROLE_USER" />
            </security:filter-invocation-definition-source>
             -->
        </property>
    </bean>


<security:filter-invocation-definition-source id="invocationDefinition">
	<security:intercept-url pattern="/secure/**" access="ROLE_USER" />
</security:filter-invocation-definition-source>

    <bean id="accessDecisionManager"
        class="org.springframework.security.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="false" />
        <property name="decisionVoters">
	        <list>
	            <bean class="org.springframework.security.vote.RoleVoter" />
	        </list>
        </property>
    </bean>

    <bean id="exceptionTranslationFilter"
        class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint"
            ref="digestProcessingFilterEntryPoint" />
    </bean>

<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
		<constructor-arg value="/" />
		<constructor-arg>
			<list>
				<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler">
					<property name="invalidateHttpSession">
						<value>true</value>
					</property>

				</bean>
			</list>
		</constructor-arg>

	</bean>

</beans>