文章列表
<session-config>
<session-timeout>30</session-timeout>
</session-config>
after 30 minus the session will time out ,the sime as u invoking
session.invalidate();so when in HttpSessionContextIntegrationFilter,
it will create new security context with no auth.so fo ...
- 2007-04-02 10:35
- 浏览 935
- 评论(0)
this filter must be first in the filter chan.it use for concurrentSessionController.in ConcurrentSessionFilter,u must remove the expired
session info,other wise the expired ie will expired for ever.
(because some times after
session.invalidate(),the HttpSession session = httpRequest.getSession(fal ...
- 2007-04-02 10:29
- 浏览 1817
- 评论(0)
this interceptor has two main function,one use ConfigAttributeDefinition difineing the url and it's role ,the second use Voter to filter the urls.the parameter ConfigAttributeDefinition config is get from the data base according the url including role(authentication).
public int vote(Authentication ...
- 2007-03-30 17:37
- 浏览 1841
- 评论(0)
classes extends AbstractFilterInvocationDefinitionSource will define useAntPath.if true ,it will use AntPathMatcher to compare the urls.
AntPathMatcher will first convert the url to array useing the DEFAULT_PATH_SEPARATOR("/"),then compare each elements in the array.
String[] patDirs = Str ...
- 2007-03-30 16:37
- 浏览 1404
- 评论(0)
the ExceptionTranslationFilter is live for the filterInvocationInterceptor ,in my opinion.it will catch the exception from filterInvocationInterceptor then redrect the request to the defined url
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.Exceptio ...
- 2007-03-30 13:45
- 浏览 1525
- 评论(0)
if (SecurityContextHolder.getContext().getAuthentication() == null) {
Authentication rememberMeAuth = rememberMeServices.autoLogin(httpRequest, httpResponse);
if (rememberMeAuth != null) {
// Attempt authenticaton via AuthenticationManager
...
- 2007-03-30 12:12
- 浏览 1479
- 评论(0)
This is the core code from Anonymousprocessingfilter's method "doFilter":
if (applyAnonymousForThisRequest(request)) {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
SecurityContextHolder.getContext().setAuthentication(createAuthenticati ...
- 2007-03-30 10:39
- 浏览 2194
- 评论(0)
refference:http://wiki.apache.org/tapestry/FormClientPersistence.
I can't understand what can we profit from the FormClientPersistence.for the PageLink, DirectLink, or ExternalLink ,it will not encoding the data to URL ,but for the post,it will only
encoding the form data to the url.is that right?
...