I want to use the security module inside a rich client
(Swing GUI), which communicates with the server through
el4j remoting module (configured with Spring HTTP Invoker).
I first started to use the el4j AuthenticationService
with the automatic context passing. It seems to work
when "staying" in the same thread, but crashes when a
dialog for instance (new thread) makes a business call.
I think this is related to Acegi SecurityContextHolder
and/or el4j AuthenticationService implementations,
since by default the security context is stored in a
ThreadLocal. This is good for a server, but not adapted
to a rich client.
Newer versions of Acegi (starting from 1.0.0)
introduced a SecurityContextHolderStrategy, which can
be GLOBAL, THREAD_LOCAL or INHERITABLE_THREAD_LOCAL.
I read that you recently moved to Acegi 1.0.1, so did
you adapt the DefaultAuthenticationService to not
always use a ThreadLocal or plan to do something like that?
Or maybe I missed something important in the way one
should integrate Acegi into a rich client :-))
Thanks a lot for your help!!