0 Replies Latest reply on Dec 20, 2013 5:42 AM by valery_yahorau

    Jive 6 SecurityContextHolder trouble

    valery_yahorau

      Hi,

       

      I have a trouble with authentication for jive 6.
      When user1 log in, then log out and then user2 log in and automatically redirect to welcome page he see content(groups, avatars and so on) of user1. If then he refresh page he will see correct content.

       

      We have custom SSOIdentityAuthFilter witch works with token in PLUGIN1 which use for authentication:
      SecurityContext context = SecurityContextHolder.getContext();

      context.setAuthentication(authentication);


      then we have WelcomeAction (struts action) which redirect user to welcome page in PLUGIN2 which take current user from

      JiveActionSupport

          public final User getUser() {

              if (null == user) {

                  try {

                      User ju = authProvider.getJiveUser(); ....


      authProvider is

      SecurityContextAuthenticationProviderImpl

          public User getJiveUser() {

              User user = getAuthentication().getUser();

              return user == null ? new AnonymousUser() : user;

          }  ....

       

      method getAuthentication

          public JiveAuthentication getAuthentication() {

              final Authentication auth = SecurityContextHolder.getContext().getAuthentication();

       

      So in strtus action and in filter we have the same SecurityContextHolder,
      I try lo log this issue
      and in filter class SecurityContextHolder.getContext() after setting new Authentication i have user2, but in struts action after this filter I have user1

      log.debug("SecurityContext : "+SecurityContextHolder.getContext().toString());


      any ideas for this issue ?