SpringSecurity: Multithreading: Access Denied under load

hello,

i've got a strange problem with spring security. we've developed a lot of components which themselve are build out of several mule services. each of these components have got soap and rest connectors where we do method security interception using spring security. in order to protect these connectors we use the http-basic-auth-filter.

during some testings we figured out that spring security returnes access denied on valid requests randomly. it seams like any part of the security process is not thread safe. it looks like spring security takes credentials/basic-auth-strings from one request and uses it to authenticate and authorize in another requests context thus things seem to get intermingled and spring security denies access.

besinde the fact that we get access denied responses this behaviour is an absolut show stopper for us as we cannot reply on the spring security integration in mule.

can anyone confirm this? has anyone an idea how to solve this problem?

thx, greez,

dialsc

Have not run into this. I guess most fruitful approach would be to create a compact reproduction scenario, prove that this problem still exist here and then file a bug in jira.

P.S. you are not using nio by any chance?

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

not that i knew about using nio.

btw, i already filled out a bug report: http://www.mulesoft.org/jira/browse/MULE-4596

Trond Kvarenes-2 wrote:

Have not run into this. I guess most fruitful approach would be to create a compact reproduction scenario, prove that this problem still exist here and then file a bug in jira.

P.S. you are not using nio by any chance?

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email