Short answer: I don't know. I have, for various reasons, maintained a slightly modified version of the tapestry5-acegi project. I will likely do the same for tapestry-spring-security. If you look at the source for
nu.localhost.tapestry5.springsecurity.services.SecurityModule you will see where the AnonymousAuthenticationProcessingFilter is hooked in. You could leave it out. You should also know that the HttpSessionContextIntegrationFilter is responsible for moving SecurityContext information back and forth to the HttpSession. I'm not sure under what circumstances you will cause a session to be created - probably anything that puts something in the SecurityContext. OTOH, that won't solve the issue of Tapestry creating the session to store the validation tracker for the Login form. There have been various conversations about session-less strategies on the list. Jonathan > -----Original Message----- > From: rs1050 [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 07, 2008 21:23 > To: users@tapestry.apache.org > Subject: RE: tapestry-spring-security: how to set ASO on successful login? > > > Off topic: is there a way of instructing spring-security not to create a > session before authentication (kind of 'no role at all' rather than > ROLE_ANONYMOUS)? I am thinking about a web site with big traffic - > creation > of too many sessions for public pages will really slow it down... > > > Jonathan Barker wrote: > > > > IIRC, the default configuration for tapestry-acegi resulted in > > ROLE_ANONYMOUS being given to unauthenticated users. That resulted in > the > > creation of the session. > > > > -- > View this message in context: http://www.nabble.com/tapestry-spring- > security%3A-how-to-set-ASO-on-successful-login--tp20865863p20888633.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
