Bug in bundled Application Server prohibits Acegi security integration
I am using JSC 2, Update 1 and have run into a problem trying to integrate Acegi security into my Web app. After some hours of frustration I have found that the problem apparently stems from a bug in the bundled Sun Application Server (version 8.2). If I deploy my application to Tomcat 5.5, the problem disappears.
The exception that occurs on the bundled Sun Application Server is:
java.lang.ClassCastException: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
For information about the appserver bug that causes this exception look at:
http://forums.java.net/jive/thread.jspa?threadID=13150&messageID=83666
The last three entries in the above thread discuss the problem and also link to other places where the problem is discussed. See in particular these links:
https://glassfish.dev.java.net/issues/show_bug.cgi?id=221
and
http://www.jroller.com/page/agrebnev?entry=acegi_does_not_work_at
The Glassfish bug database indicates that the bug was fixed in the b38 version of Glassfish. However, the fix apparently hasn't made it into the bundled Sun Appserver 8.2.
I hope this information will spare someone else the frustration of hunting down the source of this problem. Since Acegi is becoming a very popular option for adding security to Java webapps, I probably won't be the only person to run into this little gotcha.
Also, I'd appreciate any info the Creator team can provide about when the bundled appserver might be fixed.
Thanks,
Charlie
