Hidden Flaw in Audit Logging w/ Hibernate Interceptor & ACEGI
We’ve recently came across a fatal problem in our audit logging facility where Acegi returns a different user other than the actual user. It’s a little hard to replicate because it happens only when multiple users are accessing the system. In summary, audit logs were associated to other users because Acegi SecurityContextHolder is returning incorrect…
read more...