Matt Raible wrote:
Is "ROLE_ANONYMOUS" a special key so that you don't have to add it to your user data store? If it has to be added, do all registered users have to have have this role assigned to them? I'm sure it works how I'd expect it to work, just want to clarify. It would be nice if this was possible:
The actual GrantedAuthorty[]s assigned to the anonymous principal are defined by the filter:
<bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
</bean>
The first parameter is the username, the rest are by default converted into GrantedAuthorityImpl()s. Because an AnonymousAuthenticationToken is generated by the AnonymousProcessingFilter, it is handled at an AuthenticationProvider level by AnonymousAuthenticationProvider. As such the username and GrantedAuthortiy[]s are not defined in any database at all.
That FilterInvocationDefinitionSource would work just fine. As mentioned above, ROLE_ANONYMOUS (or whatever you you chose to call it) is not defined in any database.
<property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /*.jsp=ROLE_ANONYMOUS /*.html*=ROLE_USER </value> </property>
Where anyone could browse *.jsp - whether they're logged in or not. And ROLE_ANONYMOUS doesn't have to exist in my "authorities" table.
This approach allows the creation of a ROLE_ANONYMOUS as well as a separate ROLE_EVERYONE that might be assigned to both anonymous and authenticated users.
Also, if people don't like this particular model, the AuthenticationTrustResolver interface allows them to make anonymous authentication work in some other way - but still retain compatibility with FilterSecurityInterceptor's special handling of AccesDeniedExceptions when an anonymous user is present.
Best regards Ben
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
