Re: [Acegisecurity-developer] Basic + Form authentication in one webapp

Sat, 26 Feb 2005 01:30:39 -0800 

On Friday 25 February 2005 06:34, Gavin Terrill wrote:
> Hi there,
>
> I'm stuck and would like some guidance on where to go next (I am quite new
> to Acegi Security, so this may be a na�ve question). I am trying to protect
> "/secure/*" resources in my web app using form processing, and
> "/officeplugin/*" using BASIC + SSL. To start with we have the form based
> authentication working ok (based on Matt's AppFuse + Acegi stuff:
> http://raibledesigns.com/wiki/Wiki.jsp?page=AppFuseAuthentication).
>
> To web.xml I added a BasicProcessingFilter bean (via FilterToBeanProxy) and
> corresponding mapping. I specified "/officeplugin/*" as the url-pattern for
> the mapping.
>
> On the context config side I added the BasicProcessingFilter and
> BasicProcessingFilterEntryPoint beans.
>
> When I run the web app and try to access a BASIC protected page I see a
> debug entry in the log saying "BasicProcessingFilter - Authorization
> header: null", but I do not see an authentication challenge.
>
> What am I doing wrong?

Hi Gavin

You need a delegating AuthenticationEntryPoint that takes into account the web 
URI of the request that caused the security exception. There's a lot of 
discussion about that on the forums, if you do a search for 
AuthenticationEntryPoint I'm sure you'll find something.

The ultimate solution is for Acegi Security to provide a delegating 
AuthenticationEntryPoint that operates based on configuration attributes. For 
example, your /officeplugin/* would have attributes of 
ROLE_SOMETHING,ENTRY_POINT_BASIC whereas /secure/* might be 
ROLE_SOMETHING_ELSE,ENTRY_POINT_FORM. All the necessary infrastructure is 
already in place to enable this - it's a simple case of just writing the 
implementation. Whilst I hope to get to this sometime soon, you might be 
better off writing it yourself if you have an immediate need.

Best regards
Ben


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to