There are two questions below:
<quote from: 1.15.4. Filter Ordering>
All of the above filters use |FilterToBeanProxy| or |FilterChainProxy|, which is discussed in the previous sections. It is recommended that a single |FilterToBeProxy| proxy through to a single |FilterChainProxy| for each application, with that |FilterChainProxy| defining all of the Acegi Security |Filter|s.
</quote>
Question 1: I've found that putting the ContextHolderAwareRequestFilter in a FilterChainProxy bean does not work - it has to be explicitly mapped in my web.xml. Is this a bug in the documentation or implementation?
web.xml:
---------------
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
applicationContext-security.xml:
-------------------------------------
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,remoteUserFilter,anonymousProcessingFilter,securityEnforcementFilter
</value>
</property>
</bean>
Where "remoteUserFilter" is defined as a bean in this same file:
<bean id="remoteUserFilter" class="net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter"/>
Question 2: Because I still have to map 2 filters for Acegi Security, I'm leaning toward using the 5-filters in web.xml, rather than the one filter+FilterChainProxy. Are there any advantages to one or the other? The one thing I like about individual filters is I can make the <url-mappings> a little more explicit. Is something like the following possible with FilterChainProxy - so all 5 filters aren't processed for every request?
<filter-mapping>
<filter-name>sessionContextIntegrationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>anonymousAuthenticationFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>securityEnforcementFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>remoteUserFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>Thanks,
Matt
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
