Matt Raible wrote:
Sorry for all the questions, just want to get all my ducks in a row so AppFuse is using Acegi Security in the recommended fashion.
No problemo.
Question 1: I've found that putting the ContextHolderAwareRequestFilter in a FilterChainProxy bean does not work - it has to be explicitly mapped in my web.xml. Is this a bug in the documentation or implementation?Based on forum reports, it would seem there is a bug in that section of code. For FilterChainProxy to work it needs to do some low-level FilterChain manipulation, so it's possible this is not compatible with ContextHolderAwareRequestFilter's replacement of the ServletRequest. I think the problem is I'm using the fi.getRequest() inside VirtualFilterChain, whereas I probably should use the ServletRequest (named arg0 in VirtualFilterChain.doFilter()) instead. I am reluctant to declare that the problem just yet, as it needs testing. You're welcome to give that a try if you have a moment.
Question 2: Because I still have to map 2 filters for Acegi Security, I'm leaning toward using the 5-filters in web.xml, rather than the one filter+FilterChainProxy. Are there any advantages to one or the other? The one thing I like about individual filters is I can make the <url-mappings> a little more explicit. Is something like the following possible with FilterChainProxy - so all 5 filters aren't processed for every request?
<filter-mapping> <filter-name>sessionContextIntegrationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>authenticationFilter</filter-name> <url-pattern>/j_security_check</url-pattern> </filter-mapping> <filter-mapping> <filter-name>anonymousAuthenticationFilter</filter-name> <url-pattern>*.html</url-pattern> </filter-mapping> <filter-mapping> <filter-name>securityEnforcementFilter</filter-name> <url-pattern>*.html</url-pattern> </filter-mapping> <filter-mapping> <filter-name>remoteUserFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Yes, it could be done like this:
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.html=sessionContextIntegrationFilter,anonymousAuthenticationFilter,securityEnforcementFilter,remoteUserFilter
/j_security_check=sessionContextIntegrationFilter,authenticationFilter,remoteUserFilter
/**=sessionContextIntegrationFilter,remoteUserFilter
</value>
</property>
</bean>
Don't forget FilterChainProxy not only provides inclusion/exclusion of Filters based on URI, but it also offers the ability to re-order the Filters (an advantage of web.xml).
Cheers Ben
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
