Kjetil Paulsen wrote:
Thx for the response, I see what you are saying, however, since we
don't have roles in the system today and isUserInRole is based on the
group the user belongs to I'm not sure how to handle this... could it
be a quick fix to add a 'known' role like 'USERS' to all users in the
system in the custom AuthenticationDAO? Or am I still missing
something?
HttpServletRequest.isUserInRole(String), when used with Acegi Security,
uses the Authentication.getAuthorities(). In other words, it uses the
GrantedAuthority[]s assigned to the Authentication.
Your DaoAuthenticationProvider will use an AuthenticationDao to lookup a
UserDetails for a given username. The UserDetails your AuthenticationDao
generates will be used within the Authentication object, and thus the
GrantedAuthority[]s returned by the AuthenticationDao are important as
these in turn get used by HttpServletRequest.isUserInRole(String).
How your AuthenticationDao reconciles your application's concept of
groups and permissions is up to you. There is absolutely no reason to
need to express the groups in XML. Your permissions, on the other hand,
will need to be referred to by
FilterSecurityInterceptor.objectDefinitionSource. So, your earlier
example would be modified to:
/userlogin/*=ROLE_Admin,ROLE_SuperAdmin
/admin/**=ROLE_Admin,ROLE_SuperAdmin
/secure.jsp=ROLE_Admin,ROLE_SuperAdmin
/**=ROLE_ANONYMOUS,ROLE_Admin,ROLE_SuperAdmin
Your AuthenticationDao would deal with returning a UserDetails with
GrantedAuthority[]s that contain ROLE_SuperAdmin, and/or ROLE_Admin, for a
given username.
I have really just gone over what Ray mentioned and is discussed on the forums.
If you need further clarification, would you please give some more detail on
your question/concern.
Thanks
Ben
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
