Re: [Acegisecurity-developer] Providing a custom SecureContext

[Ben Alex]

Andy Depue wrote:
I'm using Spring + Acegi and I would like to use a custom SecureContext in my 
web app (basically, it would extend SecureContextImpl and provide additional 
context for my app).  Unfortunately, it appears that 
AbstractIntegrationFilter has a hardcoded instantiation of SecureContextImpl:
           if ((ContextHolder.getContext() == null)
               || !(ContextHolder.getContext() instanceof SecureContext)) {
               secureContext = new SecureContextImpl();
           } else {
               secureContext = (SecureContext) ContextHolder.getContext();
           }

This would require me to implement my own doFilter(...) method (probably 
extending AbstractIntegrationFilter).  I would really like to avoid this.  Am 
I going about this wrong, or is there really no easy way for me to supply my 
own custom SecurityContext when using Acegi's filters?

Thanks,
 Andy
 

Hi Andy
I just checked into CVS a change to AbstractIntegrationFilter that 
enables you to specify a secureContext class in the application context 
(defaults to SecureContextImpl). The class specified will be used if the 
ContextHolder is empty or contains an invalid context.

To use this change you'll need to edit your web.xml and remove the 
AutoIntegrationFilter and instead use the HttpSessionIntegrationFilter 
via the FilterToBeanProxy (this might sound a little involved, but it's 
the same approach as used by all of the other Acegi Security filters). 
For the HttpSessionIntegrationFilter bean in your application context, 
define your custom SecureContext implementation using the 
HttpSessionIntegrationFilter.secureContext property.

Please let me know if this change meets your needs.
HTH
Ben

-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer