Hi Ben,
I didn't have any issues with adding a protected
createSuccessAuthentication method for subclasses of
DaoAuthenticationProvider. I also think it would be
easier for future maintainer's of my code to
understand the subclass rather than the interceptor.
With the interceptor I was just investigating
alternatives if for some reason you couldn't make that
change (and I was also investigating Spring's AOP
support).
So if you wouldn't mind making that change I would
appreciate it.
Thanks again,
Scott
------------
Ben Alex <[EMAIL PROTECTED]> wrote:
Thanks for sending me your code off-list. It's an
interesting approach.
I can't see any issues with relying on the getters for
AuthenticationDao
and UserCache from the DaoAuthenticationProvider. They
shouldn't need to
be removed unless there is a major refactoring, in
which case your
interceptor would probably need changes anyway.
I can see why you had problems with solely overriding
isPasswordCorrect(Authentication, User), as the
returned Authentication
object would be missing your extra ZIP code
credential. I am wondering
why a createSuccessAuthentication(Object principal,
User user) wouldn't
work. Overriding it would allow extra
credentials-related properties to
be set, whilst the DaoAuthenticationProvider version
of the method would
use the password. Did you come across some issue
preventing this from
working cleanly?
----
Cheers
Ben
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
