Stefan D Sookraj wrote:
All,
I am trying to integrate Spring /Acegi into a critical application. Our company has common web authentication mechnism that we need to use for authentication. It basically set the REMOTE_USER variable in the http request. I can use request.getRemoteUser or request.getUserPrincipal() to retrive the userid from a controller. How can I use this id to then integrate with Acegi authorization capabilities. Since authentication is already taken care of by the company's authentication mechanism, I just need to get the authorization info from acegi. Any help or pointer where to begin is much appreciated. Thank you.
Hi Stefan
You'd need to write two things:
1. A filter which is always executed and queries the REMOTE_USER. It will create an Authentication request object. It will then pass through to an AuthenticationManager. Upon successful authentication, it will place it in the ContextHolder. This approach is very similar to CasProcessingFilter, BasicProcessingFilter etc (except yours is much easier as you simply rely on REMOTE_USER).
2. An AuthenticationProvider similar to CasAuthenticationProvider. It will take the "request" Authentication object (which has a username in it, as created by the first class above) and will query a backend repository to determine the GrantedAuthority[]s that apply (for CAS people usually use DaoCasAuthoritiesPopulator). From there it will create a "success" Authentication object and return it to the caller. The eventual caller, as mentioned above, will place it on the ContextHolder.
There's no reason you need two separate classes. The filter could do both steps. It's just if you wanted to copy existing patterns, you'd do it using two classes.
You'd probably use AuthenticationProcessingFilterEntryPoint against your SecurityEnforcementFilter, so it can redirect to some sort of page which explains they have not completed the proper corporate login sequence. Or you can write your own AuthenticationEntryPoint implementation if you would like other behaviour.
What you're trying to do it pretty easy. I take it there is some good security infrastructure in place to ensure REMOTE_USER is correctly set! :-)
HTH Ben
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
