Tim Waldner wrote:
Hello,
this is related to the setup of net.sf.acegisecurity.securechannel.ChannelProcessingFilter in the application context.
I have a number if URIs that require secure channel, some that can be any channel, and everything else should be insceure channel. Here is example:
<property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /action1.do*=REQUIRES_SECURE_CHANNEL ... /*.css=ANY_CHANNEL /*.gif=ANY_CHANNEL /*=REQUIRES_INSECURE_CHANNEL </value> </property>
ANY_CHANNEL is not supported by Acegi default channel decision managers. What I would like to express in the rule setup above is that *.css and *.gif should not be redirected, i.e. it does not matter which channel the request came through, the filter should just let it pass.
Without such mechanism, there is not way to have an "everything else REQUIRES_INSECURE_CHANNEL" rule (or the other way round).
I could introduce my own IgnoreChannelProcessor, but seems a workaround as what I really want is for the given URL to not have any processing.
Hi Tim
The normal way is to specify in your ChannelProcessingFilter only the URLs that you want to be inspected. So you'd just leave out the *.css and *.gif entries. However, as you mentioned, this would prevent you from having a declaration for * against secure or insecure channel.
The easiest approach is to write an AllowAnyChannelProcessor as you suggested. It would return true to the supports(ConfigAttribute) method for ANY_CHANNEL. Its decide method would basically be empty, as it never needs to throw to a ChannelEntryPoint. This shouldn't be considered a workaround, as it's complying with the ChannelProcessor interface contract as intended.
HTH Ben
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
