Re: [Acegisecurity-developer] Anonymous principal support now in CVS

[Matt Raible]

Is "ROLE_ANONYMOUS" a special key so that you don't have to add it to 
your user data store?  If it has to be added, do all registered users 
have to have have this role assigned to them?  I'm sure it works how 
I'd expect it to work, just want to clarify. It would be nice if this 
was possible:

     <property name="objectDefinitionSource">
        <value>
               CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
               PATTERN_TYPE_APACHE_ANT
               /*.jsp=ROLE_ANONYMOUS
               /*.html*=ROLE_USER
        </value>
     </property>
Where anyone could browse *.jsp - whether they're logged in or not.  
And ROLE_ANONYMOUS doesn't have to exist in my "authorities" table.

Thanks,
Matt
On Feb 22, 2005, at 11:15 PM, Ben Alex wrote:
There are unit tests and a section in the reference guide as usual.
The new feature enables the ContextHolder to be populated with an 
AnonymousAuthenticationToken each time. This enables all web URIs to 
be protected, such as follows:

<bean id="filterInvocationInterceptor" 
class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
     <property name="authenticationManager"><ref 
bean="authenticationManager"/></property>
     <property name="accessDecisionManager"><ref 
local="httpRequestAccessDecisionManager"/></property>
     <property name="objectDefinitionSource">
        <value>
               CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
               PATTERN_TYPE_APACHE_ANT
               /index.jsp=ROLE_ANONYMOUS,ROLE_USER
               /hello.htm=ROLE_ANONYMOUS,ROLE_USER
               /logoff.jsp=ROLE_ANONYMOUS,ROLE_USER
               /acegilogin.jsp=ROLE_ANONYMOUS,ROLE_USER
               /**=ROLE_USER
        </value>
     </property>
  </bean>

I believe this is more comprehensive than the workarounds that people 
had been using to date. There's also a new AuthenticationTrustResolver 
(and implementation) that contains a boolean 
isAnonymous(Authentication) method - in case your voters etc wish to 
take into account if a request is anonymous or from a real principal.

Comments welcome.
Best regards
Ben
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real 
users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer