Ben Alex wrote:
I think your use case would be better suited to the anonymous authentication capability. It is especially designed for giving an unauthenticated request an Authentication, and the SecurityEnforcementFilter recognises the fact it is an anonymous Authentication and will redirect to the AuthenticationEntryPoint in the event of an AccessDeniedException (as opposed to returning a 403 / SC_FORBIDDEN).
that sounds right. i don't have any need for access control on this operation, so it looks like i can simply use anonymous authen and then have my jackrabbit access manager use an AuthenticationTrustResolver to see if the Authentication is anonymous. i think that will work. thanks!
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
