Brian Moseley wrote:
that sounds right. i don't have any need for access control on this operation, so it looks like i can simply use anonymous authen and then have my jackrabbit access manager use an AuthenticationTrustResolver to see if the Authentication is anonymous. i think that will work. thanks!
following up on this...
i enabled both anonymous authentication and run-as for my user account signup operation (i need run-as because my jcr repository access manager requires a user account with the root role to perform this particular operation). this setup works fine, but as soon as the user has signed up for his account, he has to explicitly log in to that account.
now i'd rather the login be transparent. before the account signup response is sent, i want the operation to automatically authenticate the newly created user account and save the new authentication into the http session, so that the user's next request is immediately authenticated and he is not forced to log in.
i wrote some code that uses the authentication manager to authenticate and place the new authentication into the secure context. however, because this is all happening inside a run-as "wrapper", after the struts servlet is finished, my authentication is replaced by the original anonymous authentication. does that make sense?
here's a sort of picture:
http request comes in ->
authenticated as anonymous ->
run-as manager replaces authentication ->
my struts action creates the new user account ->
my struts action authenticates the new user account ->
my authentication is replaced by the original anonymous authen ->
anonymous authen saved into http session ->
http request goes outso my question is: can i somehow tell the security interceptor not to do this replacement? if i could somehow get access to the interceptor's status token, i could switch off the contextHolderRefreshRequired flag. i don't see any hooks in the security interceptor classes to do this tho. maybe the token could be made available as a request attribute? or am i barking up the wrong tree?
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
