|
Hi, I am using Acegi's
filterSecurityInterceptor together with the
net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl implementation. In my
project however I need to implement a servlet that enables the create a
session so that afterwards the Acegi filter considers the request as coming
from a user that logs in. Although this could be off course considered as a
security flaw, I need it to implement SAML Post Profile (and I cannot use
existing SSO solutions for that) which means that the assertionconsumer servlet
can examine the request and grant access conform to the Acegi Filter (creating
the session, setting the username and password according to the Acegi filter
proceedings). Has anybody an idea how this could be accomplished? Filip Van Gool |
