[EMAIL PROTECTED] wrote: > Hi All, > In the Docbook, at the end of Chapter 9: "Siteminder > Authentication Mechanism," someone added a TODO suggesting that a > dedicated AuthenticationProvider be created instead of users having to > modify their DaoAuthenticationProvider. They don't actually, but it > does make sense to have a dedicated provider to keep things clean, and > I'll go ahead and write this for 1.1.0. > I'm unclear about the additional line though, "Also review the > mixed use of SiteminderAuthenticationProcessingFilter, as it's > inconsistent with the rest of Acegi Security's authentication > mechanisms which are high cohesion." Could the person who added this > Docbook TODO help me understand what is being suggested? > Thanks, > Scott > Hi Scott
I added the comment to the reference guide, after reading the following in the Siteminder section of the Reference Guide: "Normally a |DaoAuthenticationProvider| expects the password property to match what it retrieves from the |UserDetailsSource|. In this case, authentication has already been handled by Siteminder and you've specified the same HTTP header for both username and password. As such, you must modify the code of |DaoAuthenticationProvider| to simply make sure the username and password values match." If we don't need users to modify DaoAuthenticationProvider, we should modify the Reference Guide accordingly. The second sentence of my comment really just reflected taking a closer look at the design, primarily because of the DaoAuthenticationProvider handling. Thanks for volunteering to look at this for 1.1.0 BTW. Cheers Ben ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
