Hi Jin I think there are already plugin points for each of these steps.
Jin Peng wrote: > > 1. Retrieve SSO token from HTTP request (usually SSO cookie) Authentication mechanism (usually a filter). > 2. Validate SSO token > 3. Recreate authentication context from a valid SSO token. Authentication provider and generally an Authentication object to pass between the authentication mechanism and authentication provider. > 4. Terminate a SSO token (global sign off) Logout handler. A couple of weeks ago I wrote the above at a client site and it took about twenty minutes (including unit tests). It could be simplified further by having an Authentication object contain a field to denote the source authentication mechanism class, and a general AuthenticationProvider which automatically accepts such objects (the authentication mechanism would still need to be written, but you could include an abstract method that contains the HttpServletRequest parameter and returns an Authentication object). Cheers Ben ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer