Since #2 would require a two step process (extraction of auth information would be separate from authentication), probably the path of least resistance at the moment would be option #1. Though, the path of least resistance does not always equal the best path. :) With option #1, the principal would already be authenticated by the time your WebDAV servlet is invoked. You would then package up the already authenticated principal in such a way that an Acegi provided JAAS LoginModule would recognize it and handle it accordingly. I have never looked into JAAS support with Acegi, so I don't know where that stands right now.
yep, i've come to these same conclusions. i'm going to prototype with option #1 (letting Acegi Security authenticate) to get a working demo and to become more familiar with acegi Security. then i'll have a better idea of what it would take to implement option #2, which i have a gut feeling would require some refactoring of Acegi Security's authentication filters and so forth.
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Acegiwebdav-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegiwebdav-developer
