Hello-
I'm starting to grock how Ki is structured and who is responsible for
what. As mentioned, I am building an app where I want any user to be
able to do anything until security is enabled then I want to check
some configured Realm for authentication etc.
The key thing I realized is that I need to limit access based on
"hasPermission" rather then "isInRole" -- this way an Authorizer could
just return 'new AllPermission()'
I have a SecurityManager configured with a ModularRealmAuthorizer to
grant all permissions:
ArrayList<Realm> realms = new ArrayList<Realm>( 1 );
realms.add( new FullAccessRealm() );
ModularRealmAuthorizer authz = new
ModularRealmAuthorizer( realms );
sm.setAuthorizer( authz );
This seems to work fine *after* the user has authenticated, but I want
this to work *before* they authenticate.
Any pointers? Does Authorization only get called when Authentication
succeeds?
Do I have to automatically authenticate with an 'anonomous' user
account and then use that for Authorization? If so, how to I
automatically authenticate (so the user *never* sees a login box).
thank again
ryan
