Re: Acegi Security Question for Matt Raible

Mon, 11 Sep 2006 20:37:44 -0700 

On 9/11/06, Elias Torres <[EMAIL PROTECTED]> wrote:

Matt,

This is ALMOST exactly what I was looking for, except it made me realize
something: auto-provisioning needs to be done inside the Acegi plugins
and not in RollerSession because the Acegi filter is the first to
execute and it's not getting the initial admin/editor role is looking
for to allow a user to proceed with an authenticated action.

Any suggestions? Is it safe to access the UserManager inside an Acegi
plugin? Is there a pre-filter we can configure? I'm just thinking outloud.


I can't answer these questions, but you could probably do some
filter-reordering (and possibly create a new one) to make this
possible.  You might also take a look at what Acegi has for SSO
solutions - maybe there's some re-usable ideas there.

Matt



-Elias

Matt Raible wrote:
> On 9/11/06, Elias Torres <[EMAIL PROTECTED]> wrote:
>> Matt,
>>
>> I think you probably missed this question since it was bundled up in
>> another email with a non-obvious subject, but I think this one should be
>> clear :)
>>
>> -Elias
>>
>> Elias Torres wrote:
>> [snip]
>> > Matt,
>> >
>> > I have one thing left to fix. In auto-provision mode, if a user has
>> > authenticated via SSO (LDAP), the only role they have is "register", so
>> > they can access the New Registration page. So, in RollerSession is
>> > UserData is null, I call AutoProvisionHelper to try to register the
>> > user. It works great, except that Acegi Security still believes the
>> > Authentication only has roles "register" and not "editor,[admin]". I
>> see
>> > in SecurityContextHolder you can set Authentication, but I'm not sure
>> > how to proceed. Any suggestions?
>
> Here's an example of how to set authentication programmatically:
>
>        // log user in automatically
>        Authentication auth = new
> UsernamePasswordAuthenticationToken(user.getUsername(),
> user.getConfirmPassword());
>        try {
>            ApplicationContext ctx =
>
> 
WebApplicationContextUtils.getWebApplicationContext(request.getSession().getServletContext());
>
>            if (ctx != null) {
>                ProviderManager authenticationManager =
> (ProviderManager) ctx.getBean("authenticationManager");
>
> 
SecurityContextHolder.getContext().setAuthentication(authenticationManager.doAuthentication(auth));
>
>            }
>        } catch (NoSuchBeanDefinitionException n) {
>            // ignore, should only happen when testing
>        }
>
> Hope this helps,
>
> Matt
>
>> >
>> > -Elias
>> >
>>
>>
>

Reply via email to