The Acegi Security System for Spring has a filter based mechanism for wrapping an HttpServletRequest such that it will return Acegi information for the isUserInRole() method of the request.
if interested see: http://acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/wrapper/SecurityContextHolderAwareRequestFilter.html i've applied this filter with the intention of visibleOnUserRole working against the Acegi authorization information. but it didn't work and after some research i've found that the typical jsp and faces internals obtain a handle to the request object in different ways such that faces doesn't see the request as wrapped by the filter. the following jsp: --------------begin jsp---------------- <%@ page import="javax.faces.context.FacesContext"%> <% out.println("jsp request class = [" + request.getClass().getName() + "]<br>"); out.println("faces request class = [" + FacesContext.getCurrentInstance().getExternalContext().getRequest().getClass().getName() + "]"); %> --------------end jsp---------------- returns the following output (when running against tomcat): --------------begin out---------------- jsp request class = [org.acegisecurity.wrapper.SavedRequestAwareWrapper] faces request class = [org.apache.catalina.connector.RequestFacade] --------------end out---------------- so my general questions are... (a) anyone have any insight as to why this might be the case? (b) anyone have any workaround suggestions? (c) is this behavior in accordance with the spec? thanks, tony -- View this message in context: http://www.nabble.com/Acegi-filter-wrapped-request-not-seen-by-visibleOnUserRole...%21--t1815172.html#a4947993 Sent from the MyFaces - Users forum at Nabble.com.
