The last filter in the chain is the securityEnforcementFilter. That filter is configured with an EntryPoint. It is the EntryPoints responsibility to challenge the caller if they did not present credentials that one of the previous filters understands.
The BasicProcessingFilter is there to authenticate basic auth credentials IF they are presented. If not, the request is allowed to proceed; as the SecurityEnforcementFilter will have the final say. Long story short, change the entryPoint being used by the securityEnforcementFilter :) On 11/8/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi acegi users, > > maybe someone of you knows the trick.... > > What do I have to change in the "contacts" sample application in order to > enforce basic authentication only ? > > if I remove the "authenticationProcessingFilter" from the filter chain and > keep "basicProcessingFilter" only it does not have the > expected effect. > > I would expect the browser to bring up a pop-up and ask me for > username/password, but i'm still being redirected to the login page. > > What am I doing wrong ? > > Regards, > Dirk > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer