My question was already asked by another user:
http://forum.springframework.org/showthread.php?t=34626 (Item #1). I'll
re-state that question.
Using Acegi Security version 1.0.6 and the DigestProcessingFilter, how
does the Authentication instance stored in the SecurityContextHolder get
populated with granted authorities? DigestProcessingFilter uses the
constructor for UsernamePasswordAuthenticationToken that doesn't take
granted authorities as a parameter. And DigestProcessingFilter doesn't
delegate to an AuthenticationManager like BasicProcessingFilter.
The very first line in my filter chain is:
/webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionContextIntegrationFilter,digestProcessingFilter,anonymousProcessingFilter,pentahoSecurityStartupFilter,exceptionTranslationFilterForWS,filterInvocationInterceptor
Here is some background info on the filters above. The
securityContextHolderAwareRequestFilterForWS is configured with
SecurityContextHolderAwareRequestWrapper as the wrapperClass. This
filter is a pre-requisite for the pentahoSecurityStartupFilter.
Finally, exceptionTranslationFilterForWS has a
DigestProcessingFilterEntryPoint as its entry point.
Any help would be appreciated.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
