[EMAIL PROTECTED] wrote:
I have a couple of fundamental questions.
1. it looks like the Adapter for the specific container e.g. net.sf.acegisecurity.adapters.catalina.CatalinaAcegiUserRealm will use whatever provider is setup in Acegi. And the main purpose of this is:
that applications can continue to leverage the authentication and authorization capabilities built into containers (such as isUserInRole() and form-based or basic authentication
Since this can be done with the AuthorizeTag, is there are reason that we'd need this?
2. If authentication is handled by a third party filter w/ values that are sent on the header, can a "Header" AuthenticateProvider be created that gets an authenticated userid/username and an AuthorizationProvider that similarly pulls group/role values from the head and creates the corresponding "authorities".
3. If a transaction proxy is being used in our code and we use the MethodInvokingProxy, can the Class.MethodName=role syntax be Interface.MethodName=role instead.
Thanks for you patience.
Hi Brian
We don't recommend using container adapters, as they require complex classloader configuration in your web container. They also require you to configure your web container's particular security realm. All-in-all, a non-portable solution that is likely to introduce classloader problems as your WAR needs additional JARs for business-specific functionality.
Instead we recommend using the BASIC or form-based authentication provided directly by Acegi Security filters. This means your WAR on its own is handling its security requirements.
I'm not too sure of your other two questions. If you take a look at the way the CasAuthenticationProvider and DaoAuthenticationProvider operate, you'll see how "authentication requests" can be handled with different backend authentication repositories. The net.sf.acegisecurity.ui package contains a variety of classes that create the "authentication requests" (ie from a BASIC or form-based backend etc).
If you could clarify your questions (perhaps a bigger picture overview of what you're trying to accomplish on the security front) I'd be only too happy to provide specific pointers etc.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
