Hello, In our company the IT security policy is to place all applications behind IBM WebSeal. The applications themselves need to be based on J2EE security as provided by IBM WebSphere. The use of Acegi Security is somewhat limited in such an environment, as authentication and parts of authorization are already taken care of.
However, we would still like to re-use Acegi functionality for things like more flexible web resource authorizations, Spring bean authorizations, ACL support and Acegi JSP tags. Therefore we would like to make the J2EE user name and roles available through Acegi Authentication and GrantedAuthority objects. I've implemented a generic pre-authenticated Acegi authentication provider (and corresponding servlet filters and such), together with J2EE-specific extensions. The generic provider can also be used for other purposes, for example the already available X509 provider could be easily rewritten as an extension to the pre-authenticated authentication provider. Any chance that this functionality will be added to the next version of Acegi (by myself if given access to the Acegi source repository, or by somebody else)? Any comments on the code as it is now? I've created a JIRA issue for this with source code attached: http://opensource.atlassian.com/projects/spring/browse/SEC-576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel With kind regards, Ruud Senden. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer