Hi,
2 days ago I have pointed out a problem with
accessing a Login page which is located in the same directory as the other pages
which should all be protected.
And a question has arised today:
Why I cannot create my own voters based on
just the ConfigAttributeDefinition or for example IP address from which the
request comes? I think that authorized user is needed only for
RoleVoter.
Then I could do something like
this:
<bean id="roleVoter"
class="net.sf.acegisecurity.vote.RoleVoter"/>
<bean id="freeAccessVoter"
class="xyz.FreeAccessVoter"/><!-- Grants access when FREE_ACCESS config
attribute present -->
<bean
id="httpRequestAccessDecisionManager"
class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> <ref
bean="freeAccessVoter"/>
</list> </property> </bean> <bean
id="filterInvocationInterceptor"
class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property> <property name="runAsManager"><ref bean="runAsManager"/></property> <property name="objectDefinitionSource"> <value> \A/app.*Login\Z=FREE_ACCESS
\A/app.*\Z=ROLE_USER </value>
</property> </bean> Maybe it conflicts with the overall Acegi
Security philosophy, but I think it could be very usefull,
Karel
|