|
Hi Wouter,
I'm using Channel Processing Filter to protect
the pages which requires user authentication (instead of commonly used HTTP
Request Security Filter), because of the different approch used by Tapestry to
access its pages. This Channel Processing Filter is commonly used for
restricting a particular transport protocol (HTTP / HTTPS), so this fact maybe
confused you, so you think I'm using HTTPS in HISPACTA example, but I
don't.
I have created a custom ChannelProcessor
(hispacta.util.AuthenticationChannelProcessor) which requires a user to be authenticated for URL patterns where
REQUIRES_AUTHENTICATION attribute used, in this case the request is redirected
to authenticationEntryPoint. When FREE_ACCESS attribute is used no redirect
happens.
I have commented the appropriate part of
applicationContext.xml to help you understand how it works:
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION
CHANNEL SECURITY ~~~~~~~~~~~~~~~~~~ -->
<!--
It is used instead of the Acegi HTTP Request Security Filter for distinguishing between pages with
free access
and pages for authenticated users only, because with Tapestry we cannot simply put
protected pages into a different
subdirectory.
Note: There is appropriate section in web.xml enabling this filter.
IMPORTANT NOTICE: This filter is placed after the Acegin Auto Integration Filter, because it is
checking for the existence
of valid Authentication object in the ContextHolder when
REQUIRES_AUTHENTICATION attribute used for
URL pattern. When you want to use the HTTP/HTTPS protection
functionality define another instance of ChannelProcessingFilter and place it in front of all other
Acegi filters.
-->
<!--
ChannelProcessingFilter using above channelDecisionManager and defining page patterns and attributes.
-->
<bean id="authenticationChannelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
<property name="filterInvocationDefinitionSource">
<value>
\A/app.*page/Login\Z=FREE_ACCESS
\A/app.*page/Home\Z=FREE_ACCESS
\A/app.*LanguageSwitch.*\Z=FREE_ACCESS
\A/app.*\Z=REQUIRES_AUTHENTICATION
</value>
</property>
</bean>
<!--
When page which REQUIRES_AUTHENTICATION is accessed and no user is logged in it will be redirected to
the page specified here (loginFormUrl property)
-->
<bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl"><value>/app?service=page/Login</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
<!--
Custom AuthenticationChannelProcessor which allows access to any pages fitting into patterns with attribute
FREE_ACCESS, but requires user to be authenticated when comes to pattern with attribute REQUIRES_AUTHENTICATION.
-->
<bean id="authenticationChannelProcessor" class="hispacta.util.AuthenticationChannelProcessor">
<property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>
</bean>
<!--
Channel decision
manager which is using only the above authenticationChannelProcessor.
-->
<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="authenticationChannelProcessor"/>
</list>
</property>
</bean>
Hope this helps,
Karel
|
- [Acegisecurity-developer] Re: tapestry + acegi Karel Miarka
- [Acegisecurity-developer] Re: tapestry + acegi Karel Miarka
- [Acegisecurity-developer] Re: tapestry + acegi Karel Miarka
