I have a couple of fundamental questions. 1. it looks like the Adapter for the specific container e.g. net.sf.acegisecurity.adapters.catalina.CatalinaAcegiUserRealm will use whatever provider is setup in Acegi. And the main purpose of this is:
that applications can continue to leverage the authentication and authorization capabilities built into containers (such as isUserInRole() and form-based or basic authentication Since this can be done with the AuthorizeTag, is there are reason that we'd need this? 2. If authentication is handled by a third party filter w/ values that are sent on the header, can a "Header" AuthenticateProvider be created that gets an authenticated userid/username and an AuthorizationProvider that similarly pulls group/role values from the head and creates the corresponding "authorities". 3. If a transaction proxy is being used in our code and we use the MethodInvokingProxy, can the Class.MethodName=role syntax be Interface.MethodName=role instead. Thanks for you patience. - Brian ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer