I've recently upgraded AppFuse from a snapshot of 0.7.0 to 0.8.0 and now
I'm using the anonymous authentication stuff. While it seems to work
well, I tend to use request.getRemoteUser() as an indicator that a user
has logged in successfully. For this reason, and to be more in-line
with container-managed authentication, I think it's a good idea to
change ContextHolderAwareRequestWrapper.java to return null for
anonymous users. Below is a patch to make this happen - I can also send
the file if necessary.
Matt
Index:
core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java
===================================================================
RCS file:
/cvsroot/acegisecurity/acegisecurity/core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java,v
retrieving revision 1.1
diff -u -r1.1 ContextHolderAwareRequestWrapper.java
---
core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java
21 Feb 2005 06:48:25 -0000 1.1
+++
core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java
10 Mar 2005 04:53:33 -0000
@@ -16,6 +16,8 @@
package net.sf.acegisecurity.wrapper;
import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.AuthenticationTrustResolver;
+import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.context.ContextHolder;
@@ -39,6 +41,10 @@
* @version $Id: ContextHolderAwareRequestWrapper.java,v 1.1 2005/02/21
06:48:25 benalex Exp $
*/
public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper
{
+ //~ Instance fields
========================================================
+
+ private AuthenticationTrustResolver authenticationTrustResolver = new
AuthenticationTrustResolverImpl();
+
//~ Constructors ===========================================================
public ContextHolderAwareRequestWrapper(HttpServletRequest request) {
@@ -109,8 +115,12 @@
private Authentication getAuthentication() {
if ((ContextHolder.getContext() != null)
&& ContextHolder.getContext() instanceof SecureContext) {
- return ((SecureContext) ContextHolder.getContext())
- .getAuthentication();
+ Authentication auth = ((SecureContext) ContextHolder.getContext())
+ .getAuthentication();
+ // only return authentication for non-anonymous users
+ if (!authenticationTrustResolver.isAnonymous(auth)) {
+ return auth;
+ }
}
return null;
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer