[Acegisecurity-developer] Anonymous Authentication: getRemoteUser should return null?

Wed, 09 Mar 2005 21:27:00 -0800

I've recently upgraded AppFuse from a snapshot of 0.7.0 to 0.8.0 and now I'm using the anonymous authentication stuff. While it seems to work well, I tend to use request.getRemoteUser() as an indicator that a user has logged in successfully. For this reason, and to be more in-line with container-managed authentication, I think it's a good idea to change ContextHolderAwareRequestWrapper.java to return null for anonymous users. Below is a patch to make this happen - I can also send the file if necessary.

Matt

Index: 
core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java
===================================================================
RCS file: 
/cvsroot/acegisecurity/acegisecurity/core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java,v
retrieving revision 1.1
diff -u -r1.1 ContextHolderAwareRequestWrapper.java
--- 
core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java
       21 Feb 2005 06:48:25 -0000      1.1
+++ 
core/src/main/java/net/sf/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java
       10 Mar 2005 04:53:33 -0000
@@ -16,6 +16,8 @@
package net.sf.acegisecurity.wrapper;

import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.AuthenticationTrustResolver;
+import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.context.ContextHolder;
@@ -39,6 +41,10 @@
 * @version $Id: ContextHolderAwareRequestWrapper.java,v 1.1 2005/02/21 
06:48:25 benalex Exp $
 */
public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper 
{
+    //~ Instance fields 
========================================================
+
+    private AuthenticationTrustResolver authenticationTrustResolver = new 
AuthenticationTrustResolverImpl();
+
    //~ Constructors ===========================================================

    public ContextHolderAwareRequestWrapper(HttpServletRequest request) {
@@ -109,8 +115,12 @@
    private Authentication getAuthentication() {
        if ((ContextHolder.getContext() != null)
            && ContextHolder.getContext() instanceof SecureContext) {
-            return ((SecureContext) ContextHolder.getContext())
-            .getAuthentication();
+            Authentication auth = ((SecureContext) ContextHolder.getContext())
+                                      .getAuthentication();
+            // only return authentication for non-anonymous users
+            if (!authenticationTrustResolver.isAnonymous(auth)) {
+                return auth;
+            }
        }

        return null;




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to