Brian Moseley wrote:
it seems like the runas facilities might be able to give me what i want. is there a way to set up acegi security so that the http request itself is not authenticated but runas is used specifically only for the repository login?
Hi Brian
Run-as replacement is more often used to change the active principal - or their GrantedAuthority[]s - so that methods can invoke remote methods that might require a different security realm. So if your SignUpManager needed to create a DNS domain, and the DnsManager was on a shared system for which the ASP was given an ASP-wide login, run-as replacement would be used so that during execution of SignUpManager the active principal could change to that of the ASP (ready for the remote invocation).
I think your use case would be better suited to the anonymous authentication capability. It is especially designed for giving an unauthenticated request an Authentication, and the SecurityEnforcementFilter recognises the fact it is an anonymous Authentication and will redirect to the AuthenticationEntryPoint in the event of an AccessDeniedException (as opposed to returning a 403 / SC_FORBIDDEN).
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
