As I originally mentioned, in one particular case we created a special user just for our background task (because it made sense in this particular context). So, assuming you have already created a user in your system for the background task, I can share the code we use to "log in" as a user. Note, that this code works with Acegi v. 0.8.2, and I'm not sure if it has changed for later versions. First, you are going to need an AuthenticationManager, which is usually setup in your Spring configuration. In our security facade, we keep a reference to the AuthenticationManager:
----- ... private AuthenticationManager authenticationManager; ... public AuthenticationManager getAuthenticationManager() { return this.authenticationManager; } public void setAuthenticationManager(final AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } ----- We then use Spring to inject a reference of the AuthenticationManager into our security facade bean. We then have an "authenticateUser" method that goes something like this: ----- public void authenticateUser(final String principal, final String credentials) { final UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(principal, credentials); final Authentication result = getAuthenticationManager().authenticate(request); // Setup a secure ContextHolder (if required) if(ContextHolder.getContext() == null || !(ContextHolder.getContext() instanceof SecureContext)) { try { ContextHolder.setContext(new SecureContextImpl()); } catch(Exception e) { throw new RuntimeException(e); } } // Commit the successful Authentication object to the secure // ContextHolder final SecureContext sc = (SecureContext) ContextHolder.getContext(); sc.setAuthentication(result); ContextHolder.setContext(sc); } ----- We then have a matching "unauthenticateUser()" method: ----- public void unauthenticateUser() { // Make the Authentication object null if a SecureContext exists if(ContextHolder.getContext() != null && ContextHolder.getContext() instanceof SecureContext) { SecureContext sc = (SecureContext) ContextHolder.getContext(); sc.setAuthentication(null); ContextHolder.setContext(sc); } } ----- Note that we wrote this code way back when Acegi will still young, so it might be the case that Acegi now has utility methods somewhere that do this for you. I haven't looked recently, so maybe someone can comment. We also wrote some support interfaces to allow subsystems to authenticate themselves in a safer manner, but it is a lot of code. So, for now, I will show you what it all basically boils down to. In your background process, you would do something like this: ----- securityFacade.authenticateUser(subsystemUserName, subsystemCredentials); try { // Background process code goes here ... } finally { securityFacade.unauthenticateUser(); } ----- - Andy On Monday 20 June 2005 09:26 am, Marco Mistroni wrote: > Hello, > few time ago Mr Andy Depue reply tomy message on how to use > acegi in a situation where the user does not log in, (for example in > the case in which a background process - cron like - periodically > executes. > In this situation, how will i create a contextHoldert to associate it > with the call? > how will i create a 'default user' (from javacode) so that i can > safely call my code and being authorized by acegi? > > any help? > > thanx in advance and regards > marco ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer