Hi everyone,
On this project I’m working on, we are using JAAS to
authenticate a token, and Acegi’s JAAS support classes allow for the
translation of the user and its principals to Acegi’s authority
objects. But in this particular case, we are not interested in the
principals that JAAS returns. We want to continue using our own method
for obtaining the authorities.
So I’ve been looking at a few possible
approaches. But none of them seem to really avoid the sense of “code
smell”, so I thought I’d ask on the list for suggestions from
people who may be more familiar with a better strategy.
- using a different
authentication provider to simply populate the authorities – it seems
to me that authentication manager will only process with one
authentication provider, and if it returns a valid token, it does not
continue down the list… so when jaas authentication provider returns
a valid token, it wont process the custom class I made. (correct me
if im wrong).
- Replace Acegi’s JaasAuthenticationProvider
with a similar one of our own that adds a method that obtains the
additional authorities and adds it in. This was the approach I started
with, and I thought perhaps I could make use of the AuthenticationDao to
obtain the authorities I needed for the user and add them in, but
apparently AuthenticationDao does not provide an easy way to simply obtain
the authorities.. but instead, need to obtain the user itself.
- With the latest code in HEAD,
AuthorityResolver can now return a set, so I could hack a custom Resolver
that ignored the returned Jaas Principal and simply provided its own, but
this seems rather inelegant, and has it’s own issues.
So, I guess I’m asking here.. is there a easier way
(that I’ve missed) to introduce my own GrantedAuthorities in the JAAS
authentication flow??
Thanks in advance!
-tim
|
- [Acegisecurity-developer] Suggested approach for authority d... Tim Kettering
-
