Hi, All I overrided the method applyAnonymousForThisRequest() to return false if remoteIpAddress is not in a configured range. This way , I can limit anonymous authentication to certain IP subnets, per JIRA
http://opensource2.atlassian.com/pro.../browse/SEC-79 But after I did that, when I tried to acccess my web app from an non authorized ip, my web app will keep on redirect to the acegilogin.jsp page untill web browser detect the loop. My config is like following: <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref bean="authenticationManager"/></property> <property name="accessDecisionManager"> <ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /index.jsp=ROLE_ANONYMOUS,ROLE_USER /hello.htm=ROLE_ANONYMOUS,ROLE_USER /logoff.jsp=ROLE_ANONYMOUS,ROLE_USER /acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER /**=ROLE_USER </value> </property> </bean> Obiviously, when applyAnonymousForThisRequest returns false. SecurityContextHolder will not populate with anonymous token and it will forward to the acegilogin.jsp again and again. Just wodering has anybody tried use the method? There is a link in the jira http://forum.springframework.org/viewtopic.php?p=19766 it's not valid anymore, I think after the forum were upgraded, many old links do not work anymore. Any pointers are greatly appreciated. Hongbo __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer