Hongbo HE wrote:
My config is like following:
The configuration is incorrect. In your case you will require not one
but two AnonymousProcessingFilters. The first will be the standard
AnonymousProcessingFilter which will always setup the
SecurityContextHolder with ROLE_ANONYMOUS. The second will be your
subclasses AnonymousProcessingFilter which applies IP-specific anonymous
authentication and has its UserAttribute property set to contain a
different GrantedAuthority (such as ROLE_PRIVATE_SUBNET_ANONYMOUS as
well as ROLE_ANONYMOUS). You must ensure the subclassed
AnonymousProcessingFilter appears before the fallback
AnonymousProcessingFilter in your FilterChainProxy. You can then use
ROLE_ANONYMOUS for the login page, and ROLE_PRIVATE_SUBNET_ANONYMOUS
when only an anonymous user from your restricted subnet is allowed.
Cheers
Ben
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer