Within Acegi is there a way to protect a URL in a way that requires
authentication but doesn't require a specific role to access? I have
an application which requires users to login and then access different
things depending on their role. One section of the application,
Manage Account, I would
One option is to always grant users a role like ROLE_AUTHENTICATED
when they log in. Then you protect those areas with that
ROLE_AUTHENTICATED role. This role wouldn't exist in your user
maintenance screens and what not.
For instance, if you're using the DaoAuthenticationProvider and
JdbcDaoImpl;
Would something like this help?
http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/vote/AuthenticatedVoter.html
-Scott
Ray Krueger wrote:
One option is to always grant users a role like ROLE_AUTHENTICATED
when they log in. Then you protect those areas with that
Good call Scott, I didn't even realize we had such a thing :)
On 6/13/06, Scott Battaglia [EMAIL PROTECTED] wrote:
Would something like this help?
http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/vote/AuthenticatedVoter.html
-Scott
Ray Krueger wrote:
One