Tom Schneider wrote:
With Acegi, are you using an interceptor or is there a different way to enforce security?
Acegi sets up it's own Servlet Filter to monitor incoming url requests. This filter is typically the first in the filter chain, Acegi gets a shot at processing the url before anything else.
More specifically, Acegi typically sets up and entire chain of filters that do various things for you (like automatically logging in unauthenticated guests as "anonymous", etc.).
You typically configure the behavior of each component in that chain in Springs application context.
So, no, you're Acegi is not using an interceptor. It's using a filter. That let's Acegi do security checks/blocks *before* anything like struts even has a chance to process something like a foo.action call.
I wouldn't mind seeing an example of this if there's one that you can point to.
Just google for acegi and head to their site. Checkout the "getting started" stuff.
IMO, this would fit into Struts 2 authentication best practices and a little page describing the general setup wouldn't be a bad idea.
Agreed. My personal opinion is that *the* best practice for authentication in java webapps at the moment is Acegi.
There are things Acegi doesn't cover with the default packages (NTLM single-sign-on support comes to mind) but, man, if you've got anything like "typical" java webapp auth needs, Acegi is great.
- Gary --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
