Re: Acegi Security and Site Minder

Marty — Sat, 12 May 2007 00:10:02 GMT

/**
 * @author Marty Milligan
 *
 * This class is used to get around limitation in the default Acegi implementation. 
 * 
 */
package com.milligansisland.open.security.acegi;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.acegisecurity.Authentication;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;

/**
 * 
 * Extend the existing SiteminderAuthenticationProcessingFilter to simply check that the user has been authenticated
 * and not care about the URL that is being accessed.  This filter must be configured to only process secured resources.
 * 
 */
public class SiteminderAuthenticationProcessingFilter extends org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter {

	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) { 
		boolean bAuthenticated = false; // define return value
		SecurityContext context = (SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);

		if (context != null) {//if there is a security context
		   Authentication auth = context.getAuthentication();              
		   if (auth != null && auth instanceof UsernamePasswordAuthenticationToken) { //check for an authentication token
				   UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken)auth;                  
				   bAuthenticated = token.isAuthenticated(); //make sure it is authenticated
		   } 
		} 
		return !bAuthenticated; //return true if user needs to be authenticated
	} 

}

Re: Acegi Security and Site Minder

Anonymous — Fri, 04 May 2007 16:49:24 GMT

Is it possible for you to paste the code for the filter?

Byte Slinger - Responses

Re: Acegi Security and Site Minder

Re: Acegi Security and Site Minder