struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian.Priest" <>
Subject Acegi with shale and clay
Date Mon, 24 Apr 2006 11:28:13 GMT
I'm using Shale/Clay to create an application. I'd like to protect the
app with acegi's URL protection but I don't see a way to integrate with
the response rendering.
Here's an example: (all pages are rendered via Clay full html). I have
the structure
the secure pages should only be accessable by those who have logged on
using logon.html. The secure/.. Pages are defined as a dialog called
In welcome.html i have an actionlink whose action is dialog:Secure
I configure acegi to protect urls as follows:

<bean id="filterInvocationInterceptor"
	<property name="authenticationManager">
		<ref bean="authenticationManager" />
	<property name="accessDecisionManager">
		<ref local="httpRequestAccessDecisionManager" />
	<property name="objectDefinitionSource">
	<property name="observeOncePerRequest" value="false"/>

If I now hit my application at welcome.html I'm assigned role ANONYMOUS
and all is well. However, if I click on the link to the "secure" dialog
acegi doesn't redirect me to logon.html. The request generated when I
click on the actionlink appears to be a request for /welcome.html which
acegi says it's ok to access anonymously. Shale's dialog manager then
works out that the action is dialog:Secure and causes page1 of that
dialog to render, apparently without doing either a forward or a rediect
to /secure/page1.html. (In web.xml I have the mapping to acegi as
		<filter-name>Acegi Filter Chain Proxy</filter-name>
So forwards should also fire the filter).
That means acegi never has a chance to intercept the request. (Once I'm
in the dialog on page1.html, if I click on the next button I am
redirected to the logon.html page - acegi correctly intercepts the
/secure/page1.html request that is made).

How can I intercept Shale's page building and view rendering mechanisms
to ensure that my site's urls are secured correctly?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message