post replay

[bran]

I was trying to use only the web secirity part of acegi and I was able to trim off the security xml in the contacts sample quite a bit and had it running (including the HTTPS redirection etc). So far so good! Only wish that acegi could provide a facade class that would hide all the deeply nested bean wiring from users and aggregate the 4 or 5 filters into an easily configured one .

Suppose I have a page that requires a logon user. A previous page POSTs to this member only page and the request is intercepted by the security filters. Once the user is authenticated, is it possible that the filter could replay the original POST - not just the url, also the data in the POST stream - to the secured page?

I don't want to force my users to retype in the information in the posting page.

Thanks for the excellent library, which bears much similarity to Spring: it simply works!

[Ben Alex]

Thanks for your feedback,

At first glance I can't see any major problem with replaying the POST, provided we could collect all the name/value parameters and pop it into the HttpSession when the AuthenticationException is caught. At present the recommended approach is to protect the original form in a secure area - not just the controller that processes the POST. That way there is no need to handle POSTs.

In relation to the facade suggestion, we do plan on simplifying configuration prior to the 1.0.0 release. The facade approach is a good one, as a common problem many people encounter is the incorrect ordering of the Acegi Security filters.