As what I am trying to do is pretty specific let me briefly outline the use case.
We have a CMS framework that can be embedded in a web application to manage the content for that web application. The CMS uses ACEGI to manage user authentication/authorization through both form (user with web browser) and BASIC auth (user via remote client/webdav).
We would like to also use ACEGI to manage security for the non-CMS web application features - e.g. I log in as a customer of Foo Corp to see my account details.
The use case I want to support is:
1. I log in as a CMS admin and make a change to the Member News page
2. I view the webapp homepage as a non-logged in user
3. I log in as Joe Member to check my change on the Member News page
4. I go back to the CMS to tweak my change
In the webapp, /cms/* contains all CMS features and requires login as a CMS user. All other URL prefixes require no login or require login as a site user (not CMS user).
I've investigated doing this with ACEGI (0.8.2) and it appears that this is not possible without at least customizing HttpSessionContextIntegrationFilter to allow storing the SecureContext in a different place for the CMS and site.
It seems that this would work since user requests would be either to URLs that deal with the CMS secure context (/cms/*) or the site's. Since each request is a separate thread, the SecureContext stored in ContextHolder and used throughout the application would be either the CMS SecureContext or the site's depending on what the user was doing.
Our application would end up with 2 ACEGI configurations - one for the CMS and the other for the site.
Any obvious gotchas to this approach?
Any recommendations for alternate approaches?
This would mean making a lot of changes to HttpSessionContextIntegrationFilter.doFilter() simply to make the value configurable for the session key under which the SecureContext is stored. Is this a change that ACEGI could use as a feature? I'd be happy to contribute it back though it's obviously not a tough one for the developers to support themselves.