Dec 8th, 2005, 10:37 AM
Programatically login PasswordAuthenticationDao, non-http
I've searched though the list for a Programatic login, like so:
Our app uses PasswordAuthenticationDao and a custom AuthenticatedUser. We want to use our same Struts-based PasswordAuthenticationDao, but with web services.
My problems are:
1) We do not wish to involve http session via the web services login. This login returns a string generated by java.util.UUID and is passed in on subsequent requests. We control the timeout.
2) We want to somehow programatically invoke our existing PasswordAuthenticationDao, get AuthenticatedUser user in SecurityContext somehow, and along the way use our existing Granted Authorities and MethodSecurityInterceptor .
3) Somehow keep acegi stateful with our UUID.
Any hints on where I would start?
Dec 13th, 2005, 07:47 PM
Assuming your UUID will be presented each request, adopt the approach used by BasicProcessingFilter. This will be your new authentication mechanism. Set HttpSessionContextIntegrationFilter.allowSessionCr eation = false. That should get you started.