Oct 25th, 2006, 01:52 AM
"terms of usage" screen on users first successful login
I have Acgi Security implemented for login process and it works well. I now want to enhance this to display "terms of usage" screen on users first successful login. User will be prompted with accept the terms or reject it. If user accepts the terms of usage then system will update a flag to user class and proceed to home page. Or if user rejects the terms then system will logout.
For all subsequent login after accepting terms, system will not prompt for "terms of usage" for that user.
I believe that this can be implemented with filterChainProxy (i.e. org.acegisecurity.util.FilterChainProxy class).
I would appreciate your help on guiding me to implementing above feature.
Oct 25th, 2006, 09:10 AM
Maybe u like to use the AccessDescisionManger and inject it with a class that implements AccessDecisionVoter.
This interface defines a method vote(Authentication authentication .... ) with the authentication object you have access to your user and could check the state, if the user accepts your terms or not. If not your return an accessdenied value, otherwise a grantedvalue.
The only thing I am not sure right now, is how to chain the decisionVoters in the DecisionManger, so that your Voter that checks the termagreement will have priority before all other. Or if it is enough that one Voter denies the access.
I hope this will help you. We can dig deeper if you have questions or problems if you like.
Oct 25th, 2006, 12:54 PM
I've seen something similar to this before. The UserDetailsService was implemented to return a UserDetails implementation which contained the hasAgreed flag. There was then a TermsAgreeVoter that protected everything. You just need to ensure if the terms must be agreed to you configure the voters correctly.
On signon success, forward to a struts action which checked if the terms had been agreed. If they had it forwarded to home, else to the agree page.
Don't know if it was the best solution but it seemed ok.
Oct 26th, 2006, 01:44 AM
I think you do not need to implement an extra UserDetailsService. It is enough to make your User holding the Agreement flag. The rest will be done by the Voter.
The only thing you have to ensure is, that the agreement flag is set, after the user accept it, because the user is loggedin for Acegi, so the system will not call the user again via UserDetailsService call.
Except you configured Acegi to do so (I read about this somewhere, but I did not have a clue where ;-) ).
Oct 26th, 2006, 08:17 AM
Thanks for update.
I have analyzed ApplicationListener and/or DecisionVoter approach. With each approach I see potential issue of overriding the "defaultTargetUrl" specified with authenticationProcessingFilter bean to display "Terms screen", if user has not "Accepted Terms".