10 Feb 2010 03:12
Re: [jetty-user] How to create anonymous authenticated user
Greg Wilkins <gregw <at> webtide.com>
2010-02-10 02:12:04 GMT
2010-02-10 02:12:04 GMT
Colin Canfield wrote:
> Morning,
> I am trying to write a handler that prevents form authentication
> occurring if the client comes from certain IP addresses for an embedded
> jetty 7.
> I have extended ConstaintSecurityHandler, if the remote address is
> within the range I set flag it as handled and then set the servlet
> request Authentication as NOT_CHECKED. The Form authenticator has been
> set as non-mandatory however it still redirects and prompts.
> Should I actually be creating an instance of Authentication.User
> that wraps a UserAuthentication which correctly answers isUserInRole
> queries ? Is there a simpler way to achieve what I am trying to do ?
>
> Regards, Colin
>
Colin,
the approach you need to take is to set baseRequest.setAuthentication(xxx);
The question is - what should xxx be?
I don't think NOT_CHECKED is right.... because the security handler will
just check.
Try UNAUTHENTICATED.
failing that, try creating your own subclass of Authentication.User
cheers
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
RSS Feed