Announcement Announcement Module
Collapse
No announcement yet.
What's difference between ROLE_ANONYMOUS and IS_AUTHENTICATED_ANONYMOUSLY Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • What's difference between ROLE_ANONYMOUS and IS_AUTHENTICATED_ANONYMOUSLY

    In acegi security sample tutorial, configuration is
    HTML Code:
    <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="accessDecisionManager">
    			<bean class="org.acegisecurity.vote.AffirmativeBased">
    				<property name="allowIfAllAbstainDecisions" value="false"/>
    				<property name="decisionVoters">
    					<list>
    						<bean class="org.acegisecurity.vote.RoleVoter"/>
    						<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
    					</list>
    				</property>
    			</bean>
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/secure/extreme/**=ROLE_SUPERVISOR
    				/secure/**=IS_AUTHENTICATED_REMEMBERED
    				/**=IS_AUTHENTICATED_ANONYMOUSLY
    			</value>
    		</property>
    	</bean>
    While in acegi-security-sample-contacts-filter, configuration is:
    HTML Code:
    <property name="objectDefinitionSource">
             <value>
    			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    			    PATTERN_TYPE_APACHE_ANT
    			    /index.jsp=ROLE_ANONYMOUS,ROLE_USER
    			    /hello.htm=ROLE_ANONYMOUS,ROLE_USER
    			    /logoff.jsp=ROLE_ANONYMOUS,ROLE_USER
    			    /switchuser.jsp=ROLE_SUPERVISOR
    			    /j_acegi_switch_user=ROLE_SUPERVISOR
    			    /acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER
    				/**=ROLE_USER
             </value>
          </property>
    What's the difference for ROLE_ANONYMOUS and IS_AUTHENTICATED_ANONYMOUSLY? Where is attribute like IS_AUTHENTICATED_ANONYMOUSLY and PATTERN_TYPE_APACHE_ANT
    from?

    Thanks in advance!

  • #2
    The authentication settings are defined in AuthenticatedVoter. You can find the explaination of what these mean here.

    29 /***
    30 * <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
    31 * <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
    32 * order of most strict checking to least strict checking.</p>
    33 * <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
    34 * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
    35 * org.acegisecurity.AuthenticationTrustResolver#isAn onymous(Authentication)} is false and {@link
    36 * org.acegisecurity.AuthenticationTrustResolver#isRe memberMe(Authentication)} is false. The "REMEMBERED" will grant
    37 * access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
    38 * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
    39 * <p>All comparisons and prefixes are case sensitive.</p>
    40 *
    41 * @author Ben Alex
    42 * @version $Id: AuthenticatedVoter.java 1496 2006-05-23 13:38:33Z benalex $
    43 */
    The ROLE_ settings are the roles within the application. The InMemoryDaoImpl states the roles that the user is assigned. In other applications these could be roles defined in a database or groups on active directory potentially etc..... These are used in the RoleVoter.

    The Authenticated and Role voters protect the resource determining if the resource should be accessible.
    Last edited by karldmoore; Nov 15th, 2006, 05:01 PM.

    Comment


    • #3
      Forgot to say the other constants you were after can be found in a class called FilterInvocationDefinitionSourceEditor.

      Comment


      • #4
        so what does IS_ mean?

        I still don't know what does IS mean even reader through the guide

        Comment


        • #5
          It doesn't mean anything by itself. The Javadoc for AuthenticatedVoter, as Karl posted earlier in this thread lists the three attributes that the voter will respond to. It will ignore anything else.

          Comment


          • #6
            Sorry I did not express what I mean, I know the purpose of ROLE_ and IS_, but I don't know what's the abbreviation of IS_ :-)

            Comment


            • #7
              "Is". As in "To be or not to be authenticated, that is the question" :-)

              Comment


              • #8
                I am such a fool

                Comment

                Working...
                X