[Acegisecurity-developer] [Fwd: [Fwd: Re: Authentication and authorization status in OGC-compliant OSS GIS software]]
Do you think it is possible to include DACS (http://dacs.dss.ca/) as a authentication adapter (just as it is with Yale's CAS)? There were talks about the future of authorization in OSS GIS GeoServer (http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring, so it would be natural to use Acegi. On the other hand there is an Open Geospatial Consortium (OGC) standardising organisation for GIS software and one of their implementation for security used in demos is DACS. The problem is that DACS is native application whereas the GeoServer is a Java webapp. Maybe you have some ideas or already have head about works between DACS and Acegi? Do you find it possible to integrate in any scope (just authentication or maybe even more - to simulate DACS-like authorization using Acegi)? Below there is an email on these talks. If it's not clear for you, please, do not hesitate to ask questions to make it more informative. Thanks in advance for your help! Kind regards, Krystian Nowak PSNC -- Krystian Nowak [EMAIL PROTECTED] === Poznan Supercomputing and Networking Center Poland, 60-814 Poznan, Zwierzyniecka 20 tel. (+48 61) 8582159 fax. (+48 61) 8582151 http://www.man.poznan.pl === Wiadomość oryginalna Temat: Re: Authentication and authorization status in OGC-compliant OSS GIS software Data: Thu, 18 Jan 2007 10:36:48 -0800 Nadawca: Barry Brachman [EMAIL PROTECTED] Odpowiedź-Do: [EMAIL PROTECTED] Adresat: Krystian Nowak [EMAIL PROTECTED] Kopia: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Hi all -- Some of this thread was forwarded to me. As the principal designer and implementor of DACS, I thought I might be able to comment a little on a few things that caught my attention. Jody Garnett napisa³(a): I know DACS has been used in an OGC context Is it an OGC standard or only at OWS as demo? DACS is not an OGC standard. It was the subject of three OGC initiatives: CIPI 1.1, CIPI 1.2, and OWS-3. That work mainly dealt with understanding and solving authentication and authorization interoperability issues, and some of the results of those projects were integrated with DACS. As far as I know, nothing is currently being done by the OGC with DACS. what is the benifit for ACEGI? Ah it is a spring security system ... I don't know anything about Acegi (http://acegisecurity.org) other than what I have read on their home page, so I really can't comment on it or compare it with DACS. But at first glance it looks to me like it is quite different from DACS in philosophy, implementation, operation, and feature set. So I suspect the two systems might be aimed at different audiences. As for CAS, it is simply an authentication method, and it is one of many methods supported by DACS. Regardless of how authentication is performed, DACS creates a common internal representation (credentials) which is then exported from DACS to a client, and later sent by a client to DACS with its request. In theory at least, DACS does not care how credentials are transmitted - in an HTTP cookie, via an HTTP extension header, within a URL, or as an argument - these are all possibilities. Clients, which can be middleware, can ask DACS to decode or export credentials, so a DACS identity can easily be converted to some other representation, and importation to DACS from other representations is also possible. Middleware can ask DACS to create credentials. The authorization side of DACS is largely separate and independent of the authentication side. You do not have to use DACS authentication in order to use the DACS access control rule-processing engine. I also can't comment on GeoServer. I believe that, like Acegi, it is a Java application, and DACS being C/C++ software, people who prefer a pure Java solution might not be happy with a system that must use JNI. Supporting DACS as an optional, third-party component of GeoServer might be a possibility though. One other thing that I noticed: Do you know if there is any way to integrate Acegi with DACS? I don't really understand this question because the two systems are quite different, yet in broad terms, do the same kinds of things. So I'm not sure what it would mean to integrate Acegi with DACS. It might be possible for Acegi to use DACS's authentication components, its access control component, or both, but that's probably a question to ask the Acegi folks. And there's also that pesky pure Java issue. It might be possible for the two systems to interoperate, but I don't think that's what you're talking about. I apologize if I've gotten off topic or confused things. I'd be happy to answer any questions that anyone has about DACS. Barry ** Barry Brachman, Ph.D. ** Distributed Systems Software, Inc. - Take Surveys. Earn Cash.
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
Ben answered your original email on this subject... Is there a reason you cannot use a PropertyPlaceholderConfigurer? http://www.springframework.org/docs/api/org/springframework/beans/factory/config/PropertyPlaceholderConfigurer.html On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: In using Acegi with Cas in a web application. As you know, I have to set the serviceProperties property of CasProcessingFilterEntryPoint to the url that CAS will call after authentication. I don't like to set this url in applicationContext-acegi-security.xml but I prefere this value Is build automatically. To do it I'm going to extends org.acegisecurity.ui.cas.ServiceProperties with a class that try to build the service property if is not setted (null) using something like this: serviceProperties=http://+request.request.getLocalAddr()+:+request.getLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check (I don't use https in this case….) What's your opinion? Please, any suggestions are welcome. Regards Mario Buonopane This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] [Fwd: [Fwd: Re: Authentication and authorization status in OGC-compliant OSS GIS software]]
If you can find a means to make java code authenticate against DACS, then it would be easy enough to write an Acegi AuthenticationProvider that talks to it. On 1/19/07, Krystian Nowak [EMAIL PROTECTED] wrote: Do you think it is possible to include DACS (http://dacs.dss.ca/) as a authentication adapter (just as it is with Yale's CAS)? There were talks about the future of authorization in OSS GIS GeoServer (http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring, so it would be natural to use Acegi. On the other hand there is an Open Geospatial Consortium (OGC) standardising organisation for GIS software and one of their implementation for security used in demos is DACS. The problem is that DACS is native application whereas the GeoServer is a Java webapp. Maybe you have some ideas or already have head about works between DACS and Acegi? Do you find it possible to integrate in any scope (just authentication or maybe even more - to simulate DACS-like authorization using Acegi)? Below there is an email on these talks. If it's not clear for you, please, do not hesitate to ask questions to make it more informative. Thanks in advance for your help! Kind regards, Krystian Nowak PSNC -- Krystian Nowak [EMAIL PROTECTED] === Poznan Supercomputing and Networking Center Poland, 60-814 Poznan, Zwierzyniecka 20 tel. (+48 61) 8582159 fax. (+48 61) 8582151 http://www.man.poznan.pl === Wiadomość oryginalna Temat: Re: Authentication and authorization status in OGC-compliant OSS GIS software Data: Thu, 18 Jan 2007 10:36:48 -0800 Nadawca: Barry Brachman [EMAIL PROTECTED] Odpowiedź-Do: [EMAIL PROTECTED] Adresat: Krystian Nowak [EMAIL PROTECTED] Kopia: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Hi all -- Some of this thread was forwarded to me. As the principal designer and implementor of DACS, I thought I might be able to comment a little on a few things that caught my attention. Jody Garnett napisa³(a): I know DACS has been used in an OGC context Is it an OGC standard or only at OWS as demo? DACS is not an OGC standard. It was the subject of three OGC initiatives: CIPI 1.1, CIPI 1.2, and OWS-3. That work mainly dealt with understanding and solving authentication and authorization interoperability issues, and some of the results of those projects were integrated with DACS. As far as I know, nothing is currently being done by the OGC with DACS. what is the benifit for ACEGI? Ah it is a spring security system ... I don't know anything about Acegi (http://acegisecurity.org) other than what I have read on their home page, so I really can't comment on it or compare it with DACS. But at first glance it looks to me like it is quite different from DACS in philosophy, implementation, operation, and feature set. So I suspect the two systems might be aimed at different audiences. As for CAS, it is simply an authentication method, and it is one of many methods supported by DACS. Regardless of how authentication is performed, DACS creates a common internal representation (credentials) which is then exported from DACS to a client, and later sent by a client to DACS with its request. In theory at least, DACS does not care how credentials are transmitted - in an HTTP cookie, via an HTTP extension header, within a URL, or as an argument - these are all possibilities. Clients, which can be middleware, can ask DACS to decode or export credentials, so a DACS identity can easily be converted to some other representation, and importation to DACS from other representations is also possible. Middleware can ask DACS to create credentials. The authorization side of DACS is largely separate and independent of the authentication side. You do not have to use DACS authentication in order to use the DACS access control rule-processing engine. I also can't comment on GeoServer. I believe that, like Acegi, it is a Java application, and DACS being C/C++ software, people who prefer a pure Java solution might not be happy with a system that must use JNI. Supporting DACS as an optional, third-party component of GeoServer might be a possibility though. One other thing that I noticed: Do you know if there is any way to integrate Acegi with DACS? I don't really understand this question because the two systems are quite different, yet in broad terms, do the same kinds of things. So I'm not sure what it would mean to integrate Acegi with DACS. It might be possible for Acegi to use DACS's authentication components, its access control component, or both, but that's probably a question to ask the Acegi folks. And there's also that pesky pure Java issue. It might be possible for the two systems to interoperate, but I don't think that's what you're talking
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
Sorry Ray, but how can I use PropertyPlaceholderConfigurer for this scope? Can you explain me with an example please? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ray Krueger Sent: 19 gennaio 2007 13.07 To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Setting serviceProperties in Acegi Ben answered your original email on this subject... Is there a reason you cannot use a PropertyPlaceholderConfigurer? http://www.springframework.org/docs/api/org/springframework/beans/factor y/config/PropertyPlaceholderConfigurer.html On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: In using Acegi with Cas in a web application. As you know, I have to set the serviceProperties property of CasProcessingFilterEntryPoint to the url that CAS will call after authentication. I don't like to set this url in applicationContext-acegi-security.xml but I prefere this value Is build automatically. To do it I'm going to extends org.acegisecurity.ui.cas.ServiceProperties with a class that try to build the service property if is not setted (null) using something like this: serviceProperties=http://+request.request.getLocalAddr()+:+request.g etLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check (I don't use https in this case) What's your opinion? Please, any suggestions are welcome. Regards Mario Buonopane This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE V ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE V ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Setting serviceProperties in Acegi
In using Acegi with Cas in a web application. As you know, I have to set the serviceProperties property of CasProcessingFilterEntryPoint to the url that CAS will call after authentication. I don't like to set this url in applicationContext-acegi-security.xml but I prefere this value Is build automatically. To do it I'm going to extends org.acegisecurity.ui.cas.ServiceProperties with a class that try to build the service property if is not setted (null) using something like this: serviceProperties=http://+request.request.getLocalAddr()+:+request.g etLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check (I don't use https in this case) What's your opinion? Please, any suggestions are welcome. Regards Mario Buonopane This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
OK...
Subclassing ServiceProperties isn't going to do any good, because you
don't have access to the HttpRequest.
You can use a PropertyPlaceHolderConfigurer so that your xml looks like...
bean id=serviceProperties class=org.acegisecurity.ui.cas.ServiceProperties
property
name=servicevalue${serviceProperties.serviceUrl}/value/property
property name=sendRenewvaluefalse/value/property
/bean
And then you can externalize these deployment specific parameters into
a properties file that gets setup at the client site.
We should consider adding a hookmethod into the
CasProcessingFilterEntryPoint to allow customization of how the
serviceUrl is added to the cas redirect.
Oh, and a little tip, you don't have to hard code the http:// part you
can use request.getScheme() (terrible name, go Sun).
On 1/19/07, Ray Krueger [EMAIL PROTECTED] wrote:
Now that I read your email a little more thoroughly, let me take a
closer look. Personally I've never used the CAS support in Acegi.
I'll get back to you in a minute or two :)
On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Sorry Ray, but how can I use PropertyPlaceholderConfigurer for this
scope? Can you explain me with an example please?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ray Krueger
Sent: 19 gennaio 2007 13.07
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] Setting serviceProperties in
Acegi
Ben answered your original email on this subject...
Is there a reason you cannot use a PropertyPlaceholderConfigurer?
http://www.springframework.org/docs/api/org/springframework/beans/factor
y/config/PropertyPlaceholderConfigurer.html
On 1/19/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
In using Acegi with Cas in a web application. As you know, I have to
set the
serviceProperties property of CasProcessingFilterEntryPoint to the url
that
CAS will call after authentication. I don't like to set this url in
applicationContext-acegi-security.xml but I prefere this
value Is build automatically. To do it I'm going to extends
org.acegisecurity.ui.cas.ServiceProperties with a class
that try to build the service property if is not setted (null) using
something like this:
serviceProperties=http://+request.request.getLocalAddr()+:+request.g
etLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check
(I don't use https in this case)
What's your opinion?
Please, any suggestions are welcome.
Regards
Mario Buonopane
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the
original. Any other use of the email by you is prohibited.
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to
share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE
V
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE
V
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the email by you is prohibited.
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
One thing to note is that as a security measure, we never recommend that
you construct/retrieve the hostname for a service url from the request
object. You'll notice that neither Acegi nor the other CAS clients
allows you have a completely dynamic service url (the CAS client
requires that you at least specify the hostname). This is because the
hostname header is generally set on the client side and thus cannot be
trusted.
Your best bet is as Ben and Ray said, to use the
PropertyPlaceholderConfigurer. If you don't want to worry about
re-generating WAR files for each client you could place the service url
as a JNDI resource and reference it in the Spring configuration files.
-Scott
Scott Battaglia
Application Developer, Architecture Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED]
Ray Krueger wrote:
OK...
Subclassing ServiceProperties isn't going to do any good, because you
don't have access to the HttpRequest.
You can use a PropertyPlaceHolderConfigurer so that your xml looks like...
bean id=serviceProperties
class=org.acegisecurity.ui.cas.ServiceProperties
property
name=servicevalue${serviceProperties.serviceUrl}/value/property
property name=sendRenewvaluefalse/value/property
/bean
And then you can externalize these deployment specific parameters into
a properties file that gets setup at the client site.
We should consider adding a hookmethod into the
CasProcessingFilterEntryPoint to allow customization of how the
serviceUrl is added to the cas redirect.
Oh, and a little tip, you don't have to hard code the http:// part you
can use request.getScheme() (terrible name, go Sun).
On 1/19/07, Ray Krueger [EMAIL PROTECTED] wrote:
Now that I read your email a little more thoroughly, let me take a
closer look. Personally I've never used the CAS support in Acegi.
I'll get back to you in a minute or two :)
On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Sorry Ray, but how can I use PropertyPlaceholderConfigurer for this
scope? Can you explain me with an example please?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ray Krueger
Sent: 19 gennaio 2007 13.07
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] Setting serviceProperties in
Acegi
Ben answered your original email on this subject...
Is there a reason you cannot use a PropertyPlaceholderConfigurer?
http://www.springframework.org/docs/api/org/springframework/beans/factor
y/config/PropertyPlaceholderConfigurer.html
On 1/19/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
In using Acegi with Cas in a web application. As you know, I have to
set the
serviceProperties property of CasProcessingFilterEntryPoint to the url
that
CAS will call after authentication. I don't like to set this url in
applicationContext-acegi-security.xml but I prefere this
value Is build automatically. To do it I'm going to extends
org.acegisecurity.ui.cas.ServiceProperties with a class
that try to build the service property if is not setted (null) using
something like this:
serviceProperties=http://+request.request.getLocalAddr()+:+request.g
etLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check
(I don't use https in this case)
What's your opinion?
Please, any suggestions are welcome.
Regards
Mario Buonopane
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the
original. Any other use of the email by you is prohibited.
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to
share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE
V
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE
V
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
Here is what I did to resolve the problem:
1) I have create a filter that build the servicesProperties url in a
static property. This is the code:
public class CasAcegiServicePropertyFilter implements Filter {
public static String casAcegiServicePropertyValue=null;
private static final Log log =
LogFactory.getLog(CasAcegiServicePropertyFilter.class);
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
if(casAcegiServicePropertyValue==null){
HttpServletRequest request = (HttpServletRequest)req;
String cp = request.getContextPath();
if(!cp.startsWith(/))cp=/+cp;
casAcegiServicePropertyValue =
request.getScheme()+
://+request.getLocalAddr()+
:+request.getLocalPort()+
cp+
/j_acegi_cas_security_check;
log.info(casAcegiServicePropertyValue:+
casAcegiServicePropertyValue);
}
chain.doFilter(req, res);
}
2) I have subclassed ServiceProperties in this way:
public String getService() {
if(super.getService()!=null) return super.getService();
else return
CasAcegiServicePropertyFilter.casAcegiServicePropertyValue;
}
3) I have configured the CasAcegiServicePropertyFilter how first and
serviceProperties with no service url.
Seems to work well.WHAT DO YOU THINK?
Thanks
Mario
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ray Krueger
Sent: 19 gennaio 2007 15.14
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] Setting serviceProperties in
Acegi
OK...
Subclassing ServiceProperties isn't going to do any good, because you
don't have access to the HttpRequest.
You can use a PropertyPlaceHolderConfigurer so that your xml looks
like...
bean id=serviceProperties
class=org.acegisecurity.ui.cas.ServiceProperties
property
name=servicevalue${serviceProperties.serviceUrl}/value/property
property name=sendRenewvaluefalse/value/property
/bean
And then you can externalize these deployment specific parameters into
a properties file that gets setup at the client site.
We should consider adding a hookmethod into the
CasProcessingFilterEntryPoint to allow customization of how the
serviceUrl is added to the cas redirect.
Oh, and a little tip, you don't have to hard code the http:// part you
can use request.getScheme() (terrible name, go Sun).
On 1/19/07, Ray Krueger [EMAIL PROTECTED] wrote:
Now that I read your email a little more thoroughly, let me take a
closer look. Personally I've never used the CAS support in Acegi.
I'll get back to you in a minute or two :)
On 1/19/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Sorry Ray, but how can I use PropertyPlaceholderConfigurer for this
scope? Can you explain me with an example please?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf
Of Ray Krueger
Sent: 19 gennaio 2007 13.07
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] Setting serviceProperties in
Acegi
Ben answered your original email on this subject...
Is there a reason you cannot use a PropertyPlaceholderConfigurer?
http://www.springframework.org/docs/api/org/springframework/beans/factor
y/config/PropertyPlaceholderConfigurer.html
On 1/19/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
In using Acegi with Cas in a web application. As you know, I have
to
set the
serviceProperties property of CasProcessingFilterEntryPoint to the
url
that
CAS will call after authentication. I don't like to set this url
in
applicationContext-acegi-security.xml but I prefere this
value Is build automatically. To do it I'm going to extends
org.acegisecurity.ui.cas.ServiceProperties with a class
that try to build the service property if is not setted (null)
using
something like this:
serviceProperties=http://+request.request.getLocalAddr()+:+request.g
etLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check
(I don't use https in this case)
What's your opinion?
Please, any suggestions are welcome.
Regards
Mario Buonopane
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have
received it in error, please notify the sender immediately and
delete
the
original. Any other use of the email by you is prohibited.
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to
share your
opinions on IT business topics
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
I also had a similar solution posted back in June 2005, which we've been using since then. http://sourceforge.net/mailarchive/message.php?msg_id=12208592 -lenny - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
