Re: [Acegisecurity-developer] Spring Security is not portable
I have a simple war where I used spring-security to implement a BASIC login using JAAS. It works fine on Tomcat but on JBoss I get the following error. It seems to be ignoring my spring-security configuration because it wants to load users/roles from local file. 13:54:02,128 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role f iles java.io.IOException: No properties file: users.properties or defaults: defaultUs ers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRole sLoginModule.java:186) Why isn't this portable to JBoss? It is all portable to JBoss. What you have is a JBoss problem, not an Acegi problem. This might help... http://www.jboss.org/community/wiki/UsersRolesLoginModule -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] [ANN] Spring Security 2.0.0 Released
Great news! On 4/15/08, Ben Alex [EMAIL PROTECTED] wrote: Dear Spring Community After almost two years of development, Spring Security 2.0.0 is now available for download. This significant new release replaces Acegi Security as the official security module for Spring applications. Spring Security 2.0.0 features substantially simplified configuration. Whilst old configurations required hundreds of lines of XML, our new convention over configuration approach ensures that many deployments will now require less than 10 lines. We've also added many other new capabilities to Spring Security 2.0.0: * OpenID integration, which is the web's emerging single sign on standard (supported by Google, IBM, Sun, Yahoo and others) * Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks * Support for JSR 250 (EJB 3) security annotations, delivering a standards-based model for authorization metadata * AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects * Substantial improvements to the high-performance domain object instance security (ACL) capabilities * Comprehensive support for RESTful web request authorization, which works well with Spring 2.5's @MVC model for building RESTful systems * Long-requested support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration * An improved, database-backed remember me implementation * Support for portlet authentication out-of-the-box * Support for additional languages * Numerous other general improvements, documentation and new samples * New support for web state and flow transition authorization through the Spring Web Flow 2.0 release * New support for visualizing secured methods, plus configuration auto-completion support in Spring IDE * Enhanced WSS (formerly WS-Security) support through the Spring Web Services 1.5 release Please visit http://www.springframework.org/download to download the latest release and access the change log. We hope you find this new release useful in your projects. Best regards Ben Alex Project Lead, Spring Security - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- Sent from Gmail for mobile | mobile.google.com - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] IntelliJ license
Our IntelliJ IDEA license expires tomorrow (yep, we have one, contact me for details). I've contacted IntelliJ to acquire a new open-source license. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] OpenID out of the sandbox
I've pulled the OpenID module out of the sand box, but rather than merging it into core, it is it's own module. Meaning that integrating it into a project will require both the spring-security-core and spring-security-openid jar files. The OpenID module has also been added to the parent pom.xml, which means that when you run mvn install on the root project it will install the OpenID module as well. I'd like to bump up the test coverage in some spots and we definitely need to get some documentation going. We should be able to tighten this up by the time Luke releases Spring-Security 2.0. That being said, I wouldn't call the OpenID support done. It is out of the sandbox though and that's good news. So pull down the code and have a look see... -Ray - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Acegi OpenID Support Update
I've updated the OpenID support in the sandbox, um, finally :) I'll talk with Ben and Luke about getting it promoted to its rightful home soon enough. Anyway, read more at... ShamelessSelfPromotion http://raykrueger.blogspot.com/2008/01/acegi-openid-support-update.html /ShamelessSelfPromotion - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] build failed
Yeah, the unit tests will only pass in English. Try this (without your changes) set MAVEN_OPTS=-Duser.language=en -Duser.region=US mvn install On Jan 13, 2008 7:03 AM, Candide Kemmler [EMAIL PROTECTED] wrote: Hi Ray, I have wiped everything in my working copy directory, then re-co'd everything and run mvn install, and still got the same errors. Attached is a patch containing the 3 tiny hacks I had to write for the project to compile. Maybe you have more insight than me to understand what was going wrong (except for the language issue). I'm still stuck with Eclipse. What IDE do you guys use, if any? Any hints about IDE usage would be very welcomed (.project .classpath anyone?) On Jan 12, 2008 9:51 PM, Ray Krueger [EMAIL PROTECTED] wrote: I had a bad file or two that was causing trouble. I blew those out and got fresh code from SVN and all is well. Candide be sure to run mvn install first and foremost. On Jan 11, 2008 1:01 PM, Ray Krueger [EMAIL PROTECTED] wrote: Yeah, I think we have a problem building on Windows. I had a problem this morning on my Windows laptop. Once I got into the office I pulled the code down to my linux workstation and simply ran mvn install, everything went off without a hitch. I'll look at it on my train ride home I think :) On Jan 11, 2008 11:50 AM, Candide Kemmler [EMAIL PROTECTED] wrote: I'm running java -version: java version 1.6.0 Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode) on Windows XP French I have 2Gb of RAM,... what else? Looks like at least one error is due to my system being in french :-( And for something else: I have problems using Eclipse I have everywhere messages of the form The hierarchy of the type xxx is inconsistent Any idea what can be done against it? Or, more simply: couldn't someone just hand me their .project and .classpath files? -- Candide Kemmler http://www.palacehotel.org/ 11/13 avenue Reine Marie-Henriette 1190 Bruxelles mobile:+32485067980 - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- Candide Kemmler http://www.palacehotel.org/ 11/13 avenue Reine Marie-Henriette 1190 Bruxelles mobile:+32485067980 - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] build failed
Yeah, I think we have a problem building on Windows. I had a problem this morning on my Windows laptop. Once I got into the office I pulled the code down to my linux workstation and simply ran mvn install, everything went off without a hitch. I'll look at it on my train ride home I think :) On Jan 11, 2008 11:50 AM, Candide Kemmler [EMAIL PROTECTED] wrote: I'm running java -version: java version 1.6.0 Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode) on Windows XP French I have 2Gb of RAM,... what else? Looks like at least one error is due to my system being in french :-( And for something else: I have problems using Eclipse I have everywhere messages of the form The hierarchy of the type xxx is inconsistent Any idea what can be done against it? Or, more simply: couldn't someone just hand me their .project and .classpath files? -- Candide Kemmler http://www.palacehotel.org/ 11/13 avenue Reine Marie-Henriette 1190 Bruxelles mobile:+32485067980 - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
You know, I think that responsibility may have been moved to the exceptionTranslationFilter. That's probably not very clear... Look at what entryPoints you have and look how they're being used. On Nov 8, 2007 5:42 AM, [EMAIL PROTECTED] wrote: I looked inside the acegi-security-sample-contacts-filter.war that came with acegi 1.0.4 the filter chain in applicationContext-acegi-security.xml is defined as follows: bean id=filterChainProxy class=org.acegisecurity.util.FilterChainProxy property name=filterInvocationDefinitionSource value CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter /value /property /bean The javadoc of BasicProcessingFilterEntryPoint also talks about SecurityEnforcementFilter. But I can not find an class/interface or bean name with that name ? Are we talking about the same acegi version ? Regards, - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
No problem, glad I could help. That's the trick to remember with Acegi that I think people misunderstand. The filters that actually handle credentials, like the BasicProcessingFilter, AuthenticationProcessingFilter, DigestProcessingFilter only do anything when the credentials are presented. An entry point is used at the end of the filter chain as the final gate keeper. Each filter has it's own entry point wired in though, those are used when you screw up the credentials presented to one of the filters. So if you present bad credentials to the BasicProcessingFilter, it will send your request to it's entry point. In your case, that's the same entry point used by the ExceptionTranslationFilter. I really don't like that the final enforcement is done by something named ExceptionTranslationFilter. That's very unclear. There used to be a SecurityEnforcementFilter back there who's name made it's responsibility clear. The ExceptionTranslationFilter was added, as it's name implies, to handle translating the exception messages using ResourceBundles and such. Unfortunately it was put in as a replacement for the ExceptionTranslationFilter which sort of blurred the line. I should have complained about this like a year ago when it was implemented but I wasn't paying attention :P On Nov 8, 2007 6:31 AM, [EMAIL PROTECTED] wrote: I needed to change the authenticationEntryPoint property of the ExceptionTranslationFilter bean in order to make it work. Thanks a lot Ray ! - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
Yes, it's used in core. It is the default backing for the UserCache. On 11/6/07, Scott Battaglia [EMAIL PROTECTED] wrote: The StatelessTicketCache is only used within the CAS support for the purpose of simulating sessions for stateless remote access. Normal CAS support does not require the StatelessTicketCache (in fact the CAS protocol doesn't really recommend you re-use the single use tickets ;-)). I'm okay with option 3 also. I'll create a JIRA issue and commit the code. Would we need to update our pom file? Is EhCache used for anything besides the CAS support within Acegi? Thanks -Scott Ray Krueger wrote: Number 3 above is generally the pattern followed in Acegi... private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache(); ...with a setter for it defining a custom implementation. I don't think that would be a big deal to change, though I'm unsure of it's role in the CAS stuff. I've never used our CAS support :) On 11/6/07, Scott Battaglia [EMAIL PROTECTED] wrote: Ben, Do you have any objections to removing the fact that a StatelessTicketCache is required for the CasAuthenticationProvider? Its only needed when a remoting protocol is used and requires every application to possibly have an unnecessary dependency on EhCache. We have three options: 1. Just turn off the check for the StatelessTicketCache (and wherever its called, also check for null) 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy the dependency but still require people to configure it 3. Create the stub and have it be the default value in the CasAuthenticationProvider meaning that no configuration is required. Thoughts? Thanks -Scott -- Scott Battaglia Application Developer, Architecture Engineering Team Enterprise Systems and Services, Rutgers University v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Trunk tests take 30 minutes and then fail.
Ok, so this is a Windows and/or Java 6 thing. I ran the full test suite on my linux box with java5 and all is well. On 11/4/07, Ray Krueger [EMAIL PROTECTED] wrote: It looks like that all starts from this test... Running org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticatorTests On 11/4/07, Ray Krueger [EMAIL PROTECTED] wrote: This type of stuff seems to be where it takes the longest... 2007-11-04 12:39:38,062 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:39:53,203 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:40:08,218 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:40:23,218 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} On 11/4/07, Ray Krueger [EMAIL PROTECTED] wrote: Maven version: 2.0.7 Java version: 1.6.0_01 OS name: windows xp version: 5.1 arch: x86 Yeah, the console scrolled way too far back for me to see what failed. That was just the snippet of the end of the log I showed. I'm running it again with a fresh batch of code, and running it from the project root. On 11/4/07, Luke Taylor [EMAIL PROTECTED] wrote: What tests are failing? And what platform are you running on, JVM, Maven version etc? The stuff about ehcache is something to do with the shutdown hooks in all the application contexts being executed when the VM exits so that's not the problem, though we should be aiming to make sure that existing tests call close() on any created app contexts to avoid this. Both my automated build and the ones on build.springframework.org seem to be running without any problems and I just built on my desktop machine (1min 29s for a mvn clean test): Maven version: 2.0.7 Java version: 1.5.0_07 OS name: mac os x version: 10.4.10 arch: i386 Ray Krueger wrote: I just pulled the latest code from Trunk this morning. I ran the unit tests in ./core and had the following result... 2007-11-03 21:11:26,437 INFO net.sf.ehcache.CacheManager - VM shutting down with the CacheManager st ill active. Calling shutdown. Exception in thread Thread-77 java.lang.IllegalStateException: The aclCache Cache is not alive. at net.sf.ehcache.Cache.checkStatus(Cache.java:1201) at net.sf.ehcache.Cache.dispose(Cache.java:1081) at net.sf.ehcache.CacheManager.shutdown(CacheManager.java:702) at net.sf.ehcache.CacheManager$1.run(CacheManager.java:505) [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] There are test failures. [INFO] [INFO] For more information, run Maven with the -e switch [INFO
Re: [Acegisecurity-developer] Trunk tests take 30 minutes and then fail.
This type of stuff seems to be where it takes the longest... 2007-11-04 12:39:38,062 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:39:53,203 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:40:08,218 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:40:23,218 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} On 11/4/07, Ray Krueger [EMAIL PROTECTED] wrote: Maven version: 2.0.7 Java version: 1.6.0_01 OS name: windows xp version: 5.1 arch: x86 Yeah, the console scrolled way too far back for me to see what failed. That was just the snippet of the end of the log I showed. I'm running it again with a fresh batch of code, and running it from the project root. On 11/4/07, Luke Taylor [EMAIL PROTECTED] wrote: What tests are failing? And what platform are you running on, JVM, Maven version etc? The stuff about ehcache is something to do with the shutdown hooks in all the application contexts being executed when the VM exits so that's not the problem, though we should be aiming to make sure that existing tests call close() on any created app contexts to avoid this. Both my automated build and the ones on build.springframework.org seem to be running without any problems and I just built on my desktop machine (1min 29s for a mvn clean test): Maven version: 2.0.7 Java version: 1.5.0_07 OS name: mac os x version: 10.4.10 arch: i386 Ray Krueger wrote: I just pulled the latest code from Trunk this morning. I ran the unit tests in ./core and had the following result... 2007-11-03 21:11:26,437 INFO net.sf.ehcache.CacheManager - VM shutting down with the CacheManager st ill active. Calling shutdown. Exception in thread Thread-77 java.lang.IllegalStateException: The aclCache Cache is not alive. at net.sf.ehcache.Cache.checkStatus(Cache.java:1201) at net.sf.ehcache.Cache.dispose(Cache.java:1081) at net.sf.ehcache.CacheManager.shutdown(CacheManager.java:702) at net.sf.ehcache.CacheManager$1.run(CacheManager.java:505) [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] There are test failures. [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 30 minutes 11 seconds [INFO] Finished at: Sat Nov 03 21:11:26 CDT 2007 [INFO] Final Memory: 15M/27M [INFO] Not cool, I'm not sure what's going on, but it appeared to be spending all it's time in ldap tests. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk
Re: [Acegisecurity-developer] Trunk tests take 30 minutes and then fail.
It looks like that all starts from this test... Running org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticatorTests On 11/4/07, Ray Krueger [EMAIL PROTECTED] wrote: This type of stuff seems to be where it takes the longest... 2007-11-04 12:39:38,062 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:39:53,203 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:40:08,218 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} 2007-11-04 12:40:23,218 DEBUG org.springframework.security.ldap.DefaultInitialDirContextFactory - Cr eating InitialDirContext with environment {java.naming.provider.url=ldap://127.0.0.1:3389/dc=springf ramework,dc=org, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security. principal=uid=admin,ou=system, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authenticat ion=simple, java.naming.security.credentials=**, java.naming.factory.object=org.springframework. ldap.core.support.DefaultDirObjectFactory} On 11/4/07, Ray Krueger [EMAIL PROTECTED] wrote: Maven version: 2.0.7 Java version: 1.6.0_01 OS name: windows xp version: 5.1 arch: x86 Yeah, the console scrolled way too far back for me to see what failed. That was just the snippet of the end of the log I showed. I'm running it again with a fresh batch of code, and running it from the project root. On 11/4/07, Luke Taylor [EMAIL PROTECTED] wrote: What tests are failing? And what platform are you running on, JVM, Maven version etc? The stuff about ehcache is something to do with the shutdown hooks in all the application contexts being executed when the VM exits so that's not the problem, though we should be aiming to make sure that existing tests call close() on any created app contexts to avoid this. Both my automated build and the ones on build.springframework.org seem to be running without any problems and I just built on my desktop machine (1min 29s for a mvn clean test): Maven version: 2.0.7 Java version: 1.5.0_07 OS name: mac os x version: 10.4.10 arch: i386 Ray Krueger wrote: I just pulled the latest code from Trunk this morning. I ran the unit tests in ./core and had the following result... 2007-11-03 21:11:26,437 INFO net.sf.ehcache.CacheManager - VM shutting down with the CacheManager st ill active. Calling shutdown. Exception in thread Thread-77 java.lang.IllegalStateException: The aclCache Cache is not alive. at net.sf.ehcache.Cache.checkStatus(Cache.java:1201) at net.sf.ehcache.Cache.dispose(Cache.java:1081) at net.sf.ehcache.CacheManager.shutdown(CacheManager.java:702) at net.sf.ehcache.CacheManager$1.run(CacheManager.java:505) [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] There are test failures. [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 30 minutes 11 seconds [INFO] Finished at: Sat Nov 03 21:11:26 CDT 2007 [INFO] Final Memory: 15M/27M [INFO
[Acegisecurity-developer] Trunk tests take 30 minutes and then fail.
I just pulled the latest code from Trunk this morning. I ran the unit tests in ./core and had the following result... 2007-11-03 21:11:26,437 INFO net.sf.ehcache.CacheManager - VM shutting down with the CacheManager st ill active. Calling shutdown. Exception in thread Thread-77 java.lang.IllegalStateException: The aclCache Cache is not alive. at net.sf.ehcache.Cache.checkStatus(Cache.java:1201) at net.sf.ehcache.Cache.dispose(Cache.java:1081) at net.sf.ehcache.CacheManager.shutdown(CacheManager.java:702) at net.sf.ehcache.CacheManager$1.run(CacheManager.java:505) [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] There are test failures. [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 30 minutes 11 seconds [INFO] Finished at: Sat Nov 03 21:11:26 CDT 2007 [INFO] Final Memory: 15M/27M [INFO] Not cool, I'm not sure what's going on, but it appeared to be spending all it's time in ldap tests. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] LDAP groupSearchFilter
Nice work. Thanks for following up on your own question. People don't do that often enough :) On 10/18/07, Dimas [EMAIL PROTECTED] wrote: Solved. The solution is easy as change {0} with {1} as a user parameter. {0} contains all the ldap base. {1} only the username. Uff :- ) -- Dimas Streich i Colomeda dimas.sc ARROVA gmail.com http://www.dimas.cat 2007/10/17, Dimas [EMAIL PROTECTED]: Hi! I am configuring JasperServer to authenticate users from LDAP and assign their roles/groups. JasperServer security authentication is based on AcegiSecurity bean so I try searching help in this list. Until now the LDAP users can login to JS with their passwords, but their ldap-grups aren't recognized. The secret is in the applicationContext-security.xml file, and the important bean is: bean id=ldapAuthenticationProvider class= org.acegisecurity.providers.ldap.LdapAuthenticationProvider constructor-arg bean class= org.acegisecurity.providers.ldap.authenticator.BindAuthenticator constructor-argref local=initialDirContextFactory//constructor-arg property name=userDnPatternslistvalueuid={0},ou=Users/value/list/property /bean /constructor-arg constructor-arg bean class= org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator constructor-arg index=0ref local=initialDirContextFactory//constructor-arg constructor-arg index=1valueou=Groups/value/constructor-arg property name=groupRoleAttributevaluecn/value/property property name=groupSearchFiltervalue(amp;(memberUid={0})(objectclass=radiusprofile))/value/property /bean /constructor-arg /bean The last property, groupSearchFilter is not working. It seems that the {0} is not the username logging to the system. If I change it by: property name=groupSearchFiltervalue(amp;(memberUid=abcdef)(objectclass=radiusprofile))/value/property where 'abcdefj' is a LDAP user. If I log to JS with the user abcdef it can enter and his LDAP role is assigned. Why {0} is not working and literal username yes? Some help please? Thx! -- Dimas Streich i Colomeda dimas.sc ARROVA gmail.com http://www.dimas.cat - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] conditional filters?
That's really going to be fully dependent on your applications configuration. Maybe break up your Spring xml files so that all the acegi stuff is in it's own file. Then have your app load the right file based on the environment you want. The full file has all the normal Acegi stuff in it. The test environment file would have one single bean in it: bean id=filterChainProxy class=org.acegisecurity.util.FilterChainProxy/ On 9/14/07, Chris Berry [EMAIL PROTECTED] wrote: Greetings, I was wondering if there was a way to conveniently switch off all the Acegi Servlet Filters In testing we generally want to run over straight http And sometimes in Staging we just want to switch off SSL Today, I am using two different web.xml files; one w/ the Filters commented out, and the other not. And it is a PITA to switch back and forth (comment/uncomment) -- or I have to violate DRY and make copies of the real web.xml Is there some convenient way to tell Acegi just to short-circuit the FilterChainProxy?? Using some kind of variable on startup?? Thanks, -- Chris S'all good --- chriswberry at gmail dot com - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] .classpath file in Subversion
I think the .classpath files should be removed. They are doomed to be stale. The project is now built with maven2 completely. Maven can create the .classpath files as needed. Executing mvn eclipse:eclipse from the project root will create everything needed. On 9/10/07, Scott Battaglia [EMAIL PROTECTED] wrote: I'm doing some work on some of the JIRA issues assigned to me (finally getting a chance) and I checked out the project and noticed that the .classpath was referring to Spring 1.2.9 while the pom refers to 2.0.6. Anyone have any issues if I update the .classpath file to reflect the latest Spring version? Thanks -Scott - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] .classpath file in Subversion
Why isn't it? If you're only interested in working on core then... cd core mvn eclipse:eclipse On 9/10/07, Scott Battaglia [EMAIL PROTECTED] wrote: Executing mvn eclipse:eclipse creates projects for each of the modules, which is probably not what we want. -Scott Ray Krueger wrote: I think the .classpath files should be removed. They are doomed to be stale. The project is now built with maven2 completely. Maven can create the .classpath files as needed. Executing mvn eclipse:eclipse from the project root will create everything needed. On 9/10/07, Scott Battaglia [EMAIL PROTECTED] wrote: I'm doing some work on some of the JIRA issues assigned to me (finally getting a chance) and I checked out the project and noticed that the .classpath was referring to Spring 1.2.9 while the pom refers to 2.0.6. Anyone have any issues if I update the .classpath file to reflect the latest Spring version? Thanks -Scott - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] [ANN] Acegi Security 1.0.5 Released
Copied and Pasted from Lukes post on the support forums http://forum.springframework.org/showthread.php?t=43532 Release 1.0.5 is now available from Sourceforge. http://sourceforge.net/project/showfiles.php?group_id=104215 This is mainly a maintenance release - the changelog can be viewed here: http://sourceforge.net/project/shownotes.php?release_id=537521group_id=104215 It is also the first release to be built using maven 2. Maven 1 files have been removed. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] (no subject)
Nice work Chris, any chance you could open some Jiras on that? On 8/23/07, Chris Berry [EMAIL PROTECTED] wrote: I managed to answer this one myself, by trolling the Internet and reading the Acegi source. The final answer was to create a RESTfulDefinitionSource. I used Spring constructor injection to load in the security patterns: bean id=filterInvocationInterceptor class=org.acegisecurity.intercept.web.FilterSecur ityInterceptor property name=authenticationManager ref=authenticationManager/ property name=accessDecisionManager ref local=httpRequestAccessDecisionManager/ /property property name=objectDefinitionSource ref=filterDefinitionMap / /bean bean id=filterDefinitionMap class=com.homeaway.hcdata.utils.acegi.RESTfulDefi nitionSource constructor-arg type=java.lang.String value /**:GET=ROLE_READER /**:PUT,DELETE,POST=ROLE_WRITER /value /constructor-arg /bean The easiest thing was to then delegate within RESTfulDefinitionSource to a RESTfulPathBasedFilterInvocationDefinitionMap, which is essentially a clone of the PathBasedFilterInvocationDefinitionMap. (But one that takes into account Http Methods). I would have liked to extend PathBasedFilterInvocationDefinitionMap, but it is basically not friendly to subclassing. Although I followed the logic of that class almost exactly so that I could be sure that I got things wired correctly. It seems that Acegi might consider this form as the default form?? So that patterns like this /**=ROLE_SUPERVISOR default to all methods. But patterns like this are also acceptable; /**:PUT,DELETE,POST=ROLE_SUPERVISOR It could be entirely backwards compatible. And Acegi would then support REST!! You might also consider refactoring the org.acegisecurity.intercept.web package. It doesn't lend itself well to extension or variation. Thanks, -- Chris On Aug 21, 2007, at 9:20 PM, Chris Berry wrote: Unfortunately, this package isn't well suited for extension. I could extend PathBasedFilterInvocationDefinitionMap but since it provides no way to access requestMap pathMatcher I had to duplicate all of that code. But I could workaround that, what I don't see is how to get around the FilterInvocationDefinitionSourceEditor I want to be able to do something like this: bean id=filterInvocationInterceptor class=org.acegisecurity.intercept.web.FilterSecurityInterceptor property name=authenticationManager ref=authenticationManager/ property name=accessDecisionManager ref local=httpRequestAccessDecisionManager/ /property property name=objectDefinitionSource ref=filterDefinitionMap / /bean bean id=filterDefinitionMap class=com.homeaway.hcdata.utils.acegi.RESTfulPathBasedFilterInvocationDefinitionMap property name=objectDefinitionSource value CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=ROLE_SUPERVISOR /value /property /bean But I don't see how to accomplish it?? Must I extend FilterInvocationDefinitionSourceEditor ?? I'm no Spring expert, so I'm unclear how the Property Editors get wired in... Thanks, -- Chris On Aug 21, 2007, at 7:10 PM, Brian Moseley wrote: On 8/21/07, Chris Berry [EMAIL PROTECTED] wrote: Anyway, AFAICT, the solution is to provide a custom FilterInvocationDefinitionSource I plan to extend PathBasedFilterInvocationDefinitionMap. [...] sure, that looks good to me, with the following caveat: to support http-based protocols that extend the basic method set, like webdav with its PROPFIND, PROPPATCH, MKCOL, LOCK etc, and to keep mapping files brief, it might be handy to be able to configure named sets of methods on the FilterInvocationDefinitionSource. perhaps something like this: property name=readMethods value=GET,HEAD,OPTIONS,PROPFIND/ property name=writeMethods value=POST,PUT,DELETE,PROPPATCH,LOCK/ and: /foo/bar.html:READ_METHODS,WRITE_METHODS=ROLE_FOO /secure/*:READ_METHODS=ROLE_BAR /account/something=ROLE_BAR - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer S'all good --- [EMAIL PROTECTED] S'all good --- [EMAIL PROTECTED] - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using
Re: [Acegisecurity-developer] (no subject)
Agreed :) And thanks! On 8/23/07, Chris Berry [EMAIL PROTECTED] wrote: Done http://opensource.atlassian.com/projects/spring/browse/SEC-531 Cheers, -- Chris On Aug 23, 2007, at 1:44 PM, Chris Berry wrote: Will do. It sure would be nice to incorporate this back into Acegi. IMHO, REST will (or is ;-) supplant all other web service methodologies. Acegi should support it natively. I need to soon do the same work for securing methods by Http Method Cheers, -- Chris On Aug 23, 2007, at 1:16 PM, Ray Krueger wrote: Nice work Chris, any chance you could open some Jiras on that? On 8/23/07, Chris Berry [EMAIL PROTECTED] wrote: I managed to answer this one myself, by trolling the Internet and reading the Acegi source. The final answer was to create a RESTfulDefinitionSource. I used Spring constructor injection to load in the security patterns: bean id=filterInvocationInterceptor class=org.acegisecurity.intercept.web.FilterSecur ityInterceptor property name=authenticationManager ref=authenticationManager/ property name=accessDecisionManager ref local=httpRequestAccessDecisionManager/ /property property name=objectDefinitionSource ref=filterDefinitionMap / /bean bean id=filterDefinitionMap class=com.homeaway.hcdata.utils.acegi.RESTfulDefi nitionSource constructor-arg type=java.lang.String value /**:GET=ROLE_READER /**:PUT,DELETE,POST=ROLE_WRITER /value /constructor-arg /bean The easiest thing was to then delegate within RESTfulDefinitionSource to a RESTfulPathBasedFilterInvocationDefinitionMap, which is essentially a clone of the PathBasedFilterInvocationDefinitionMap. (But one that takes into account Http Methods). I would have liked to extend PathBasedFilterInvocationDefinitionMap, but it is basically not friendly to subclassing. Although I followed the logic of that class almost exactly so that I could be sure that I got things wired correctly. It seems that Acegi might consider this form as the default form?? So that patterns like this /**=ROLE_SUPERVISOR default to all methods. But patterns like this are also acceptable; /**:PUT,DELETE,POST=ROLE_SUPERVISOR It could be entirely backwards compatible. And Acegi would then support REST!! You might also consider refactoring the org.acegisecurity.intercept.web package. It doesn't lend itself well to extension or variation. Thanks, -- Chris On Aug 21, 2007, at 9:20 PM, Chris Berry wrote: Unfortunately, this package isn't well suited for extension. I could extend PathBasedFilterInvocationDefinitionMap but since it provides no way to access requestMap pathMatcher I had to duplicate all of that code. But I could workaround that, what I don't see is how to get around the FilterInvocationDefinitionSourceEditor I want to be able to do something like this: bean id=filterInvocationInterceptor class=org.acegisecurity.intercept.web.FilterSecurityInterceptor property name=authenticationManager ref=authenticationManager/ property name=accessDecisionManager ref local=httpRequestAccessDecisionManager/ /property property name=objectDefinitionSource ref=filterDefinitionMap / /bean bean id=filterDefinitionMap class=com.homeaway.hcdata.utils.acegi.RESTfulPathBasedFilterInvocationDefinitionMap property name=objectDefinitionSource value CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=ROLE_SUPERVISOR /value /property /bean But I don't see how to accomplish it?? Must I extend FilterInvocationDefinitionSourceEditor ?? I'm no Spring expert, so I'm unclear how the Property Editors get wired in... Thanks, -- Chris On Aug 21, 2007, at 7:10 PM, Brian Moseley wrote: On 8/21/07, Chris Berry [EMAIL PROTECTED] wrote: Anyway, AFAICT, the solution is to provide a custom FilterInvocationDefinitionSource I plan to extend PathBasedFilterInvocationDefinitionMap. [...] sure, that looks good to me, with the following caveat: to support http-based protocols that extend the basic method set, like webdav with its PROPFIND, PROPPATCH, MKCOL, LOCK etc, and to keep mapping files brief, it might be handy to be able to configure named sets of methods on the FilterInvocationDefinitionSource. perhaps something like this: property name=readMethods value=GET,HEAD,OPTIONS,PROPFIND/ property name=writeMethods value=POST,PUT,DELETE,PROPPATCH,LOCK/ and: /foo/bar.html:READ_METHODS,WRITE_METHODS=ROLE_FOO /secure/*:READ_METHODS=ROLE_BAR /account/something=ROLE_BAR - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com
Re: [Acegisecurity-developer] question on FilterInvocationDefinitionSourceEditor class
There is a convention used when it comes to editors. To find an editor; Spring looks in the same package as the class in question for a class with the same name with editor appended. So to find the editor for org.acegisecurity.intercept.web.FilterInvocationDefinitionSource, Spring looks for org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor. On 7/24/07, ShiLei [EMAIL PROTECTED] wrote: hello,guys First, we all know Acegi use FilterInvocationDefinitionSourceEditor class(extends PropertyEditorSupport) to convert property FilterInvocationDefinitionSource (which is defined in XML file) from string to FilterInvocationDefinitionSource Object! And in spring framwork, if one wants to use a custom property editor to handle specified property, it has to be registered in the ApplicationContext XML description. then, here comes the question, I could not find the registration of FilterInvocationDefinitionSourceEditor, but the acegi works! any idea? thx Regards, Shi - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] [Newbie]Please help me get credential from the DB
Mack, yor best bet is going to be to do some research on your own first. Read the reference guide, read the articles and tutorials, and look at the samples. Also, the forums are the best place for user questions. http://forum.springframework.org On 7/12/07, Mack Boonyoung [EMAIL PROTECTED] wrote: bean id=userDetailsService class=org.acegisecurity.userdetails.memory.InMemoryDaoImpl property name=userProperties bean class=org.springframework.beans.factory.config.PropertiesFactoryBean property name=location value=/WEB-INF/users.properties/ /bean /property /bean I do like above thing to make me first project on Acegi. How can I change that bean definition to make it can get the credential from the DB? I mean if I wanna get it done by the helping hands of Spring + Hibernate. Thnx in advance Mack _ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] acegi openid from sandbox tip
Yeah, you can tell from the giant block of commented out deps in our pom.xml file that I had some trouble. We can upload their binary to our maven repo until they get it in place at ibiblio or maven.org. Phillip if your going to try this stuff out you can contact me for any patches/fixes needed. skype: raykrueger gtalk: [EMAIL PROTECTED] I have yahoo and msn as well, but they suck :P On 7/7/07, Phillip Rhodes [EMAIL PROTECTED] wrote: I am working on integrating the openid from the sandbox. Just wanted to say that if you download the 0.9.3 branch of openid4java, things go much better for you! It's worth the extra effort to install openid4java 0.9.3 All my maven dependency problems disappeared... Phillip - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] an openid use aces
Eventually I was hoping to implement the suck in using the OpenId attribute exchange. So that you could create the local account once OpenId has been authenticated. You draw in the nickname and maybe email address and then create the local account. This was only thoughts though, I haven't looked at doing anything concrete yet. Figuring out the proper abstractions for it is the trick. On 7/8/07, Phillip Rhodes [EMAIL PROTECTED] wrote: Hi everyone (and especially Ray). Got your openid lib working, great job. Thanks! You are working on the weekend, I admire that! I am trying to work out the process in which a user has an openid account on a 3rd party server, but they do not have an account for the openid client application. 1) User has openid account http://rhodebump.myopenid.com/ 2) User goes to openid client http://localhost/openidclient and this application (using your acegi filter) will direct them to the myopenid.com provider where they successfully login. 3) myopenid.com directs user back to http://localhost/openidclient but since the user is not provisioned in the openidclient, the UserDetailsService.loadUserByUsername will fail. My use case is that the user has an openid account, but still needs to complete some sort of registration process for the client application. I was wondering if you thought of this at all and if we should provide for this sort of case in the design/implementation of an openid provider. One thing that complicates the whole thing is the question that I think we would want the person to be authenticated with openid before they do this registration process. If they are authenticated using openid, we can suck in some of the openid attributes from their provider to ease the registration process. However, we can not login them in their current account state since they can not be retrieve from the UserDetailsService until they completed setup. It's sort of like there are 2 authentication states, the user can be authenticated remotely, and authenticated locally. Phillip - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] OpenID support updated
I've been sitting on this for far too long and finally committed the changes. I've committed the OpenId4java support and an OpenIdAuthenticationProcessingFilter built to replace the Servlet that is in there now. I've been poking around with it for a while... http://raykrueger.blogspot.com/search/label/Acegi I had a contacts sample working, but it was a giant pain to deploy it as our samples have no way of seeing the sandbox in the build. I hope to build a sample separately; but don't anyone go holding their breath. Now what we need is other folks to jump in and play with it, test it, break it, and most importantly PATCH IT! I know Phillip Rhodes was offering his assistance at one point, that would be fantastic. Maybe jdwyah would like to help out too if he's listening? Our OpenId support is definitely going to need some more attention than mine, I don't have much to give right now. Have at it! -Ray - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] build successful, but no sandbox jars.
Hi Phillip, The sandbox is not built with the main build, try this... cd ./core mvn install cd ../sandbox/openid mvn install That oughta do it On 6/16/07, Phillip Rhodes [EMAIL PROTECTED] wrote: Hi everyone, I got the trunk of acegi codebase, installed maven 1, the commons-attributes-plugin... I couldn't get the jars to be built because there were test failures, so I did a -Dmaven.test.skip=true cd $ACEGI_SECURITY/doc maven multiproject:install -Dmaven.test.skip=true Now the build is successful, but I do not see jars/classes in the sandbox/openid/target directory. Any pointers? Thanks! - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] remember previously logged in password with Acegi
See the Remember Me functionality in the user's guide. The user support forum is your best place to get help. http://forum.springframework.org/forumdisplay.php?f=33 On 5/8/07, Hilda Raymond [EMAIL PROTECTED] wrote: Hello, can anyone help me to configure the following in Acegi: Remember a user's password when logging for the first time and use that password for the next logins - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] maven 2 eclipse integration
Are you executing it out of the acegisecurity directory? And not in ./core or one of the other modules? On 4/30/07, Vishal Puri [EMAIL PROTECTED] wrote: Hi All Carlos and Luke, have you been able to generate eclipse .classpath and .project files with maven 2 for acegi ? Doing mvn eclipse:clean and mvn eclipse:eclipse doesn't generate these files for Acegi Security System for Spring - Parent Have you faced this problem? Vishal - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] maven 2 eclipse integration
Hmm. That should do it. I work with IDEA not eclipse though, I am not sure if that stuff works. Jetbrains was kind enough to issue us an Open Source development license if you'd like to try it. IDEA just works :) no plugins required. On 5/1/07, Vishal Puri [EMAIL PROTECTED] wrote: I am executing in trunk/acegisecurity directory. Ray Krueger wrote: Are you executing it out of the acegisecurity directory? And not in ./core or one of the other modules? On 4/30/07, Vishal Puri [EMAIL PROTECTED] wrote: Hi All Carlos and Luke, have you been able to generate eclipse .classpath and .project files with maven 2 for acegi ? Doing mvn eclipse:clean and mvn eclipse:eclipse doesn't generate these files for Acegi Security System for Spring - Parent Have you faced this problem? Vishal - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] rememberme ...
Please use the forum at http://forum.springframework.org/forumdisplay.php?f=33 for user questions. You should also supply debug log output if possible. On 4/30/07, Tom Stroobants [EMAIL PROTECTED] wrote: Since a few months we are having problems with the rememberme option … We have a userform where a ckeckbox is displayed that a user can check to trigger the rememberme functionallity … When the user does not check the checkbox, he will not be able to login in … Anyone is having the same problem ? Was there anything changed in the latest versions ? Thanks, Tom. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] IllegalStateException On Login
The IllegalStateException is coming from Tomcat, not Acegi. I say that because you may have better luck looking for help with Tomcat with a wider audience than us. It looks like this IllegalStateException is not a new thing. http://www.google.com/search?q=ResponseFacade+sendRedirect+IllegalStateExceptionie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a Lots of folks seem to have this problem, so you should be able to find a good solution somewhere. It definitely isn't an Acegi problem; which means your configuration is probably fine. On 4/25/07, Murthy Avvari [EMAIL PROTECTED] wrote: Hi, I have been trying to fix this specific problem for my client who is using acegisecurity 1.0.3 for their web aplication running under Tomcat 5.5.x version. Here is the problem reproducing sequence. 1. Set the session time out to just 1 Minute in Tomcat web xml configuration. 2. Go to Login page. Enter Username and password but dont hit the submit button. 3. Wait for little over 1 Minute. 4. Hit the Submit button. Now I get the following exception. I am not sure is this the problem in 1. Acegisecurity package? 2. If yes, because The AbstractProcessingFilter is not configured as the First Filter? I really appreciate any help on this please. Thanks, - Murthy --- 2007-04-25 00:24:01,800 DEBUG - HttpSessionContextIntegrationFilter.doFilter(282) | SecurityContext stored to HttpSession: '[EMAIL PROTECTED] : Authentication: [EMAIL PROTECTED]' 2007-04-25 00:24:01,801 DEBUG - HttpSessionContextIntegrationFilter.doFilter(291) | SecurityContextHolder set to new context, as request processing completed 2007-04-25 00:24:01,802 ERROR - StandardWrapperValve.invoke(260) | Servlet.service() for servlet jsp threw exception java.lang.IllegalStateException at org.apache.catalina.connector.ResponseFacade.sendRedirect (ResponseFacade.java:432) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:125) at org.acegisecurity.ui.AbstractProcessingFilter.sendRedirect(AbstractProcessingFilter.java :322) at org.acegisecurity.ui.AbstractProcessingFilter.successfulAuthentication(AbstractProcessingFilter.java:404) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java :212) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:229) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:173) at edu.ggu.search.web.LoginGoogleFilter.doFilter(LoginGoogleFilter.java:56) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java :202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Cannot build, problems with ibiblio?
I'm still trying to get a contacts sample to build here. The only good way to do that is with maven 1.0. The maven1 builds for core and the contacts sample fail due to ibiblio returning 301 responses for some (maybe all) jar file downloads. This causes the build to fail for missing dependencies. I've been trying to get this to work on and off for two days, hoping the 301 would go away. I've attached the core build log. I can't do the contacts build, because the core build fails. Any ideas? core.log Description: Binary data - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Cannot build, problems with ibiblio?
You know... I saw that the maven2 builds were using that repo, I didn't even think to tell the maven1 to use it. I'll add that repo to the project.properties files to solve this once and for all. Thanks! On 4/24/07, Jose Luis Huertas Fernández [EMAIL PROTECTED] wrote: Hi Ray, some weeks ago I had a similar issue with another project. I solved it following these instructions I found in the Maven 1.x page: 7 December 2006 - Central repository isn't working for maven 1.0.x users If you are using Maven 1.0.x you may have found that the repository is not working and Maven is unable to download new dependencies. The reason is that the ibiblio guys have moved the repo to another machine and Maven 1.0.x can't handle redirects across different host names. The workaround is to use the new central repository configuration until ibiblio fixes the problem. Add to your project.properties : maven.repo.remote=http://repo1.maven.org/maven Hope this helps, Jose Luis. 2007/4/24, Ray Krueger [EMAIL PROTECTED]: I'm still trying to get a contacts sample to build here. The only good way to do that is with maven 1.0. The maven1 builds for core and the contacts sample fail due to ibiblio returning 301 responses for some (maybe all) jar file downloads. This causes the build to fail for missing dependencies. I've been trying to get this to work on and off for two days, hoping the 301 would go away. I've attached the core build log. I can't do the contacts build, because the core build fails. Any ideas? - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Our build is a mess...
The AuthorizeTagExpressionLanguageTests fail for me on Windows XP in all Maven versions due to a NoSuchMethod exception. We had a discussion a few months back with one of the users having the same problem. I have no idea what the issue is, but it always fails for me. There is even a bug open for this. http://opensource.atlassian.com/projects/spring/browse/SEC-445 On 4/23/07, Carlos Sanchez [EMAIL PROTECTED] wrote: On 4/21/07, Ray Krueger [EMAIL PROTECTED] wrote: * Maven 2.0.5 and 2.0.6 both cause the AuthorizeTagExpressionLanguageTests to fail, whereas 2.0.4 builds it fine. what is the problem? it passes for me * The contacts sample cannot be built with maven2 from the instructions on our website, the multiwar plugin doesn't exist. * Using 'mvn war' in samples/contacts produces an invalid application. It doesn't copy in the common and filter directories. * We have maven1 instructions up for everything, yet we only seem to support maven2. We need to update our instructions. I'd gladly do it if someone can tell me how to build the sample apps with maven2. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Our build is a mess...
Running a clean test now, I'll update the bug. Any ideas on the war/multiwar thing? Is there a maven2 equivalent to multiwar? On 4/23/07, Carlos Sanchez [EMAIL PROTECTED] wrote: i can't reproduce with 2.0.6 I need the test report in target/surefire-reports/.../AuthorizeTagExpressionLanguageTests.txt On 4/23/07, Ray Krueger [EMAIL PROTECTED] wrote: The AuthorizeTagExpressionLanguageTests fail for me on Windows XP in all Maven versions due to a NoSuchMethod exception. We had a discussion a few months back with one of the users having the same problem. I have no idea what the issue is, but it always fails for me. There is even a bug open for this. http://opensource.atlassian.com/projects/spring/browse/SEC-445 On 4/23/07, Carlos Sanchez [EMAIL PROTECTED] wrote: On 4/21/07, Ray Krueger [EMAIL PROTECTED] wrote: * Maven 2.0.5 and 2.0.6 both cause the AuthorizeTagExpressionLanguageTests to fail, whereas 2.0.4 builds it fine. what is the problem? it passes for me * The contacts sample cannot be built with maven2 from the instructions on our website, the multiwar plugin doesn't exist. * Using 'mvn war' in samples/contacts produces an invalid application. It doesn't copy in the common and filter directories. * We have maven1 instructions up for everything, yet we only seem to support maven2. We need to update our instructions. I'd gladly do it if someone can tell me how to build the sample apps with maven2. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Our build is a mess...
All, I've fixed the http://opensource.atlassian.com/projects/spring/browse/SEC-445 bug. The fix is to bring in servlet-api 2.4 so that we get the correct version of PageContext into the classpath. Is that going to be a problem? On 4/23/07, Ray Krueger [EMAIL PROTECTED] wrote: Running a clean test now, I'll update the bug. Any ideas on the war/multiwar thing? Is there a maven2 equivalent to multiwar? On 4/23/07, Carlos Sanchez [EMAIL PROTECTED] wrote: i can't reproduce with 2.0.6 I need the test report in target/surefire-reports/.../AuthorizeTagExpressionLanguageTests.txt On 4/23/07, Ray Krueger [EMAIL PROTECTED] wrote: The AuthorizeTagExpressionLanguageTests fail for me on Windows XP in all Maven versions due to a NoSuchMethod exception. We had a discussion a few months back with one of the users having the same problem. I have no idea what the issue is, but it always fails for me. There is even a bug open for this. http://opensource.atlassian.com/projects/spring/browse/SEC-445 On 4/23/07, Carlos Sanchez [EMAIL PROTECTED] wrote: On 4/21/07, Ray Krueger [EMAIL PROTECTED] wrote: * Maven 2.0.5 and 2.0.6 both cause the AuthorizeTagExpressionLanguageTests to fail, whereas 2.0.4 builds it fine. what is the problem? it passes for me * The contacts sample cannot be built with maven2 from the instructions on our website, the multiwar plugin doesn't exist. * Using 'mvn war' in samples/contacts produces an invalid application. It doesn't copy in the common and filter directories. * We have maven1 instructions up for everything, yet we only seem to support maven2. We need to update our instructions. I'd gladly do it if someone can tell me how to build the sample apps with maven2. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Our build is a mess...
On 4/22/07, Luke Taylor [EMAIL PROTECTED] wrote: Luke Taylor wrote: I suggested a while back that we refactor the sample app into a simple s/simple/single I like simple better :) webapp which uses the standard authentication filter and leave the other context files commented out in web.xml so that it's possible to switch to another version and build it just by changing file. I think we agreed that was a good idea. That would make the code layout easier to follow and the build simpler. I got part of the way through doing this but didn't have time to test all the different versions of the app. I dunno what's wrong with the later maven versions. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Our build is a mess...
* Maven 2.0.5 and 2.0.6 both cause the AuthorizeTagExpressionLanguageTests to fail, whereas 2.0.4 builds it fine. * The contacts sample cannot be built with maven2 from the instructions on our website, the multiwar plugin doesn't exist. * Using 'mvn war' in samples/contacts produces an invalid application. It doesn't copy in the common and filter directories. * We have maven1 instructions up for everything, yet we only seem to support maven2. We need to update our instructions. I'd gladly do it if someone can tell me how to build the sample apps with maven2. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Jalopy?
It might be worthwhile to consider pruning Jalopy down to where it only fixes those nagging things that Checkstyle finds (spaces around brackets and such). On 4/20/07, Luke Taylor [EMAIL PROTECTED] wrote: Ray Krueger wrote: Yeah, I totally agree. Applying Jalopy on the new code works well because it adds all the file header stuff. After that though, checkstyle is much more effective. Unfortunately we haven't been adhering to the Checkstyle requirements from the start. That will take some effort to bring the errors down as you've said. Hey, I spent ages bringing the errors down a while back :). There are only 34 at the moment in core and 12 are due to spaces around brackets. If we can get someone to nail the file down to what we want the code to look like (e.g. our benevolent dictator, Ben?), then we can run from there. At the moment it's just an approximation based on my best guesses. cheers, Luke. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] OpenID support added to sandbox!
I've already started working on some refactoring. I believe I can reduce the OpenIDResponseProcessingFilter and OpenIDLoginInitiationServlet into one standard OpenIdProcessingFilter. This also has the side effect of increasing test coverage by reducing the amount of code to test :) On 4/20/07, Ray Krueger [EMAIL PROTECTED] wrote: Thanks to the efforts of Robin Bramley; we now have a first draft of OpenID support in the sandbox. The code is mostly as-is from when Robin submitted sent it to me. I've done all the standard jalopy formatting of the code so it blends in and has the proper file headers. I've noted two basic Todo items for the code: * Improve test coverage * Replace OpenIDLoginInitiationServlet with a Filter to apply to our normal FilterChain I apologize for taking so long to get it together and get it committed. Everyone has their priorities to manage! Thanks again to Robin for the excellent submission! - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Maven Repos for OpenID libs
I'm back from vacation, and after clearing my plate a bit, I'm trying to get this OpenID code uploaded. Does maven2 require a complete pom to download a single jar file? I uploaded the janrain library to http://acegisecurity.sourceforge.net/maven/com/janrain/Janrain-Openid/2007-02-26/ Next Maven2 complained about there being no pom, so I made an empty one. After that it complained about the md5 hash, so I created that. Now it's complaining about the pom not being 4.0, so I added the modelVersion. It continued to complain about the modelVersion, so I went to bed. Is there a better way? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Re navigation
The forums are really the best place for answers. On that note, does this sound like the problem you're having? http://forum.springframework.org/showthread.php?p=108322#post108322 On 3/20/07, Hilda Raymond [EMAIL PROTECTED] wrote: I have an app setup with Acegi. But if I give a url of an application as soon as i open a browser, acegi intercepts and navigates the user to acegilogin.jsp, but when I login from here, The application does'nt take the normal route of Authentication and authorization but seemingly navigates directly to the unauthorizedly naivagated page. Is it a problem of session unclearance or cache - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] OpenID support
Awesome :) What else is there to say? On 3/14/07, Robin.Bramley [EMAIL PROTECTED] wrote: Sorry guys I've had a busy week and I'm only on the digest list so Ray's message took a while to come through. Matt - I agree that an application should only have one login form (if it's a standard username* and a password is included we can create a UsernamePasswordAuthenticationToken and then call AuthenticationManager.authenticate). I'm also not convinced about the use of email addresses as OpenIDs as lots of existing sites use email for usernames. As for absolute transparency, some OpenID providers (e.g. myopenid) have a 'safe mode' that will only allow you to authenticate on their site... Ray - * Regex matching of the submitted principal makes perfect sense. I've currently got a TODO in the OpenIDAuthenticationProvider for mapping URLs to usernames before calling the AuthoritiesPopulator - it should be configurable but with sufficient documentation to try to prevent misconfiguration that might allow alice.evilopenid.com to access a local alice account. This becomes more critical if the webapp is also an OpenID provider and you allow users to use https://openid.mysite.com/{username} - (thinking out loud) in which case the OpenIDAuthenticationProvider could take a Map of openid.server domains to patterns (or some form of transformer bean)... It would be useful to refactor the CasAuthoritiesPopulator/DaoCasAuthoritiesPopulator etc. to an sso package (maybe rationalise the LdapAuthoritiesPopulator and the CasAuthoritiesPopulator interfaces?). For backwards compatibility it might be nice to make org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator an empty subclass of the new DaoSsoAuthoritiesPopulator. I'll finish off the refactoring to abstract the JanRain consumer library, add some unit tests, move the package from com.opsera.acegi to org.acegisecurity and rewrite the steps in my initial reply to Matt for the reference guide and then zip it all up for the sandbox (I'll aim for early next week). Then I need to find the time to resume the server implementation; my primary concern is around seamlessly tying the user interaction into the flow - Myopenid makes you authenticate in a second window before clicking continue to be returned to the consuming site. Current idea is to configure the OpenID server authentication servlet URL as a secured resource - assume I may need to modify some Acegi code to allow the data to be rePOSTed to the servlet (or appended as a query string and then I can implement doGet on the servlet). Cheers, Robin -Original Message- Subject: Acegisecurity-developer Digest, Vol 11, Issue 2 To: acegisecurity-developer@lists.sourceforge.net Reply-to: acegisecurity-developer@lists.sourceforge.net Date: Tue, 13 Mar 2007 08:40:43 -0700 snip Date: Thu, 8 Mar 2007 08:41:46 -0600 From: Ray Krueger Subject: Re: [Acegisecurity-developer] OpenID support I am interested in getting involved in this effort as well. I agree with the transparency of the OpenId vs Username field. One of the ideas that I lean towards is following a url pattern, rather than just the host.domain pattern. DHH (the rails guy) talked about this exact subject a few days ago on his blog: http://www.loudthinking.com/arc/000606.html Following a URL pattern makes it extremely easy to tell the difference between the two. Providing a means in the code to define an 'openIdMatchPattern' that defines a regex to tell the difference would be the best way to go on our end in Acegi. Also, there several openId libraries out there, it would be senseless to build the authentication and delegation functionalities directly into Acegi. I think Robin is definitely on the right track there. I don't like the idea of our OpenID support calling off into our CAS code though, if the functionality there is useful outside of CAS it should get refactored into a new home. Robin, if you would like to get some other folks involved zip up the code and email it to me directly. I'll find a home for it in the sandbox and we can all start taking a look at it. -Original Message- From: Matt Raible Sent: 08 March 2007 14:20 To: Robin.Bramley Cc: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] OpenID support That's great to hear someone is working on this. However, I'm wondering if it's possible to make it more transparent to the user. For example, have some sort of bean or filter that's OpenID aware and has a list of servers to talk to. If there's two dots in the username, Acegi attempts to authenticate with open id (through some background call that's transparent to the user). If not, it attempts normal authentication. Is there any problem with providing this type of transparency? I like the idea behind having the openid string and username come from the same text box. http://www.pjhyett.com
Re: [Acegisecurity-developer] Authentication Propagation across JMS
When you send the message, you could attach the Authentication to the message by calling: message.setObjectProperty(authentication, SecurityContextHolder.getContext().getAuthentication()); Then on the receiving end you just get it back... Authentication auth = (Authentication) message.getObjectProperty(authentication); //add null checking... SecurityContextHolder.getContext().setAuthentication(auth); On 3/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Greetings: I'm using Acegi and Spring 1.2 in our application. I am currently using HTTP Invoker Authentication propagation to push credentials to the service layer for web services calls. I'd like to use a similar facility to pass credentials with my JMS messages so I might secure the asynchronous operations in a similarly transparent manner. Does a declarative propagation methodology exist for Acegi and JMS? Is this something that is possible? -jason - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] OpenID support
I am interested in getting involved in this effort as well. I agree with the transparency of the OpenId vs Username field. One of the ideas that I lean towards is following a url pattern, rather than just the host.domain pattern. DHH (the rails guy) talked about this exact subject a few days ago on his blog: http://www.loudthinking.com/arc/000606.html Following a URL pattern makes it extremely easy to tell the difference between the two. Providing a means in the code to define an 'openIdMatchPattern' that defines a regex to tell the difference would be the best way to go on our end in Acegi. Also, there several openId libraries out there, it would be senseless to build the authentication and delegation functionalities directly into Acegi. I think Robin is definitely on the right track there. I don't like the idea of our OpenID support calling off into our CAS code though, if the functionality there is useful outside of CAS it should get refactored into a new home. Robin, if you would like to get some other folks involved zip up the code and email it to me directly. I'll find a home for it in the sandbox and we can all start taking a look at it. On 3/8/07, Matt Raible [EMAIL PROTECTED] wrote: That's great to hear someone is working on this. However, I'm wondering if it's possible to make it more transparent to the user. For example, have some sort of bean or filter that's OpenID aware and has a list of servers to talk to. If there's two dots in the username, Acegi attempts to authenticate with open id (through some background call that's transparent to the user). If not, it attempts normal authentication. Is there any problem with providing this type of transparency? I like the idea behind having the openid string and username come from the same text box. http://www.pjhyett.com/posts/213-openid-isn-t-going-to-work-unless I don't know about the fake e-mail address in the above post, but I like the idea of assuming openid when no password is entered. Matt On 3/8/07, Robin.Bramley [EMAIL PROTECTED] wrote: Hi Matt, I'm currently working on OpenID ui, provider adaptor classes for Acegi - with the intention of tidying them up and contributing them to the project. I've got a prototype Acegi OpenID consumer authentication working (using the JanRain library - I plan to abstract the library support). The flow is: 1. User requests a secured page and the AuthenticationProcessingFilterEntryPoint (configured on the ExceptionTranslationFilter) sends the user off to an OpenID login form 2. The user enters their OpenID (e.g. rbramley.myopenid.com) and submits the form 3. The form POSTs to /j_acegi_openid mapped to OpenIDLoginInitiationServlet (uses Spring web app context to get the JanRain OpenID Store) 4. The Consumer.begin method looks up the identity page, associates to the server etc. 5. The servlet redirects the user to the OpenID server (e.g. myopenid.com), setting the return to URL as /j_acegi_openid_security_check 6. The user logs on and the OpenID server returns the user 7. Acegi passes the request to the OpenIDProcessingFilter based on the filterProcessesUrl property 8. The Consumer.complete method provides a response object which is wrapped in an OpenIDAuthenticationToken 9. This is passed to the OpenIDAuthenticationProvider (via the AuthenticationManager) 10. If the response is a successul authentication, the auth provider uses the CasAuthoritiesPopulator interface to obtain the UserDetails 11. The Authentication is returned and the user sent to the originally requested URL (as stored in the AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY HttpSession attribute by the SecurityEnforcementFilter). The next steps are to finish the OpenID server (may use the openid4java library from sxip) backed by Acegi and then look at how to encapsulate the registration functionality. Cheers, Robin Robin Bramley Opsera www.opsera.com http://www.opsera.com/ Matt Raible Fri, 29 Dec 2006 15:34:32 -0800 Are there any plans to support OpenID as a SSO option with Acegi Security? http://openid.net http://openid.net/ We've seen some interest in supporting this with Roller - which uses Acegi for its security. Thanks, Matt -- http://raibledesigns.com http://raibledesigns.com/ -- http://raibledesigns.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net
Re: [Acegisecurity-developer] Unresolved dependency problems
Brad, can you try deleting the following, and trying the build again? YOUR_HOME_FOLDER\.m2\repository\javax\servlet\jsp-api\2.0 Where 'YOUR_HOME_FOLDER' is something like C:\Documents and Settings\bcox Also, are you using Maven 2.0.4 or better? On 2/26/07, Carlos Sanchez [EMAIL PROTECTED] wrote: it works for me, so only thing is open a jira in http://opensource.atlassian.com/projects/spring/browse/SEC On 2/26/07, Brad Cox, Ph.D. [EMAIL PROTECTED] wrote: Carlos Sanchez wrote: check target/surefire-reports folder in the module that failed and you'll find a file with name org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests* send the error You mean this? --- Test set: org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests --- Tests run: 3, Failures: 0, Errors: 3, Skipped: 0, Time elapsed: 0.052 sec FAILURE! testAllGrantedUsesExpressionLanguageWhenExpressionIsEL(org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests) Time elapsed: 0 .018 sec ERROR! java.lang.NoSuchMethodError: javax.servlet.jsp.PageContext.getExpressionEvaluator()Ljavax/servlet/jsp/el/ExpressionEvaluator; at org.springframework.web.util.ExpressionEvaluationUtils$Jsp20ExpressionEvaluationHelper.evaluate(ExpressionEvaluationUtils.java:21 6) at org.springframework.web.util.ExpressionEvaluationUtils.evaluateString(ExpressionEvaluationUtils.java:150) at org.acegisecurity.taglibs.authz.AuthorizeTag.doStartTag(AuthorizeTag.java:93) at org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests.testAllGrantedUsesExpressionLanguageWhenExpressionIsEL(Author izeTagExpressionLanguageTests.java:66) testAnyGrantedUsesExpressionLanguageWhenExpressionIsEL(org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests) Time elapsed: 0 .007 sec ERROR! java.lang.NoSuchMethodError: javax.servlet.jsp.PageContext.getExpressionEvaluator()Ljavax/servlet/jsp/el/ExpressionEvaluator; at org.springframework.web.util.ExpressionEvaluationUtils$Jsp20ExpressionEvaluationHelper.evaluate(ExpressionEvaluationUtils.java:21 6) at org.springframework.web.util.ExpressionEvaluationUtils.evaluateString(ExpressionEvaluationUtils.java:150) at org.acegisecurity.taglibs.authz.AuthorizeTag.doStartTag(AuthorizeTag.java:102) at org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests.testAnyGrantedUsesExpressionLanguageWhenExpressionIsEL(Author izeTagExpressionLanguageTests.java:75) testNotGrantedUsesExpressionLanguageWhenExpressionIsEL(org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests) Time elapsed: 0 .002 sec ERROR! java.lang.NoSuchMethodError: javax.servlet.jsp.PageContext.getExpressionEvaluator()Ljavax/servlet/jsp/el/ExpressionEvaluator; at org.springframework.web.util.ExpressionEvaluationUtils$Jsp20ExpressionEvaluationHelper.evaluate(ExpressionEvaluationUtils.java:21 6) at org.springframework.web.util.ExpressionEvaluationUtils.evaluateString(ExpressionEvaluationUtils.java:150) at org.acegisecurity.taglibs.authz.AuthorizeTag.doStartTag(AuthorizeTag.java:82) at org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests.testNotGrantedUsesExpressionLanguageWhenExpressionIsEL(Author izeTagExpressionLanguageTests.java:84) On 2/26/07, Brad Cox, Ph.D. [EMAIL PROTECTED] wrote: Carlos Sanchez wrote: run mvn install from the root folder before trying to build the samples so you have the latest acegi jars. Or change the sample to use last release instead of using snapshots. Thanks!! mvn install in the root folder ran except for one test failure: Running org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests Tests run: 3, Failures: 0, Errors: 3, Skipped: 0, Time elapsed: 0.051 sec FAILURE! So hoping for the best... First of all, deploy the Tutorial Sample, which is included in the main distribution ZIP file. The sample doesn't do a great deal, but it does give you a template that can be quickly and easily used to integrate into your own project. imac:/G5B/Java/acegisecurity/samples/tutorial bcox$ mvn deploy [INFO] Scanning for projects... [INFO] [INFO] Building Maven Default Project [INFO]task-segment: [deploy] [INFO] [INFO] artifact org.apache.maven.plugins:maven-deploy-plugin: checking for updates from central Downloading: http://repo1.maven.org/maven2/org/apache/maven/plugins/maven-deploy-plugin/2.3/maven-deploy-plugin-2.3.pom
Re: [Acegisecurity-developer] Jboss Portal + Acegi
Arturo, please consider posting on the forums, there are lots of folks out there who have tied JBoss Portal with Acegi. On 2/27/07, Arturo San Feliciano Martín [EMAIL PROTECTED] wrote: Hello, I´m still trying to join acegi with jboss portal. I put the jboss adapter but when I try to access to SecurityContextHolder to get the Authenticate object, i´m always getting null. The adapter don´t put the authenticate object on the server thread? Should I rewrite login method to do this operation? Is there any other better way to do this? Thanks Arturo San Feliciano Martín - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Jboss Portal + Acegi
Forgot to post the link, sorry http://forum.springframework.org/forumdisplay.php?f=33 On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: Arturo, please consider posting on the forums, there are lots of folks out there who have tied JBoss Portal with Acegi. On 2/27/07, Arturo San Feliciano Martín [EMAIL PROTECTED] wrote: Hello, I´m still trying to join acegi with jboss portal. I put the jboss adapter but when I try to access to SecurityContextHolder to get the Authenticate object, i´m always getting null. The adapter don´t put the authenticate object on the server thread? Should I rewrite login method to do this operation? Is there any other better way to do this? Thanks Arturo San Feliciano Martín - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Unresolved dependency problems
Pasting massive logs to the list makes the listserv mad. I'm truncating this message for clarity. On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: I just updated to the latest code from SVN and the build is failing for me as well. Same test actually: org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests I'll take a look, but I'm buried at work and can't spend much time on it. Be back in a bit :) On 2/27/07, Brad Cox, Ph.D. [EMAIL PROTECTED] wrote: Ray Krueger wrote: Brad, can you try deleting the following, and trying the build again? YOUR_HOME_FOLDER\.m2\repository\javax\servlet\jsp-api\2.0 Where 'YOUR_HOME_FOLDER' is something like C:\Documents and Settings\bcox Deleted /home/bcox/.m2/repository/javax/servlet/jsp-api/2.0 See attached. Failure still there Also, are you using Maven 2.0.4 or better? imac:/G5B/Java/acegisecurity bcox$ mvn -v Maven version: 2.0.5 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Unresolved dependency problems
This test only fails in Maven 2.0.5 Executing mvn clean test with Maven 2.0.4 passes fine. This test also passes fine when run directly in the IDE (IntelliJ for me). Maven really does not handle test failures well. There is no clue as to what test failed, you only get [INFO] There are test failures. There should be some clue as to what test failed. Can the html report be generated directly to get a summary? Can I run the maven-surefire-report-plugin direclty? (Sorry for the direct email rather than the list Brad, I do that a lot haha) On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: Pasting massive logs to the list makes the listserv mad. I'm truncating this message for clarity. On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: I just updated to the latest code from SVN and the build is failing for me as well. Same test actually: org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests I'll take a look, but I'm buried at work and can't spend much time on it. Be back in a bit :) On 2/27/07, Brad Cox, Ph.D. [EMAIL PROTECTED] wrote: Ray Krueger wrote: Brad, can you try deleting the following, and trying the build again? YOUR_HOME_FOLDER\.m2\repository\javax\servlet\jsp-api\2.0 Where 'YOUR_HOME_FOLDER' is something like C:\Documents and Settings\bcox Deleted /home/bcox/.m2/repository/javax/servlet/jsp-api/2.0 See attached. Failure still there Also, are you using Maven 2.0.4 or better? imac:/G5B/Java/acegisecurity bcox$ mvn -v Maven version: 2.0.5 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Unresolved dependency problems
OK, I assumed you meant there was summary. Having the failure buried in with 600 success messages isn't what I was looking for. That's what I meant by it not being easy. On 2/27/07, Carlos Sanchez [EMAIL PROTECTED] wrote: in the previous lines it tells you which test failed On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: Maven 2.0.5 says... Results : Tests run: 963, Failures: 0, Errors: 3, Skipped: 0 [INFO] [ERROR] BUILD FAILURE [INFO] [INFO] There are test failures. [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 1 minute 25 seconds [INFO] Finished at: Tue Feb 27 12:22:38 CST 2007 [INFO] Final Memory: 6M/12M [INFO] Is it because these are errors, not failures, that Maven stays silent about the what test went wrong? Why would deleting my repository change fix the 2.0.5 problem, when it builds fine with 2.0.4 using the same repository? On 2/27/07, Carlos Sanchez [EMAIL PROTECTED] wrote: i use 2.0.5 and builds fine for me try deleting your local repo ~/.m2/repository maven reports the tests that fail, just check the lines before [INFO] There are test failures. On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: This test only fails in Maven 2.0.5 Executing mvn clean test with Maven 2.0.4 passes fine. This test also passes fine when run directly in the IDE (IntelliJ for me). Maven really does not handle test failures well. There is no clue as to what test failed, you only get [INFO] There are test failures. There should be some clue as to what test failed. Can the html report be generated directly to get a summary? Can I run the maven-surefire-report-plugin direclty? (Sorry for the direct email rather than the list Brad, I do that a lot haha) On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: Pasting massive logs to the list makes the listserv mad. I'm truncating this message for clarity. On 2/27/07, Ray Krueger [EMAIL PROTECTED] wrote: I just updated to the latest code from SVN and the build is failing for me as well. Same test actually: org.acegisecurity.taglibs.authz.AuthorizeTagExpressionLanguageTests I'll take a look, but I'm buried at work and can't spend much time on it. Be back in a bit :) On 2/27/07, Brad Cox, Ph.D. [EMAIL PROTECTED] wrote: Ray Krueger wrote: Brad, can you try deleting the following, and trying the build again? YOUR_HOME_FOLDER\.m2\repository\javax\servlet\jsp-api\2.0 Where 'YOUR_HOME_FOLDER' is something like C:\Documents and Settings\bcox Deleted /home/bcox/.m2/repository/javax/servlet/jsp-api/2.0 See attached. Failure still there Also, are you using Maven 2.0.4 or better? imac:/G5B/Java/acegisecurity bcox$ mvn -v Maven version: 2.0.5 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your
Re: [Acegisecurity-developer] Beyond Low-Hanging Fruit: Domain Access Control List
I got this email the other day from those folks... Though I don't know if they're available to the public... {quote} Dear Ray, Greetings! We are happy to announce that video/ audio from TSE 2006 is now available! Here are the instructions: 1). Go to www.thespringexperience.com 2). userid = email address 3). password = what you chose - remember feature available 4). Video link will be found in the upper left hand corner above the slide download link 5). Choose the session you wish to watch and enjoy - the slides are available for download again as well. {quote} On 2/21/07, Karl Moore [EMAIL PROTECTED] wrote: Does anyone have a copy of this presentation, or know when it will be available? This has been brought up a few times on the forum after the blog post. http://blog.interface21.com/main/2006/12/16/whats-new-and-cool-in-spring-20/ Discover the new Windows Vista Learn more! - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Multiple applications and different roles
Sounds like a single sign-on solution would work best. Have a look at the Acegi support for CAS. Using CAS with Acegi might provide the features you are looking for. On 2/8/07, Stephane Bailliez [EMAIL PROTECTED] wrote: Hi all, I'm trying to see whether there is an easy way to implement roles (authorities) for several applications. Each application having its own set of authorities (ie: john being registered as ROLE_SUPERVISOR only for application A, does not apply to application B and C for example). Seems there is no support for this out of the box and the model is rather flat. A potential workaround I was thinking to avoid too much initial code would be to have a convention such such as: ROLE_A_SUPERVISOR, ROLE_B_SUPERVISOR respectively for application A and B which will be an acceptable workaround for half a dozen applications in the short term even though not extremely elegant. Does any one have solve this type of issue differently or any opinion on the above ? Thanks, -- stephane - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] In the Acegi config xml file why use /A and /Z in the URL pattern?
The best explanation of FilterSecurityInterceptor ObjectDefinitionSource is here: http://acegisecurity.org/docbook/acegi.html#filter-invocation-authorization Basically, you are using regular expressions in the example you gave and the \A means beginging of the line and \Z means end of the line. What you have is actually broken though. You're declaring to Acegi PATTERN_TYPE_APACHE_ANT which tells the code that the patterns should be Ant style, and then you're passing regular expressions. Whereas with Ant patterns you would use /c/portal/login* Also, you should consider adding the CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON directive, as it eliminates case-sensitivity issues when matching the patterns. And one last thing, you probably shouldn't be protecting your /login url with ROLE_AUTHENTICATED as that login is probably where they are sent when they are NOT ROLE_AUTHENTICATED and you'll go into a loop. Hope that helps, -Ray On 1/22/07, Garvey, Paul M (GE Comm Fin) [EMAIL PROTECTED] wrote: In the following snippet below why are /A and /Z used in the URL? For example \A/c/portal/login\Z? Why not remove the /A and /Z to leave /c/portal/login? bean id=filterInvocationInterceptor class=org.acegisecurity.intercept.web.FilterSecurityInterceptor property name=authenticationManager ref=authenticationManager / property name=accessDecisionManager ref=accessDecisionManager / property name=objectDefinitionSource value PATTERN_TYPE_APACHE_ANT \A/c/portal/login\Z=ROLE_AUTHENTICATED \A/c/portal/logout\Z=ROLE_AUTHENTICATED \A/c/portal/layout.*\Z=ROLE_AUTHENTICATED \A/group/.*\Z=ROLE_AUTHENTICATED /value /property /bean - Paul - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
Ben answered your original email on this subject... Is there a reason you cannot use a PropertyPlaceholderConfigurer? http://www.springframework.org/docs/api/org/springframework/beans/factory/config/PropertyPlaceholderConfigurer.html On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: In using Acegi with Cas in a web application. As you know, I have to set the serviceProperties property of CasProcessingFilterEntryPoint to the url that CAS will call after authentication. I don't like to set this url in applicationContext-acegi-security.xml but I prefere this value Is build automatically. To do it I'm going to extends org.acegisecurity.ui.cas.ServiceProperties with a class that try to build the service property if is not setted (null) using something like this: serviceProperties=http://+request.request.getLocalAddr()+:+request.getLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check (I don't use https in this case….) What's your opinion? Please, any suggestions are welcome. Regards Mario Buonopane This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] [Fwd: [Fwd: Re: Authentication and authorization status in OGC-compliant OSS GIS software]]
If you can find a means to make java code authenticate against DACS, then it would be easy enough to write an Acegi AuthenticationProvider that talks to it. On 1/19/07, Krystian Nowak [EMAIL PROTECTED] wrote: Do you think it is possible to include DACS (http://dacs.dss.ca/) as a authentication adapter (just as it is with Yale's CAS)? There were talks about the future of authorization in OSS GIS GeoServer (http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring, so it would be natural to use Acegi. On the other hand there is an Open Geospatial Consortium (OGC) standardising organisation for GIS software and one of their implementation for security used in demos is DACS. The problem is that DACS is native application whereas the GeoServer is a Java webapp. Maybe you have some ideas or already have head about works between DACS and Acegi? Do you find it possible to integrate in any scope (just authentication or maybe even more - to simulate DACS-like authorization using Acegi)? Below there is an email on these talks. If it's not clear for you, please, do not hesitate to ask questions to make it more informative. Thanks in advance for your help! Kind regards, Krystian Nowak PSNC -- Krystian Nowak [EMAIL PROTECTED] === Poznan Supercomputing and Networking Center Poland, 60-814 Poznan, Zwierzyniecka 20 tel. (+48 61) 8582159 fax. (+48 61) 8582151 http://www.man.poznan.pl === Wiadomość oryginalna Temat: Re: Authentication and authorization status in OGC-compliant OSS GIS software Data: Thu, 18 Jan 2007 10:36:48 -0800 Nadawca: Barry Brachman [EMAIL PROTECTED] Odpowiedź-Do: [EMAIL PROTECTED] Adresat: Krystian Nowak [EMAIL PROTECTED] Kopia: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Hi all -- Some of this thread was forwarded to me. As the principal designer and implementor of DACS, I thought I might be able to comment a little on a few things that caught my attention. Jody Garnett napisa³(a): I know DACS has been used in an OGC context Is it an OGC standard or only at OWS as demo? DACS is not an OGC standard. It was the subject of three OGC initiatives: CIPI 1.1, CIPI 1.2, and OWS-3. That work mainly dealt with understanding and solving authentication and authorization interoperability issues, and some of the results of those projects were integrated with DACS. As far as I know, nothing is currently being done by the OGC with DACS. what is the benifit for ACEGI? Ah it is a spring security system ... I don't know anything about Acegi (http://acegisecurity.org) other than what I have read on their home page, so I really can't comment on it or compare it with DACS. But at first glance it looks to me like it is quite different from DACS in philosophy, implementation, operation, and feature set. So I suspect the two systems might be aimed at different audiences. As for CAS, it is simply an authentication method, and it is one of many methods supported by DACS. Regardless of how authentication is performed, DACS creates a common internal representation (credentials) which is then exported from DACS to a client, and later sent by a client to DACS with its request. In theory at least, DACS does not care how credentials are transmitted - in an HTTP cookie, via an HTTP extension header, within a URL, or as an argument - these are all possibilities. Clients, which can be middleware, can ask DACS to decode or export credentials, so a DACS identity can easily be converted to some other representation, and importation to DACS from other representations is also possible. Middleware can ask DACS to create credentials. The authorization side of DACS is largely separate and independent of the authentication side. You do not have to use DACS authentication in order to use the DACS access control rule-processing engine. I also can't comment on GeoServer. I believe that, like Acegi, it is a Java application, and DACS being C/C++ software, people who prefer a pure Java solution might not be happy with a system that must use JNI. Supporting DACS as an optional, third-party component of GeoServer might be a possibility though. One other thing that I noticed: Do you know if there is any way to integrate Acegi with DACS? I don't really understand this question because the two systems are quite different, yet in broad terms, do the same kinds of things. So I'm not sure what it would mean to integrate Acegi with DACS. It might be possible for Acegi to use DACS's authentication components, its access control component, or both, but that's probably a question to ask the Acegi folks. And there's also that pesky pure Java issue. It might be possible for the two systems to interoperate, but I don't think that's what you're talking
Re: [Acegisecurity-developer] Setting serviceProperties in Acegi
OK... Subclassing ServiceProperties isn't going to do any good, because you don't have access to the HttpRequest. You can use a PropertyPlaceHolderConfigurer so that your xml looks like... bean id=serviceProperties class=org.acegisecurity.ui.cas.ServiceProperties property name=servicevalue${serviceProperties.serviceUrl}/value/property property name=sendRenewvaluefalse/value/property /bean And then you can externalize these deployment specific parameters into a properties file that gets setup at the client site. We should consider adding a hookmethod into the CasProcessingFilterEntryPoint to allow customization of how the serviceUrl is added to the cas redirect. Oh, and a little tip, you don't have to hard code the http:// part you can use request.getScheme() (terrible name, go Sun). On 1/19/07, Ray Krueger [EMAIL PROTECTED] wrote: Now that I read your email a little more thoroughly, let me take a closer look. Personally I've never used the CAS support in Acegi. I'll get back to you in a minute or two :) On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Sorry Ray, but how can I use PropertyPlaceholderConfigurer for this scope? Can you explain me with an example please? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ray Krueger Sent: 19 gennaio 2007 13.07 To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Setting serviceProperties in Acegi Ben answered your original email on this subject... Is there a reason you cannot use a PropertyPlaceholderConfigurer? http://www.springframework.org/docs/api/org/springframework/beans/factor y/config/PropertyPlaceholderConfigurer.html On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: In using Acegi with Cas in a web application. As you know, I have to set the serviceProperties property of CasProcessingFilterEntryPoint to the url that CAS will call after authentication. I don't like to set this url in applicationContext-acegi-security.xml but I prefere this value Is build automatically. To do it I'm going to extends org.acegisecurity.ui.cas.ServiceProperties with a class that try to build the service property if is not setted (null) using something like this: serviceProperties=http://+request.request.getLocalAddr()+:+request.g etLocalPort()+/+request.getContextPath()+/j_acegi_cas_security_check (I don't use https in this case) What's your opinion? Please, any suggestions are welcome. Regards Mario Buonopane This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE V ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDE V ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net
Re: [Acegisecurity-developer] How to propagate Authentication context?
You should post this to the community forum at: http://forum.springframework.org/forumdisplay.php?f=33 There are thousands of users out there that may have done such a thing. On 12/15/06, Tomislav Stojcevich [EMAIL PROTECTED] wrote: I have the same requirements and have found little documentation anywhere as to how to get it to actually work. I haven't played around too much with it but I do need to eventually. This thread might help. It talks about it but I can't derive a solution from it: http://forum.springframework.org/archive/index.php/t-10122.html -- tom - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] @Secured @Transactional on the same bean(s) - best practice(s) ?
Wim, One of the applications that I work on has 3 interception layers going right now. Security, Transactions, and Monitoring. All interception is done using DefaultAutoProxyCreator with Advisors declared as beans. The interceptors are kept in a specific order using the order attribute of the advisors (the order of your annotations doesn't enter into it). In setting all of this up I've found that Spring gets confused pretty easily when the annotations are on the Impl, or mixed between the impl and the interface. Especially when the beans are declared as you have them; with a ProxyFactoryBean and Impl for the same instance hanging out in the context. What ended up solving all of our configuration woes was to put all of the Annotations on the interfaces. The reasoning behind this is that in most instances of navigating the BeanFactory, all Spring sees is the interface. The question of wether to look at the interface or the impl for the annotations is eliminated. The interface is always there in plainsight with all the information needed. We also segmented our ApplicationContext xml files into specific areas. The reasoning for this answers your concern about leaving off the transaction interceptor in some cases (I think). All of our transaction configuration is in one file, all of the method level security stuff is in another file, and our monitoring stuff is in a third file. The Advisors for those realms are declared in those realm specific files as well. The DefaultAutoProxyCreator is declared in a fourth file, that is always included with the app. So, if we want to leave out method level security we just leave out that file. Wether or not the Annotations 'belong' on the interfaces is probably in the same category as wether or not curly braces 'belong' on the same line or not :) Hope that helps, -Ray On 10/26/06, Wim Lambrecht [EMAIL PROTECTED] wrote: wow, i did include some typos my mail, excuse me, i'll correct them now: Wim Lambrecht schreef: Hi, I have a java (service) interface and an implementation and i want to apply transactional (using Springs @Transactional annotation) and security (using Acegi's @Secured annotation) aspects on it. I'm pretty sure i can manage to use then in a separate setup/deployment (meaning: either transactional or secured), but both at the same time does not give me the desired result. My setup: - an java interface for my service - an implementation of that service interface - i want it to be secure and transactional guarded. I must be honest: i'm actually using a manually configured transactionale proxy (using TransactionProxyFactoryBean) in combinatie with acegi's @Secured annotation (using auto-proxing via DefaultAdvisorAutoProxyCreator and MethodDefinitionSourceAdvisor). - the TransactionProxyFactoryBean is directly in front of my actual service implementation - the @Secured stuff is annotated on some methods on the service interface. public interface OrderService { @Secured({ROLE_ORDERMANAGER}) public void deleteOrder(Order o); //... } public class StandardOrderService implements OrderService { OrderDAO orderDAO = ... public void deleteOrder(Order o) { someOrderDAO.deleteOrder(o); } } //spring-config extraction: bean id=orderService class=org.springframework.transaction.interceptor.TransactionProxyFactoryBean property name=transactionManager ref bean=myTransactionManager/ /property property name=target ref local=orderServiceNoTX/ /property property name=transactionAttributes props prop key=delete*PROPAGATION_REQUIRED/prop !-- etc -- /props /property /bean bean id=orderServiceNoTX class=org.myorg.order.StandardOrderService // stuff (like DAO config etc) /bean //spring-config extraction (END) What happens: (--- is 'target') - my service implementation gets proxied, which is great: $proxy12 (tx-proxy) actual service implementation - since the 'tx-proxy' also implements (i guess) my OrderService, it gets secured-proxied, again 'great', that's what i like. But naturally my service implementation also implements my OrderService interface, so it gets secured-proxied as well. So, i end up with 2 security interceptions: $proxy13 (sec-proxy on tx-proxy) --- $proxy12 (tx-proxy) $proxy14 (second sec-proxy !) ---actual service implementation What i desire: - the best possible setup, so that calls to the service implementation go through maximum 2 proxies, being: 1) the security front and 2) (ones you're in) the transactional protection. - i like to use the @Transactional approach instead, so that security and transactional behavior can be annotated (no config-file fuzz). - this seems like a common behaviour, so i guess
Re: [Acegisecurity-developer] getting user information at the page level
From a velocity page? I'm not sure how you get access to the request itself, but start with that... request.remoteUser request.userPrincipal.principal.username You need to add the ContextHolderAwareRequestFilter to your filterChainProxy for those to work, like Scott had mentioned. On 8/31/06, Matt Raible [EMAIL PROTECTED] wrote: Here's what I use: authz:authentication operation=fullName/ Matt On 8/31/06, Charles Harvey III [EMAIL PROTECTED] wrote: Hello. I'm quite new to Acegi but I think I am getting the hang of it fairly quickly. There is one thing though that I am struggling with. How do I get things like username to be displayed on a web page? I thought the UserDetails was stored in the Session. But it is really stored in an Authentication object, which is stored in a SecurityContext, which is stored in a SecurityContextHolder. Which is all fine. But, how do I access the SecurityContextHolder from the page level after a successful login? Is it available as a Session variable? If so, what is the name of the Session attribute? If not, how do I access the SecurityContextHolder from say, a Velocity page? I'm sure this is done quite regularly so I am hoping someone can point me in the right direction. Thanks for the help. Charlie - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Dynamic defaultTargetUrl
We could wire in a strategy interface for that logic as well. On 8/31/06, Brian Pontarelli [EMAIL PROTECTED] wrote: Great I'm glad that worked. This could be an option on the APF at some point, but sub-classing is a good solution. It would be great to be able to add a parameter to URLs that will trigger ACEGI to use the referrer URL. That way some URLs will return and others won't. Perhaps an enhancement for a future release. -bp Tom Stroobants wrote: We have subclassed the AuthenticationProcessingFilter class and have overridden the successfulAuthentication method. Very easy ... We just put the referrer URL on the session before triggering ACEGI. I hit the login button and our own created class just checks if the targetUrl is empty and if it is get the referrer url from the session and redirect to that page ... Best regards, Tom. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: zaterdag 26 augustus 2006 0:26 To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Dynamic defaultTargetUrl Brian Pontarelli wrote: I think the issue is that the login is a component that exists on many pages and the login/failure should return the user to the page they were viewing rather than a stock login/home page. The best bet at this point is probably to subclass APF and just redirect or forward back to a URL stored in a form parameter. You will have to place the current URL in a hidden field. You might be able to pull off a referrer URL as well depending on your setup. If the referrer URL approach works, I think this would be of general usefulness to others as well. We could have a new property, forceReturnToReferrerUrl on AbstractProcessingFilter. If anyone gets this to consistently work, please pop your code into a JIRA patch and I'll get it applied. Cheers Ben - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] getting user information at the page level
When using the filter, the UserPrincipal is an instance of the Acegi token ( forgot the classname for some reason). It depends on what classes you're using I suppose. Does $request.remoteUser work for you? On 8/31/06, Charles Harvey III [EMAIL PROTECTED] wrote: When using VelocityViewServlet all request, response and session values are put into the velocityContext. So I should be able to do: $request.userPrincipal.principal.username But there is no getPrincipal() method attached to java.security.Principal. The only useful methods available are getName() and toString(). So I'll just try $request.userPrincipal.name and see what happens. I added things like email and zipcode to my AuthUser (which extends User). How do I get those values? Are they also somehow in the userPrincipal? Thanks a lot Charlie Ray Krueger said the following on 8/31/2006 1:28 PM: From a velocity page? I'm not sure how you get access to the request itself, but start with that... request.remoteUser request.userPrincipal.principal.username You need to add the ContextHolderAwareRequestFilter to your filterChainProxy for those to work, like Scott had mentioned. On 8/31/06, Matt Raible [EMAIL PROTECTED] wrote: Here's what I use: authz:authentication operation=fullName/ Matt On 8/31/06, Charles Harvey III [EMAIL PROTECTED] wrote: Hello. I'm quite new to Acegi but I think I am getting the hang of it fairly quickly. There is one thing though that I am struggling with. How do I get things like username to be displayed on a web page? I thought the UserDetails was stored in the Session. But it is really stored in an Authentication object, which is stored in a SecurityContext, which is stored in a SecurityContextHolder. Which is all fine. But, how do I access the SecurityContextHolder from the page level after a successful login? Is it available as a Session variable? If so, what is the name of the Session attribute? If not, how do I access the SecurityContextHolder from say, a Velocity page? I'm sure this is done quite regularly so I am hoping someone can point me in the right direction. Thanks for the help. Charlie - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere
Re: [Acegisecurity-developer] About The Following Acegi Releases
See, I knew Carlos had an answer for that :P That is really good to know. Unfortunately, that only helps people that use mvn for THEIR project. That doesn't really help with Ben's scenario. I didn't think of that when I brought it up. People that are importing acegi into their project and would like to see the source code. People need to understand that the the sources.jar is for reference, not compilation. Ben, does eclipse automatically recognize the source code when it is distributed inside the compiled Jar? On 8/28/06, Carlos Sanchez [EMAIL PROTECTED] wrote: just one line: mvn eclipse:eclipse -DdownloadSources=true and you'll see how sources and javadocs are downloaded and linked in eclipse project maven makes: acegi-security-1.0.1.jar binaries acegi-security-1.0.1-sources.jar sources acegi-security-1.0.1-javadoc.jar javadocs I think it'll be good to keep this. And if you run the previous line in a multiproject it will link the subprojects between themselves, eg. in the top level acegi dir On 8/28/06, Ben Alex [EMAIL PROTECTED] wrote: Luke Taylor wrote: On the branching front, it seems like we could be making more use of branches with subversion. I am happy for these changes to be made. Whilst changing to Maven 2 we should also give consideration to how we distribute source code for IDE integration. At present we release a separate ZIP file containing the sources (which is not intended for compilation). I noticed that the Maven 2 approach appears to be a name-of-artifact-sources.jar file in the standard jar repository. Whilst I see merit in the above approach, I am not particularly fond of it because I still have to undertake the manual step of configuring Eclipse to look at a particular source JAR or ZIP. In addition, as new releases are made, it is not uncommon to forget to change the old source code attachment location. So your source code appears to be for say release 2.0 but it is really for 1.2.7. I am also unaware if Maven 2 can be made to automatically understand it needs to download source artifacts but not include them as classpath resources. Those of you who have been using Google Web Toolkit (GWT) would know Google bundles both source code and compiled class files into the same JAR. This saves the manual step and I have found it extremely useful. I just point to the new release JAR and my JavaDocs and source code attachment is correct. The only downside is a bigger JAR, which in my view is a low price to pay for enhanced productivity and troubleshooting reliability. To put the bigger JAR issue into context: 63 2006-06-17 03:50 acegi-security-1.0.1.jar 529413 2006-06-23 05:34 acegi-security-1.0.1-sources.jar Based on release 1.0.1, we'd go from a 444Kb release to a 973Kb combined JAR. I don't think this is a serious issue from a download or disk space perspective. Especially concerned people can always re-jar for their production deployment. How would people feel about future Acegi Security release JARs including source code, as per GWT? I guess we could continue to have two releases, but our acegi-security-release-sources.jar would contain *both* classes and source code. It would be good to discuss this and get some feedback from the community. Cheers Ben - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application
Re: [Acegisecurity-developer] About The Following Acegi Releases
Ben were you suggesting having acegi-version.jar would be just binary, and acegi-version-sources.jar would be binary with source? I personally think that seperate binary and source jars is fine. The majority of projects work that way. Most people know that, or can figure it out. ~0 is my vote On 8/28/06, Carlos Sanchez [EMAIL PROTECTED] wrote: On 8/28/06, Ben Alex [EMAIL PROTECTED] wrote: Carlos Sanchez wrote: Ben, does eclipse automatically recognize the source code when it is distributed inside the compiled Jar? I don't think so and I don't really like that approach because if you provide the sources, why don't provide the javadocs too? Eclipse DOES automatically recognise if there is source code in the JAR. To see this in action, download GWT and then add its gwt-user.jar to your project. Then do a CTRL+ALT+T for GWT's Panel. good to know To answer Ray's earlier question, we don't need to advertise to users that this is available because their IDE (well, Eclipse anyway) will automatically just do it for them. I don't think there's any benefit providing JavaDocs in the JARs given the source code offers the JavaDocs anyhow and it would bloat the size. I still don't like adding the source for the same reason. A jar is a jar to execute, if you want to develop with sources here they are the jars with the sources. If everybody adds the sources to their jars you'd get huge applications. If you want to do it in the distribution that is manually downloed go for it, but please make jars for the maven repo without sources. Cheers Ben - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] About The Following Acegi Releases
Well put... Dual jars covers both camps. I spend 85% of my day in mentor mode for Spring, Hibernate, and Acegi. So your people are time poor comment really swung my vote heh. On 8/28/06, Ben Alex [EMAIL PROTECTED] wrote: Ray Krueger wrote: Ben were you suggesting having acegi-version.jar would be just binary, and acegi-version-sources.jar would be binary with source? Yes, a traditional .class-only JAR, and a combined .class plus .java JAR. People like me would use the latter, whereas people concerned about the extra 500 Kb in their download can use the former. In my experience delivering training courses, I know how very useful it is to have automatic JavaDocs and source code available to people trying to learn a new API. It is really an issue of what do we value more: * Minimizing bandwidth. Bandwidth is cheap. Every decent library (Spring, Eclipse, Java) is now dozens of megabytes to download. I won't lose much sleep adding 500 Kb (or even 1 Mb!) to a JAR download. * Maximizing productivity. Unlike bandwidth, people are expensive. People are time poor. People are constantly dealing with API changes and new APIs. People don't remember every argument and interface contract they read. We can make peoples' lives easier by including source in the JARs. Besides, we're more likely to get bugs detected and fixes contributed back if more people see the source code. Google (GWT) have obviously concluded the latter is more important, and I'm not aware of anyone objecting to their inclusion of source code. They don't even offer a source-code-free JAR, yet we would continue to. Cheers Ben - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] ehcache 1.1 vs 1.2.1
Please consider using the support forums at: http://forum.springframework.org/forumdisplay.php?f=33 Consider this a reply to all 3 of your emails today. You have some classpath issues to work out. In your previous email you're missing a method from commons-lang ava.lang.NoSuchMethodError: org.apache.commons.lang.StringUtils.substringBeforeLast(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; Check your classpath and make sure you only have one commons-lang version in there. As for this email, java.lang.ClassNotFoundException: org.springframework.cache.ehcache.EhCacheManagerFactoryBean That is a class not found exception for the EhCacheManagerFactoryBean itself, not an EHCache version issue. I am guessing you're using the modularized spring-hibernate.jar and spring-web.jar, stuff. Make sure you include whichever jar includes the EhCacheManagerFactoryBean, or just use the fully loaded spring.jar. Your above issues are classpath issues, not Acegi specific issues. Good luck -Ray On 8/7/06, hv @ Fashion Content [EMAIL PROTECTED] wrote: I currently use EhCache 1.2.1 with my hibernate app, but Acegi seems to depend on version 1.1 or perhaps its the Spring DAO stuff. Whats the solution to : java.lang.ClassNotFoundException: org.springframework.cache.ehcache.EhCacheManagerFactoryBean at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1338) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1187) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:242) at org.springframework.util.ClassUtils.forName(ClassUtils.java:109) at org.springframework.beans.factory.support.BeanDefinitionReaderUtils.createBeanDefinition(BeanDefinitionReaderUtils.java:65) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:466) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:432) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertySubElement(DefaultXmlBeanDefinitionParser.java:795) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyValue(DefaultXmlBeanDefinitionParser.java:784) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyElement(DefaultXmlBeanDefinitionParser.java:722) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyElements(DefaultXmlBeanDefinitionParser.java:621) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:464) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:432) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertySubElement(DefaultXmlBeanDefinitionParser.java:795) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyValue(DefaultXmlBeanDefinitionParser.java:784) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyElement(DefaultXmlBeanDefinitionParser.java:722) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyElements(DefaultXmlBeanDefinitionParser.java:621) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:464) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:432) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertySubElement(DefaultXmlBeanDefinitionParser.java:795) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyValue(DefaultXmlBeanDefinitionParser.java:784) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyElement(DefaultXmlBeanDefinitionParser.java:722) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parsePropertyElements(DefaultXmlBeanDefinitionParser.java:621) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:464) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:432) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitions(DefaultXmlBeanDefinitionParser.java:347) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.registerBeanDefinitions(DefaultXmlBeanDefinitionParser.java:197) at
Re: [Acegisecurity-developer] JAAS Integration - JBoss hijacking?
Benjamin, you posted this thread once already. Myself and some others already replied. Please read the replies to your previous post. On 7/20/06, Benjamin Brown [EMAIL PROTECTED] wrote: Hi, I'm new to Acegi but I understand the basic concepts well enough to configure it with our Spring based webapp. I'm having a particular problem with JAAS and Kerberos integration - it appears our JBoss application server is possibly hijacking authentication calls by JAAS but I'm unsure why. Its looking for a users/passwords/role file despite being configured to use Kerberos, not a dao setup. Does anyone know how to prevent this? Any pointers would be greatly appreciated, Benjamin Here's the relevant part of the log: 17:28:40,625 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: Properties file users.properties not found at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authenticate(JaasAuthenticationProvider.java:162) Here's the JAAS config: JAASTest { com.sun.security.auth.module.Krb5LoginModule required debug=true; }; Here's the relevant parts of the applicationContext-acegi-security.xml (kerberos bean is an initializing bean to simply set the relevant java.security properties for kerberos on startup) : bean id=authenticationManager class=org.acegisecurity.providers.ProviderManager property name=providers list ref bean=jaasAuthenticationProvider/ /list /property /bean bean id=jaasAuthenticationProvider class=org.acegisecurity.providers.jaas.JaasAuthenticationProvider property name=loginConfigvalue/WEB-INF/login.conf/value/property property name=loginContextNamevalueJAASTest/value/property property name=callbackHandlers list bean class=org.acegisecurity.providers.jaas.JaasNameCallbackHandler/ bean class=org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler/ /list /property property name=authorityGranters list !-- NOTE OUR ACTUAL PACKAGE NAMES REMOVED FROM THE EXAMPLE -- bean class=OURPACKAGE.security.PrincipalRoleAuthorityGranter/ /list /property /bean !-- NOTE OUR ACTUAL REALM, PACAKAGE AND KDC REMOVED FROM THE EXAMPLE -- bean id=kerberosBean class=OURPACKAGE.security.KerberosBean property name=realm value=OURREALM.COM/ property name=kdc value=OURKDC/ property name=debug value=false/ /bean - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Patch to fix get header on tomcat
Thanks for the patch, I have applied it. On 7/12/06, Nadeem Bitar [EMAIL PROTECTED] wrote: Hi, Can an Acegi developer kindly review the patch [1] that fixes a bug in retrieving headers from a request on tomcat, and hopefully incorporate it. Thanks, Nadeem [1] http://opensource.atlassian.com/projects/spring/browse/SEC-308 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] ACEGI patch to support AJAX
Hey Brian! Good to hear from ya... And definitely glad to have you tinkering with some new stuff for Acegi. I personally would love to have a look at your ideas. Any chance you could create a Jira at http://opensource.atlassian.com/projects/spring/browse/SEC and attach your code there. Then any one of us can look at integrating it into the code base. Thanks! On 7/6/06, Brian Pontarelli [EMAIL PROTECTED] wrote: Hello all, There have beean a few emails go between me and Ben Alex regarding ACEGI and support for AJAX. I have completed a patch on the 1.1 SNAPSHOT line that allows AJAX integration with ACEGI. This patch mostly adds additional configuration properties for AJAX URLs and also leverages regular expressions to match incoming URLs to determine which URLs are AJAX and which aren't. I also added a new authentication URL for handling AJAX authentication. The reason I added all of these parameters is essentially so that I can leverage forwards of the HTTP Servlet Request rather than redirects such that HTML content, JSON or XML generated from a JSP or servlet can be sent back to an AJAX request and the browser can handle it without worrying about 302 response codes. Ideally I would like to give this patch back to ACEGI so that I'm not maintaining a fork. The code when complete will be fully unit tested and deployed to a production website (https://www.naymz.com). If anyone would like to discuss the finer points about a possible patch to the source tree let me know. Or if anyone wants to look over the code and discuss it in detail that's fine as well. Thanks, -bp Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Java Appliaction + Spring httpinvoker authentication
Luke was replying to the original email Zoran. Your email was definitely not the issue :) On 7/6/06, Zoran Regvart [EMAIL PROTECTED] wrote: Hi, On 7/6/06, Luke Taylor [EMAIL PROTECTED] wrote: Please post user questions in the forum, not the dev mailing list. sorry about that, do I need to repost my answer to the forum? P.S. Whatever your opinion, if you are asking for help in using an OS project, you are much more likely to get it if you steer clear of terms like CRAP! and rubbish when describing it. you seem to be misdirected here... :) zoran Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Authentication required but no role
One option is to always grant users a role like ROLE_AUTHENTICATED when they log in. Then you protect those areas with that ROLE_AUTHENTICATED role. This role wouldn't exist in your user maintenance screens and what not. For instance, if you're using the DaoAuthenticationProvider and JdbcDaoImpl; you would extend JdbcDaoImpl and override the addCustomAuthorities method. In your method you always add the ROLE_AUTHENTICATED role to the list. Hope that helps. On 6/12/06, Seth Stankowski [EMAIL PROTECTED] wrote: Within Acegi is there a way to protect a URL in a way that requires authentication but doesn't require a specific role to access? I have an application which requires users to login and then access different things depending on their role. One section of the application, Manage Account, I would like to be accessible to any authenticated user so I don't have to manage a role for this specific section. Is this possible using Acegi? I've tried different things with the FilterSecurityInterceptor and role voter but can't see to get it. Thanks, Seth ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Authentication required but no role
Good call Scott, I didn't even realize we had such a thing :) On 6/13/06, Scott Battaglia [EMAIL PROTECTED] wrote: Would something like this help? http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/vote/AuthenticatedVoter.html -Scott Ray Krueger wrote: One option is to always grant users a role like ROLE_AUTHENTICATED when they log in. Then you protect those areas with that ROLE_AUTHENTICATED role. This role wouldn't exist in your user maintenance screens and what not. For instance, if you're using the DaoAuthenticationProvider and JdbcDaoImpl; you would extend JdbcDaoImpl and override the addCustomAuthorities method. In your method you always add the ROLE_AUTHENTICATED role to the list. Hope that helps. On 6/12/06, Seth Stankowski [EMAIL PROTECTED] wrote: Within Acegi is there a way to protect a URL in a way that requires authentication but doesn't require a specific role to access? I have an application which requires users to login and then access different things depending on their role. One section of the application, Manage Account, I would like to be accessible to any authenticated user so I don't have to manage a role for this specific section. Is this possible using Acegi? I've tried different things with the FilterSecurityInterceptor and role voter but can't see to get it. Thanks, Seth ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] 1.0.1 patch release?
I just locally changed my project.xml to use Spring 1.2.6 and 1.2.8. I ran full test runs against both. Everything looks good. The constructor signature for MockFilterConfig from spring-mock changed which caused compilation failures with 1.2.8. That really only effects the unit tests. I updated the two tests that use that class so that they are compatible with both versions. I'll commit both of those changes (again, just the unit tests are changing). I propose we all refrain from committing anything and encourage people to use the snapshot till we can get a signed release out. -Ray On 6/10/06, Carlos Sanchez [EMAIL PROTECTED] wrote: I could roll out a release. The only problem I can think about is that the jars won't be signed. Ben used do do this. On 6/10/06, Matt Raible [EMAIL PROTECTED] wrote: On 6/9/06, Luke Taylor [EMAIL PROTECTED] wrote: I'm not sure a release will be possible until Ben gets back from Europe. There are always the nightly builds until then, if people need a quick fix. Isn't it possible for someone else to roll a release? It's probably a good time to contact Ben to see how he does it and designate another release manager in his absense. There's nothing worse than reaching the illustrious 1.0 and then have it be broken for a month. ;-) Matt Ray Krueger wrote: OK so, 1.0.0 did not release well. The LDAP/Spring compatability issue, and the NotSerializableException issue both warrant getting a patch out asap I would think. Unfortunately there hasn't been any talk about that. What's the plan here? -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] SEC-96 and backwards compatiblity
I looked at SEC-96 http://opensource.atlassian.com/projects/spring/browse/SEC-96 and thought it would be an easy thing to jump on. The refactoring is actually very beneficial, as the Md5 and Sha PasswordEncoder classes were basically duplicates with one word changed (yuck). I've refactored that into a much more flexible situation, while maintaining compatibility for the Md5PasswordEncoder and ShaPasswordEncoder. The question I have though is about their super class, BaseDigestPasswordEncoder. That class was originally abstract, with a no constructor. I have made it regular class with a constructor for the requried option, algorithm. This class can now be used stand-alone if it was ever required of it. As BaseDigestPasswordEncoder was an internal class, I don't think this is a backwards compatibility issue. The two public api classes, Md5PasswordEncoder and ShaPasswordEncoder, have not changed in contract at all. Any thoughts? ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] SEC-96 and backwards compatiblity
Really, just scratch the thought. The BaseDigestPasswordEncoder is simple enough in it's purpose that I can leave it alone and put all my MessageDigest stuff in it's own subclass. On 5/30/06, Ray Krueger [EMAIL PROTECTED] wrote: I looked at SEC-96 http://opensource.atlassian.com/projects/spring/browse/SEC-96 and thought it would be an easy thing to jump on. The refactoring is actually very beneficial, as the Md5 and Sha PasswordEncoder classes were basically duplicates with one word changed (yuck). I've refactored that into a much more flexible situation, while maintaining compatibility for the Md5PasswordEncoder and ShaPasswordEncoder. The question I have though is about their super class, BaseDigestPasswordEncoder. That class was originally abstract, with a no constructor. I have made it regular class with a constructor for the requried option, algorithm. This class can now be used stand-alone if it was ever required of it. As BaseDigestPasswordEncoder was an internal class, I don't think this is a backwards compatibility issue. The two public api classes, Md5PasswordEncoder and ShaPasswordEncoder, have not changed in contract at all. Any thoughts? ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi Security 1.0.0 is released!
That should read: I saw that, should it have been 1.0.1 though? mashed the send button mid-correction hehe. On 5/31/06, Ray Krueger [EMAIL PROTECTED] wrote: I saw that, my should it have been 1.0.1 though? On 5/30/06, Carlos Sanchez [EMAIL PROTECTED] wrote: I took the freedom also to tag the source tree and bump the pom versions to 1.1.0-SNAPSHOT On 5/30/06, Carlos Sanchez [EMAIL PROTECTED] wrote: I'll take care of that On 5/30/06, Ray Krueger [EMAIL PROTECTED] wrote: Can we get the maven repos updated? Right now mvn compile fails because org.acegisecurity:acegi-security-parent:pom:1.0.0 cannot be downloaded. On 5/30/06, Mark St.Godard [EMAIL PROTECTED] wrote: Hi Ben, The configuration was referencing net.sf... some of the config was moved over to org. however not all. Including the userdetails refactoring. Plus some of the JSPs were also referencing net.sf in page imports. I am running through and testing the app right now, currently failing on a call to getPrincipal from User object... I will fix it up, retest it, run the unit testing and check in the changes. Re: the tutorial app... yeah I noticed that .. very nice... much more concise config. I am usng Spring 2.0 and I am really digging the schema-based config... I am also using MethodSecurityInterceptors using the new Aspect pointcuts. Not sure if we should also include examples of usage using Spring 2.0? I assume we need to wait for it to go final. Uri is on it...Great, I'll keep my eyes posted for acegi:config :) Cheers Mark On 5/30/06, Ben Alex [EMAIL PROTECTED] wrote: Mark St.Godard wrote: Just a note, Ben I will be updating the contacts-tiger sample project, I noticed it was not converted over. I will create an JIRA entry for myself and update this tomorow. I just checked and it looked to me like it was built for 1.0.0. What specifically wasn't converted? Also with Spring 2.0, I noticed that a jira entry was created for namespace handlers, XSD support, etc.. http://opensource.atlassian.com/projects/spring/browse/SEC-271 for those interested. If you have someone to do this fine... otherwise I can take it up... its something that I would really like to get in... and reduce some of the XML verbosity. Uri Boness has volunteered, but I'm unsure whether work has commenced. I am happy for anyone to take a look at it who has sufficient time. As for verbose XML, I'd encourage people to take a look at the new tutorial sample, which is just 148 lines of XML. This includes comments, whitespace and full support for form authentication, remember-me, anonymous and web request authorization. I think that's a pretty good base given the features, but nevertheless it will be even less with SEC-271 improvements. Cheers Ben ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] ldap blowing up after upgrade to 1.0 final
http://opensource.atlassian.com/projects/spring/browse/SEC-288 I made it a blocker for 1.0.1 This means that the 1078 people that have downloaded 1.0.0 to this point cannot use Ldap correct? On 5/31/06, Carlos Sanchez [EMAIL PROTECTED] wrote: I'm afraid it's true. It no longer compiles under Spring 1.2.7. Something to log in JIRA for a 1.0.1. On 5/31/06, Ben Munat [EMAIL PROTECTED] wrote: Hi, We upgraded to the 1.0 final jar the other day and things worked fine on our dev build, which uses an InMemoryDao implementation. However, last night we tried to push out a build to the client and the context will no longer start due to a NoClassDefFound in the Acegi code. (FilterBasedLdapUserSearch) I googled for the class -- org/springframework/dao/EmptyResultDataAccessException -- and it's only in Spring 2.0! I hope 1.0 final hasn't presumed that people will switch to Spring 2.0. Is there something I need to change ldap-wise when moving from 1.0 rc2 to 1.0 final? Stacktrace below. Any help greatly appreciated. Heh, this was supposed to be the real production deploy with the client hitting the system hard tomorrow morning (and needing to do some admin setup today). thanks, Ben 2006-05-31 00:34:15,900 INFO org.springframework.web.context.ContextLoader - Root WebApplicationContext: initialization started 2006-05-31 00:34:15,902 INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/totaltime] - Loading Spring root WebApplicationContext 2006-05-31 00:34:15,952 INFO org.springframework.core.CollectionFactory - JDK 1.4+ collections available 2006-05-31 00:34:15,962 INFO org.springframework.core.CollectionFactory - Commons Collections 3.x available 2006-05-31 00:34:16,119 ERROR org.springframework.web.context.ContextLoader - Context initialization failed org.springframework.beans.factory.BeanDefinitionStoreException: Error registering bean with name 'userSearch' defined in ServletContext resource [/WEB-INF/config/acegi/fragments/ldapAuthenticationProviderCommon.xml]: Class that bean class [org.acegisecurity.ldap.search.FilterBasedLdapUserSearch] depends on not found; nested exception is java.lang.NoClassDefFoundError: org/springframework/dao/EmptyResultDataAccessException java.lang.NoClassDefFoundError: org/springframework/dao/EmptyResultDataAccessException at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:242) at org.springframework.util.ClassUtils.forName(ClassUtils.java:109) at org.springframework.beans.factory.support.BeanDefinitionReaderUtils.createBeanDefinition(BeanDefinitionReaderUtils.java:65) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:466) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitionElement(DefaultXmlBeanDefinitionParser.java:432) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitions(DefaultXmlBeanDefinitionParser.java:347) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.registerBeanDefinitions(DefaultXmlBeanDefinitionParser.java:197) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:295) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:223) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:173) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:148) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.importBeanDefinitionResource(DefaultXmlBeanDefinitionParser.java:374) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.parseBeanDefinitions(DefaultXmlBeanDefinitionParser.java:338) at org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser.registerBeanDefinitions(DefaultXmlBeanDefinitionParser.java:197) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:295) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:223) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:173) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:148) at
[Acegisecurity-developer] maven tests fail
I pulled an update from Subversion, and executed the following... cd core maven test The tests run and then build failed, test failures. One thing I've always wanted to know, and I know Carlos is going to have the quick answer on this... Where is one supposed to go to see what tests failed? Scrolling back through the console looking for FAILED is just lame, and impossible given how many tests we have. The only output is a big pile of XML files, no clue there. ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi Security 1.0.0 is released!
Can we get the maven repos updated? Right now mvn compile fails because org.acegisecurity:acegi-security-parent:pom:1.0.0 cannot be downloaded. On 5/30/06, Mark St.Godard [EMAIL PROTECTED] wrote: Hi Ben, The configuration was referencing net.sf... some of the config was moved over to org. however not all. Including the userdetails refactoring. Plus some of the JSPs were also referencing net.sf in page imports. I am running through and testing the app right now, currently failing on a call to getPrincipal from User object... I will fix it up, retest it, run the unit testing and check in the changes. Re: the tutorial app... yeah I noticed that .. very nice... much more concise config. I am usng Spring 2.0 and I am really digging the schema-based config... I am also using MethodSecurityInterceptors using the new Aspect pointcuts. Not sure if we should also include examples of usage using Spring 2.0? I assume we need to wait for it to go final. Uri is on it...Great, I'll keep my eyes posted for acegi:config :) Cheers Mark On 5/30/06, Ben Alex [EMAIL PROTECTED] wrote: Mark St.Godard wrote: Just a note, Ben I will be updating the contacts-tiger sample project, I noticed it was not converted over. I will create an JIRA entry for myself and update this tomorow. I just checked and it looked to me like it was built for 1.0.0. What specifically wasn't converted? Also with Spring 2.0, I noticed that a jira entry was created for namespace handlers, XSD support, etc.. http://opensource.atlassian.com/projects/spring/browse/SEC-271 for those interested. If you have someone to do this fine... otherwise I can take it up... its something that I would really like to get in... and reduce some of the XML verbosity. Uri Boness has volunteered, but I'm unsure whether work has commenced. I am happy for anyone to take a look at it who has sufficient time. As for verbose XML, I'd encourage people to take a look at the new tutorial sample, which is just 148 lines of XML. This includes comments, whitespace and full support for form authentication, remember-me, anonymous and web request authorization. I think that's a pretty good base given the features, but nevertheless it will be even less with SEC-271 improvements. Cheers Ben ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Ldap changes
The project I work on right now is fast approaching the security phase. We are about 90% sure of LDAP right now. So I'm all for making the LDAP support as solid as possible. The approaches you've described would definitely allow the most flexibility. What Robert mentioned about the diversity of LDAP implementations is definitely the biggest hurdle. I don't know what sort of schedule Ben has put forth for a 1.0 release, but the community is anxious for one. So if the LDAP refactoring can happen without much delay to a release, have at it I say. On 5/9/06, Robert r. Sanders [EMAIL PROTECTED] wrote: I'm all for better, more reusable LDAP code. I think the main issue with LDAP is the variety of ways in which it can be configured and used; so moving stuff into a template class as suggested would seem to make a lot of sense. Luke Taylor wrote: Hi all, I've got some changes I want to make to the LDAP code to address some shortcomings which have come to light. I thought I'd run them past the list so that those who are interested in LDAP in Acegi have a chance to comment. I've moved the main content of this mail into a JIRA issue http://opensource.atlassian.com/projects/spring/browse/SEC-264 Comments, questions or better suggestions are welcome there or here on the list. Luke. P.S. No comments about RC versions please. That boat's already sailed :). I'd like to get the best working API we can come up with in place pre-1.0 rather than have to make changes in future versions. Bugs are another matter and can be fixed in 1.0.1. -- Robert r. Sanders Chief Technologist iPOV (334) 821-5412 www.ipov.net --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Build from CVS checkout broken
Let's have a look at a somewhat lighter task. Would you mind running maven java:compile from the core directory and tell us if that compiles ok? On 4/20/06, Richard Clark [EMAIL PROTECTED] wrote: I'm coming back to AGEGI after a hiatus, and I followed the instructions for a CVS checkout via maven (from http://acegisecurity.org/building.html) When I try to build via the instructions (cd core; maven jar:install), the build fails with 100 compile errors: java:compile: [echo] Compiling to /development/acegisecurity/core/target/classes [javac] Compiling 286 source files to /development/acegisecurity/core/target/classes /development/acegisecurity/core/src/main/java/org/acegisecurity/AcegiSecurityException.java:18: package org.springframework.core does not exist import org.springframework.core.NestedRuntimeException; I had to use a snapshot last time (due to CVS problems), so: 1) Which snapshot will build? 2) Is there a plan for fixing the build problems? Frustratedly, ...RIchard --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Quest question about using LDAP
When using LDAP as an authentication source, where do you guys feel the ROLEs belong? Should they be managed in LDAP by whatever LDAP admin is in charge, or should the ROLEs be stored in the application database and associated to some user table based on the LDAP username? I thinki it is a design question that could go either way. I just wanted to get some expert opinions. -Ray --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Subversion?
+1 Big fan On 3/25/06, Matthew E. Porter [EMAIL PROTECTED] wrote: +1 On Mar 25, 2006, at 7:46 AM, Mark St.Godard wrote: +1 On 3/25/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: No concerns here. Scott -Original Message- From: Ben Alex [mailto:[EMAIL PROTECTED] Sent: Saturday, March 25, 2006 5:43 AM To: acegisecurity-developer@lists.sourceforge.net Subject: [Acegisecurity-developer] Subversion? Hi everyone SourceForge have recently modified their offering so we can migrate to SVN (without losing revision history) - see http://sourceforge.net/docman/display_doc.php?docid=31070grou p_id=1#import. I have also been using SVN recently and had good results. The Subclipse plugin at Update Manager URL http://subclipse.tigris.org/update_1.0.x works quite well. Does anyone have any concerns with the project migrating from CVS to SVN? If there aren't any objections, I'll make the change in about a week. Cheers Ben --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel? cmd=lnkkid=110944bid=241720dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations
Heya Tim. The JaasAuthenticationProvider doesn't use UserDetails at all. It uses Jaas, and Jaas LoginModules. The JaasAuthenticationProvider essentially leaves all the can this guy login? logic up to the LoginModule, and then reacts to any LoginException that might be thrown. On 3/23/06, Tim Kettering [EMAIL PROTECTED] wrote: Hey all, Can someone (Ben?) explain if it is expected to check the various UserDetails states such as isAccountNonExpired(), isAccountNonLocked(), isCredentialsNonExpired(), and isEnabled() in a AuthenticationProvider? This seems to be applied inconsistently... We had originally been using DaoAuthenticationProvider, which in its code does those checks, then we switched over to the JaasAuthenticationProvider and after seeing some logins that occured that shouldn't have occured, I tracked down the issue to JaasAuthenticationProvider not doing those checks at all. Looking at CasAuthenticationProvider, this seems to not either. Maybe it'd be useful if those checks found in DaoAuthenticationProvider be made available as a pluggable component that other AuthenticationProviders can utilize? Thanks, -tim --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] CVS build failing due to test failures.
OK, let's start over here. If I run maven -Dtestmatch=**/jaas/*Tests test:match from the core directory, I get no failures for the jaas tests. What command, and from what directory are you running the tests? On 2/2/06, Luke Taylor [EMAIL PROTECTED] wrote: Ray Krueger wrote: hehe yeah that I knwew :P I was hoping Maven could be a little clearer on what class. I think it's the last one it's trying to Find NameComponentNormalizer. Would that be correct? That's the problem with the apacheds stuff... It's probably best to disable/ignore the LDAP tests for the time being. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Sub classing JAAS provider implementation
Easy enough. Do you have a suggestion as to what properties should be protected, or should have getters for? On 2/2/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: It's a pity so many of the instance variables and methods in the JAAS Provider are declared private and aren't protected. I'd like to be able to sub-class some of it for a Kerberos Provider. The Sun GSS-API implementation uses the JAAS login modules under the hood for the initial TGT requests. I'd prefer to not reinvent the wheel if possible. Anthony Geoghegan Framework Architect DeCare Systems Ireland, Building 1, University Technology Centre, Curraheen Road, Cork, Ireland phone: +353 21 4925 172 fax: +353 21 4925 166 web: http://www.decaresystems.ie blog: http://blog.decaresystems.ie/wordpress/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] CVS build failing due to test failures.
I am trying to jump in and see why the Jaas tests would be failing, but I cannot get Maven to play nice. Any ideas anyone? Carlos? *nudge nudge* [junit] [DEBUG] Finding class org.apache.ldap.server.normalization.NormalizationService [junit] [DEBUG] Finding class org.apache.ldap.server.interceptor.BaseInterceptor [junit] [DEBUG] Class org.apache.ldap.server.interceptor.BaseInterceptor loaded from ant loader [junit] [DEBUG] Class org.apache.ldap.server.normalization.NormalizationService loaded from ant loader [junit] [DEBUG] Class javax.naming.NamingEnumeration loaded from parent loader [junit] [DEBUG] Finding class org.apache.ldap.common.filter.FilterVisitor [junit] [DEBUG] Class org.apache.ldap.common.filter.FilterVisitor loaded from ant loader [junit] [DEBUG] Finding class org.apache.ldap.common.name.NameComponentNormalizer popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in maven-java-plugin:maven- java-plugin popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in maven-antlr-plugin:mave n-antlr-plugin popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in maven-test-plugin:maven- test-plugin popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in org.acegisecurity:acegi-s ecurity BUILD FAILED File.. C:\Documents and Settings\rkrueger\.maven\cache\maven-test-plugin-1.6.2\plugin.jelly Element... junit Line.. 133 Column 41 java.lang.NoClassDefFoundError On 1/31/06, Luke Taylor [EMAIL PROTECTED] wrote: Hi, The LDAP tests are failing because of changes in the ApacheDS snaphots which the provider uses as an embedded server for testing. I've been discussing their planned release with them, which should be out this week. Once it appears I'll modify the build to use it so that we have something stable to test against. You can skip the tests by running with maven -Dmaven.test.skip. Alternatively, you can set up the tests to point to an external server by uncommenting the appropriate lines in the base class for the Ldap tests (AbstractLdapServerTestCase, or whatever). I've attached a copy of the test data. It also expects to have an admin user with username manager and password acegisecurity available. cheers, Luke. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk version: 1 dn: dc=acegisecurity,dc=org objectClass: dcObject objectClass: organization dc: acegisecurity description: Acegi Security (Test LDAP DIT) o: Monkey Machine Ltd. dn: ou=people,dc=acegisecurity,dc=org objectClass: organizationalUnit description: All people in organisation ou: people dn: cn=Ben Alex,ou=people,dc=acegisecurity,dc=org objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Ben Alex ou:: 5a6J5YWo sn: Alex uid: Ben userPassword:: e1NIQX1uRkNlYldqeGZhTGJISEcxUWs1VVU0dHJidlE9 dn: uid=bob,ou=people,dc=acegisecurity,dc=org objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Bob Hamilton sn: Hamilton uid: bob userPassword:: Ym9ic3Bhc3N3b3Jk dn: ou=groups,dc=acegisecurity,dc=org objectClass: top objectClass: organizationalUnit ou: groups dn: cn=developers,ou=groups,dc=acegisecurity,dc=org objectClass: groupOfNames objectClass: top cn: developers description: Acegi Security Developers member: uid=bob,ou=people,dc=acegisecurity,dc=org member: cn=ben alex,ou=people,dc=acegisecurity,dc=org o: Acegi Security System for Spring ou: developer dn: cn=managers,ou=groups,dc=acegisecurity,dc=org objectClass: groupOfNames objectClass: top cn: managers member: cn=ben alex,ou=people,dc=acegisecurity,dc=org ou: manager --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] CVS build failing due to test failures.
Good Point, Anythony, can you post this log file please? {acegisourcecode}/core/target/test-reports/TEST-org.acegisecurity.providers.jaas.JaasAuthenticationProviderTests.xml Carlos any idea what that ClassDefNotFound is from? Just so I understand how to read that next time. On 2/1/06, Carlos Sanchez [EMAIL PROTECTED] wrote: The test output is in the target folder test-reports or something like that On 2/1/06, Ray Krueger [EMAIL PROTECTED] wrote: I am trying to jump in and see why the Jaas tests would be failing, but I cannot get Maven to play nice. Any ideas anyone? Carlos? *nudge nudge* [junit] [DEBUG] Finding class org.apache.ldap.server.normalization.NormalizationService [junit] [DEBUG] Finding class org.apache.ldap.server.interceptor.BaseInterceptor [junit] [DEBUG] Class org.apache.ldap.server.interceptor.BaseInterceptor loaded from ant loader [junit] [DEBUG] Class org.apache.ldap.server.normalization.NormalizationService loaded from ant loader [junit] [DEBUG] Class javax.naming.NamingEnumeration loaded from parent loader [junit] [DEBUG] Finding class org.apache.ldap.common.filter.FilterVisitor [junit] [DEBUG] Class org.apache.ldap.common.filter.FilterVisitor loaded from ant loader [junit] [DEBUG] Finding class org.apache.ldap.common.name.NameComponentNormalizer popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in maven-java-plugin:maven- java-plugin popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in maven-antlr-plugin:mave n-antlr-plugin popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in maven-test-plugin:maven- test-plugin popping off [EMAIL PROTECTED] for [EMAIL PROTECTED] in org.acegisecurity:acegi-s ecurity BUILD FAILED File.. C:\Documents and Settings\rkrueger\.maven\cache\maven-test-plugin-1.6.2\plugin.jelly Element... junit Line.. 133 Column 41 java.lang.NoClassDefFoundError On 1/31/06, Luke Taylor [EMAIL PROTECTED] wrote: Hi, The LDAP tests are failing because of changes in the ApacheDS snaphots which the provider uses as an embedded server for testing. I've been discussing their planned release with them, which should be out this week. Once it appears I'll modify the build to use it so that we have something stable to test against. You can skip the tests by running with maven -Dmaven.test.skip. Alternatively, you can set up the tests to point to an external server by uncommenting the appropriate lines in the base class for the Ldap tests (AbstractLdapServerTestCase, or whatever). I've attached a copy of the test data. It also expects to have an admin user with username manager and password acegisecurity available. cheers, Luke. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk version: 1 dn: dc=acegisecurity,dc=org objectClass: dcObject objectClass: organization dc: acegisecurity description: Acegi Security (Test LDAP DIT) o: Monkey Machine Ltd. dn: ou=people,dc=acegisecurity,dc=org objectClass: organizationalUnit description: All people in organisation ou: people dn: cn=Ben Alex,ou=people,dc=acegisecurity,dc=org objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Ben Alex ou:: 5a6J5YWo sn: Alex uid: Ben userPassword:: e1NIQX1uRkNlYldqeGZhTGJISEcxUWs1VVU0dHJidlE9 dn: uid=bob,ou=people,dc=acegisecurity,dc=org objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Bob Hamilton sn: Hamilton uid: bob userPassword:: Ym9ic3Bhc3N3b3Jk dn: ou=groups,dc=acegisecurity,dc=org objectClass: top objectClass: organizationalUnit ou: groups dn: cn=developers,ou=groups,dc=acegisecurity,dc=org objectClass: groupOfNames objectClass: top cn: developers description: Acegi Security Developers member: uid=bob,ou=people,dc=acegisecurity,dc=org member: cn=ben alex,ou=people,dc=acegisecurity,dc=org o: Acegi Security System for Spring ou: developer dn: cn=managers,ou=groups,dc=acegisecurity,dc=org objectClass: groupOfNames objectClass: top cn: managers member: cn=ben alex,ou=people,dc=acegisecurity,dc=org ou: manager --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmdlnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https
Re: [Acegisecurity-developer] New LDAP stuff
Awesome. Brandon please have a look at Luke's docs as soon as they are up if you can, that would be a huge help. I have several people from different teams at my company asking me about Acegi and LDAP right now. They're pretty excited, but unfortunately I'm stuck yammering and hand-waiving about the LDAP support hehe. Thanks guys On 1/31/06, Luke Taylor [EMAIL PROTECTED] wrote: Hi, I already have quite a bit of documentation written. I'll let you know when it's in CVS for review and you could perhaps make some suggestions then. it should also appear on the web site via the automated build (easier to read than the XML :) ). Luke. Brandon Keepers wrote: I would be willing to do this if you wanted some help. I've been using the new LDAP code extensively in the last month. If anyone else is already working on this, just let me know. Otherwise I'll get started on it in the next day or so. Brandon -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] New LDAP stuff
Hey guys, where can I point someone to if they wanted to read about LDAP support? I see the org.acegisecurity.providers.ldap package in the javadocs in the site; but that is the old stuff isn't it? --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] New LDAP stuff
Cool, that's what I hoped you would say. Now write some reference material! :P On 1/30/06, Luke Taylor [EMAIL PROTECTED] wrote: Ray Krueger wrote: Hey guys, where can I point someone to if they wanted to read about LDAP support? I see the org.acegisecurity.providers.ldap package in the javadocs in the site; but that is the old stuff isn't it? Hi Ray, No, the non-sandbox stuff is up-to-date. There's also an example in the contacts directory and quite a bit of information in recent forum posts. cheers, Luke. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Siteminder / Acegi 0.9.0 integration
That is actually just an overly verbose DEBUG statement if you look. If your Siteminder integration is actually working I would turn off DEBUG SecurityEnforcementFilter in log4j. On 1/19/06, Garvey, Paul M (GE Commercial Finance) [EMAIL PROTECTED] wrote: Help!, I am having a hard time getting Acegi to work with Siteminder I am getting the following error shown below. I am using appfuse 1.8.2 and deploying my app to JBoss 4.0.0 net.sf.acegisecurity.event.authorization.AuthenticationCredentialsNotFoundEvent[source=FilterInvocation: URL: /mainMenu.html] 2006-01-18 17:53:18,864 DEBUG [net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter] Authentication exception occurred; redirecting to authentication entry point net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: Authentication credentials were not found in the SecurityContext at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:478) at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:377) at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:105) at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter(SecurityEnforcementFilter.java:197) at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303) at net.sf.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50) at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303) at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220) at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303) at net.sf.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173) at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534) I have the following beans based on the the
Re: [Acegisecurity-developer] Proposal: Rename AuthenticationDao interface
lol Sorry Scott :) When Ben puts it like that I gotta agree hehe. +1 On 11/17/05, Dmitriy Kopylenko [EMAIL PROTECTED] wrote: +1 also Darrell Kundel wrote: +1 I support the change, it makes more sense to me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Thursday, November 17, 2005 9:23 AM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Proposal: Rename AuthenticationDao interface Ray Krueger wrote: You currently have an AuthenticationDao that successfully returns a UserDetails instance that is built up by your four database scheme now, correct? The whole point of the AuthenticationDao is to build a UserDetails instance, by whatever means necessary. So, no, users like you should do exactly what you're doing. I don't see a reason for you two implement a new AuthenticationProvider, unless the DaoAuthenticationProvider is not meeting you're needs. The one and only method defined by AuthenticationDao is: public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException; AuthenticationDao is used variously within the system: Implementation: JdbcDaoImpl Implementation: InMemoryDaoImpl User: DaoAuthenticationProvider User: DaoCasAuthoritiesPopulator User: DaoX509AuthoritiesPopulator User: DigestProcessingFilter User: TokenBasedRememberMeServices User: SwitchUserProcessingFilter AuthenticationDao is presently found in the org.acegisecurity.providers.dao package. Given only the first three classes above are actually in that package or a subpackage, perhaps AuthenticationDao should be moved to a higher-level package to reflect its broader use in five other areas of the framework. We faced a similar transition for UserDetails itself, from the DAO package to the top-level package for a similar reason. Whilst it's mostly semantics, the other side is clarifying relationships and scope of services within the framework. Perhaps we should rename org.acegisecurity.providers.dao.AuthenticationDao to org.acegisecurity.UserDetailsService. It will mean that most users have to make a fairly minor change to the interface they're implementing in their AuthenticationDao implementations, but aside from that it will be transparent. If we do this, it might even be better to make an org.acegisecurity.userdetails package, to hold UserDetails, User, UserDetailsService and the two implementations listed above. At least we'd be emphasising these classes can be used anywhere within the framework or by your code - not just for DaoAuthenticationProvider. Anyhow, I note the current responses consider this mostly a semantics issue, but I tend to see where Scott's coming from regarding clarifying architectural use and layering. We can make these moves with losing revision history (I feel game - I'll log another SF CVS job! :-) ). And users are already going to be *having* to change the import of their AuthenticationDao implementations anyway, due to the package rename in SEC-104. Thoughts? Cheers Ben --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28alloc_id845op=click ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28alloc_id845op=click ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Proposal: Rename AuthenticationDao interface
You currently have an AuthenticationDao that successfully returns a UserDetails instance that is built up by your four database scheme now, correct? The whole point of the AuthenticationDao is to build a UserDetails instance, by whatever means necessary. So, no, users like you should do exactly what you're doing. I don't see a reason for you two implement a new AuthenticationProvider, unless the DaoAuthenticationProvider is not meeting you're needs. On 11/16/05, Scott McCrory [EMAIL PROTECTED] wrote: Ray Krueger wrote: I do sort of see your point Scott, but I have to agree with Mark here. AuthenticationDao may not be the best name, but it isn't the service. I could see the ProviderManager as a service, or even the AuthenticationProvider, but not the AuthenticationDao. Either way, I think the naming of AuthenticationDao is some what of a semantic issue, and renaming it would have pretty far reaching effect for little gain. My vote, if this is one hehe, would be no as well. I'm OK with No if users like me really should be implementing AuthenticationProvider instead of AuthenticationDao whenever they need to hit more than one data source. Can someone comment to that? Quoting Scott Battaglia [EMAIL PROTECTED]: Not to suggest any more renaming, but is the Authentication part of AuthenticationDao even appropriate? :-) In the case of someone using CAS, the AuthenticationDao is really being used for Authorization. By virtue of using CAS, you are already authenticated. Yea, but then again it _is_ acting as a steward for the pre-authenticated user. I envision this as a buddy getting you a free ticket at a concert. He is trusted by the band and he already knows (has authenticated) you. The authentication happened before getting to the gates, but he did do it nonetheless. Scott --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28alloc_id845op=click ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] How to unsubscribe this list??
Which means he probably didn't get that message :P On 11/10/05, Ben Alex [EMAIL PROTECTED] wrote: I have subscribed you. Marcelo Alcantara wrote: Hi, Somebody can help on how to unsubscribe this list?? Thanks in advance. Maralc -- Marcelo Alcantara Senior Developer/Architect [EMAIL PROTECTED] +55 11 81968823 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors
Tiny URL version: http://tinyurl.com/8zhka On 11/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Oliver, Very, very interesting - excellent find. I have several things to test tomorrow. Scott -Original Message- From: Oliver Hutchison [mailto:[EMAIL PROTECTED] Sent: Monday, November 07, 2005 11:13 PM To: acegisecurity-developer@lists.sourceforge.net Subject: RE: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors Looks like this you hit this: http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8th readm=3F84 200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D%2 52Binherit ablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUTF -8%26hl%3D de http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8t hreadm=3F8 4200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D% 252Binheri tablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUT F-8%26hl%3 Dde HTH Ollie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark St.Godard Sent: Tuesday, 8 November 2005 2:46 PM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors I dont think its in the Assert...from the stackTrace it looks like it is getting into the contextHolder.set( ) when it NPEs I use Websphere 6 and Tomcat 5.5 ... I will also upgrade to 0.9 tomorow and see if it displays the appropriate behavior. Cheers, Mark On 11/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Mark and Ben, I'm using WSAD 5.1 with its built-in Websphere 5.0 Test Environment on Windows XP Pro, then deploying to a Websphere Application Server 5.0 instance on Windows 2000 Server. Websphere 5.0 is still widely used in the financial industry, and uses IBM's JDK 1.3. It isn't practical for me to test the app under Tomcat due to some classloading issue I haven't had time to debug, but I suspect it would work OK (as would running it within WAS 6.0). I'd be glad to switch the code back to ThreadLocal but I'm wondering if the Assert code might actually be the problem? Thanks, Scott From: Mark St.Godard [mailto:[EMAIL PROTECTED] ] Sent: Monday, November 07, 2005 9:34 PM To: acegisecurity-developer@lists.sourceforge.net mailto:acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors Ben, Scott, Scott what version of Websphere are you running? What JRE/JDK version? Ben the code looks fine... seems abnormal for InheritableThreadLocal to NPE... Scott, try without the InheritableTL or as Ben suggests try a different servlet container / appserver if you can. Cheers, Mark On 11/7/05, Ben Alex [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: [11/7/05 15:24:43:513 EST] 5a6d5a6d WebGroup E SRVE0026E: [Servlet Error]-[Filter [Acegi Filter Chain Proxy]: filter is unavailable.]: java.lang.NullPointerException at java.lang.Throwable.init(Throwable.java) at java.lang.Throwable .init(Throwable.java) at java.lang.NullPointerException.init(NullPointerException.java:63) at java.lang.InheritableThreadLocal.set(InheritableThreadLocal.java :95) at net.sf.acegisecurity.context.SecurityContextHolder.setContext( SecurityCo ntextHolder.java:58) at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilt er.doFilte r (HttpSessionContextIntegrationFilter.java:207) Very odd. If you look at the code for SecurityContextHolder: private static InheritableThreadLocal contextHolder = new InheritableThreadLocal(); public static void setContext(SecurityContext context) { Assert.notNull(context,
Re: [Acegisecurity-developer] Vote: Release 0.9.0
+1 for Tuesday On 11/6/05, Ben Alex [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Can I have until Tuesday to test 0.9.0-SNAPSHOT with our Siteminder-integrated application? We additionally make extensive use of Authz tags and method interceptors and I'd like to run them through their paces first. Sure, we'll wait until Tuesday but in the meantime if others could please vote it would be appreciated. Scott, please post a follow-up when your testing is done. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Preparing for 0.9.0
Hey Ben, I jumped on http://opensource2.atlassian.com/projects/spring/browse/SEC-23 (Jaas Logout) even after we said we'd put it off till 1.0. I'll be committing it shortly... On 11/3/05, Ben Alex [EMAIL PROTECTED] wrote: Hi everyone CVS now contains pretty much all the tasks scheduled for 0.9.0. The roadmap is at: http://opensource2.atlassian.com/projects/spring/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel I'd be grateful if people using CVS could checkout and provide feedback on the changes / stability of the code over the next couple of days so that we can release. Cheers Ben --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Problem checking out from CVS with Maven
I'm pretty sure the Maven scm plugin requires you to have the cvs client in your path in order to check out from cvs. You'll need to install the cvs client first. For Windows: http://www.march-hare.com/cvspro/#free or http://www.wincvs.org/ On 11/4/05, Carlos Sanchez [EMAIL PROTECTED] wrote: It works for me in maven 1.1-beta-2. Deprecated properties still work. On 11/4/05, Ballard, Ken [EMAIL PROTECTED] wrote: Hi, Someone I work with pointed out that the instructions for checking out Maven [http://www.acegisecurity.org/building.html] don't work. It might just be because the SCM plugin has deprecated maven.scm.method, maven.scm.cvs.module, maven.scm.method, and maven.scm.cvs.root. I tried to use other properties, but I don't have a CVS client (We use SVN and StarTeam). I think it would be a quick fix. I'll try to download a CVS client when I get a chance and try it with other properties. Thanks, Ken --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer