[EMAIL PROTECTED] wrote:
Hello,
I was told that the CVS distribution now avoided reauthentication if
a SecurityContextHolder was found by the HttpSessionContextIntegration
filter,
but this is not the case, it is still calling the authentication dao.
Could this feature be integrated
[EMAIL PROTECTED] wrote:
It is not the AbstractSecurityInterceptor that is reauthenticating, it
is
the ProviderManager
The only two places in Acegi Security that call AuthenticationManager
(of which ProviderManager is the only concrete implementation) is
AbstractSecurityInterceptor and
[EMAIL PROTECTED] wrote:
Hello,
Doing an authentication against my database takes about half a second,
and we can have dozens of requests for one user operation (eg., getting
each document from a set of XML documents, this is done like this
because it's easier than having one huge XML result
Peter Kharchenko wrote:
We're working on a large web application, which among other things,
relies on thread pools shared across multiple servlet sessions. This
appears to present a problem since the same thread may be used to
serve different users.
At the start of each HTTP request,
Peter Kharchenko wrote:
Hello,
Another small question. I am using both anonymous and dao
authentication providers. I am using Authentication.getPrincipal()
method to obtain user name. In the case of anonymous authentication,
the method returns a String, but DAO authentication returns a User
Mark St.Godard wrote:
Ben et al,
I have checked in the first Annotations sample... basically a
straightforward port of the samples/attributes --
samples/annotations.
Note: This sample project requires the
acegi-security-tiger-0.9.0-SNAPSHOT.jar, so please ensure its built to
your local
Clarence Ho wrote:
Hi all,
I want to deploy Acegi Security System to Sun Java Application Server 8.1 UR
2, but after I deployed the application, I got an class cast exception for
the authentication token. It seems that I should use a Container Adapter for
Sun Java App Server 8.1. Is there any
Andy Depue wrote:
On Friday 16 September 2005 12:07 pm, Andy Depue wrote:
... As soon as it shows up in gmane, I'll post a link to the thread
(as a response to this message).
Here is the head of the ActiveMQ thread:
http://thread.gmane.org/gmane.comp.java.activemq.user/2927
Hi
Mark St.Godard wrote:
Anyone else having problems with the core project tests failing?
Strange thing is all the tests run through, dont see any actual junit
failures, however
maven complains and says the BUILD FAILED... ?
Thoughts?
To see which test fails, you need to look in the
John Lewis wrote:
I'm very interested in your feedback. When you get a chance to take a
look at it all, let me know what you think.
Hi John
Thanks for contributing this code. I just had a quick look, and have a
couple of questions and comments:
- Could you make it compatible with 0.9.0
mannobug
/j_security_check*=channelProcessingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter
/**/*.*=channelProcessingFilter,httpSessionContextIntegrationFilter,securityEnforcementFilter
Should be:
Matt DeHoust wrote:
I have found the process outlined in Suggested Steps to be sound
(http://acegisecurity.sourceforge.net/suggested.html). Also, the
reference guide is quite good
(http://acegisecurity.sourceforge.net/reference.html). I'm sure you'll
find what you need if you read it. Also,
marc antoine garrigue wrote:
Hi Ben, All,
I’ve replaced the Thread.sleep(xxx) by a while routine in the test
instead of breaking the captcha security context api.
I’m not proud of this :(, but it should solve the problem.
I can’t reproduce the build break on my system, is it possible for
Ben Alex wrote:
Luke Taylor wrote:
I think I probably forgot to set the cron job to kick off the script on
SF when I reinstalled my server. If someone could remind me where the
script is again that would be useful :).
shell.sourceforge.net:/home/groups/a/ac/acegisecurity/daily.sh
Hi
John Lewis wrote:
- You are correct that the portlet container performs the
authentication and then provides a String username to portlets running
within the portlet container. It is very similar to CAS and X509 and
I modeled the code after those two quite a bit. Unfortunately, the
JSR-168
Hi Mark
Mark St.Godard wrote:
I can exclude the samples/attributes project to get around the Java 5
compile issues, we discussed before.
That is fine. The samples/annotations should also be excluded from the
auto-build, as we don't want users to be forced to have Java 5 to do a
basic build
Eric Hedström wrote:
So is there ever a reason to set the system property, rather than
allowing each webapp to add a login.config.url? Am I doing something
horribly wrong, or shall I open a Jira ticket or two?
Hi Eric
Ray wrote the JAAS provider, so he's probably best to answer. Would you
Hi Carlos
Carlos Sanchez wrote:
Hi,
I've uploaded the results of the cobertura report for acegi core
Thanks for adding Cobertura.
The second one requires maven 1.1, which I plan to support asap
http://opensource2.atlassian.com/projects/spring/browse/SEC-57.
Please let the list
Carlos Sanchez wrote:
m2 is absolutely faster, but
it still lacks the functionality of all those maven 1 plugins out
there. m2 is absolutelly worth for compiling and running the tests.
I am really looking forward to Maven 2, mainly for its speed and native
plugins. I don't use many
David Medinets wrote:
I'm trying to use ACEGI to do some method-level access control. I seem
to have everything connected but when I create an object I see a
message saying that the object is public so the access control is not
used.
How do I create a private object?
I can provide the Spring
David Medinets wrote:
So the obvious question is: How can a private object be created? I see
not Spring or ACEGI documentation regarding private vs pubic objects.
If you can help, I'd be grateful.
I see no problem with your configuration. You are obtaining an AOP proxy
object from the IoC
Mark St.Godard wrote:
Has anyone done something similar?
Not that I'm aware of.
Ben
---
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more.
Marco Mistroni wrote:
however, when i go thru login page and i enter blank username and
blank contact, i receive an error 'invalid username or password'.
Hi Marco
If you attempt to login with a blank username or password,
AuthenticationProcessingFilter will (quite rightly) throw an
Bill Barr wrote:
I would certainly like to have that conversation.
--- Mark St.Godard [EMAIL PROTECTED] wrote:
You'd have to ask Ben and Carlos, (as Ben is the project admin and
Carlos is
all things build related)
however I would assume it would have to be a new project on
Bill Barr wrote:
Thanks for replying, Ben. In a separate thread with the spring.net team,
they would like a .net version of acegi but, they don't have the time for
it so, it's not a high priority for them.
Do you need some help on the Java edition?
Hi Bill
There's something like 50
Patrick Huber wrote:
Works for me, yet my application is pretty small.
I've had to change a call in the authentication tag.
I'm using pretty much every component except for instance-based
security. I use them a described in the docs/tutorials.
Hi Patrick
Thanks for the feedback. I've
Herryanto Siatono wrote:
Yep Ben, I'm using yesterday's check out.
Thx for the fast reply.
I've checked in a change that I believe will correct it by moving the
sessionController.checkAuthenticationAllowed(Authentication) to after
the ProviderManager authenticates successfully, and
Herryanto Siatono wrote:
Btw, is v1.9 really checked in? coz I'm still seeing 1.8 in the cvs. :)
It's just the SF CVS sync delay. It'll show up in a few hours.
---
SF.Net email is sponsored by:
Tame your development challenges with
Herryanto Siatono wrote:
Seems like the exceptionMappings does not contain UsernameNotFoundException.
Yes, you're correct. I just added it. ProviderManager v 1.10 is in CVS now.
---
SF.Net email is sponsored by:
Tame your development
[EMAIL PROTECTED] wrote:
When using Eclipse 3.1 there are quite a few (520) source code warnings
displayed in the Problems view.
At some point I'd like to resolve as many of these as makes sense (like
unuseed imports) and then to update the .settings/org.eclipse.jdt.core.prefs
file to ignore
Hi everyone
The JIRA changelog is now complete, and I've just updated the reference
guide to reflect the latest changes:
http://opensource2.atlassian.com/projects/spring/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel
I would like to propose we release 0.9.0 at this
Herryanto Siatono wrote:
Just a point to ponder, for AuthenticationException thrown after user has
been checked against the database, (e.g. BadCredentialsException), should it
contain the UserDetails generated by the authentication provider?
Reason behind, for cases where the username is
[EMAIL PROTECTED] wrote:
[11/7/05 15:24:43:513 EST] 5a6d5a6d WebGroup E SRVE0026E:
[Servlet Error]-[Filter [Acegi Filter Chain Proxy]: filter is
unavailable.]: java.lang.NullPointerException
at java.lang.Throwable.init(Throwable.java)
at
Tim Kettering wrote:
My gut says this is a bug, but since this code was committed back in
July, I find it strange that nobody else has encountered this by
now... is there something I'm missing?
I've modified the AnonymousProcessingFilter to now only clear the
SecurityContextHolder if the
Matt Raible wrote:
// log user in automatically
Authentication auth = new UsernamePasswordAuthenticationToken
(user.getUsername(), user.getConfirmPassword());
auth.sentAuthenticated(true);
try {
ProviderManager authenticationManager = (ProviderManager)
Ben Alex wrote:
I'd prefer to avoid multiple releases floating around. We should
revert back to a standard ThreadLocal and not an
InheritableThreadLocal and release 0.9.0. Does anyone really require
InheritableThreadLocal behaviour?
I've checked in the change to use ThreadLocal
Brian Moseley wrote:
in upgrading from 0.8.2 to 0.9.0-SNAPSHOT, i see that the mechanism
for handling authentication exceptions has changed. specifically, an
authentication event is now required. what is the justification for
requiring an event rather than making it optional?
I've just
Dunstan Tom wrote:
This is all using basic authentication, with the acegi filters ordered
thusly (in the filterChainProxy): basicProcessingFilter,
anonymousProcessingFilter, securityEnforcementFilter.
Hi Tom
HttpSessionContextIntegrationFilter has a finally clause that should
clear the
Hi everyone
As some of you have noticed, the CVS is currently broken.
A few days back I logged a job,
https://sourceforge.net/tracker/?func=detailatid=21aid=1355843group_id=1,
to have directories moved around to meet the new package top level
naming convention. For unclear reasons
Hi everyone
http://acegisecurity.org/powering.html now lists projects (open source
and commercial/internal) that are using Acegi Security. If you're using
Acegi Security within your application, it'd be great if you emailed me
off-list a sentence that we can include on this page. No
Richard Clark wrote:
I'm trying to check out and try ACEGI for the first time, but CVS is
broken and I can't complete the checkout. Following the instructions
for checking out via maven, or using the instructions for an anonymous
CVS checkout (cutting and pasting the commands to be safe), CVS
Jettro Coenradie wrote:
I am having problems as well. tried it with maven and eclipse, both
the same result.
The SF job is now reported as corrected - can someone who was
experiencing the issue please confirm?
Thanks
Ben
---
This SF.Net
Hi everyone
We're making good progress towards releasing 1.0.0 RC 1, the target date
of which is 4 December 2005 (to coincide with The Spring Experience).
*** Would the community please report any outstanding bugs in JIRA ASAP
so they are tracked and fixed. Thanks. ***
The outstanding
Carlos Sanchez wrote:
I believe this can be solved upgrading the jalopy version
http://jalopy.sourceforge.net/
Let me take a look.
I should have done more digging before my post.
http://jalopy.sourceforge.net/jalopy/changes-report.html indicates that
release 1.5b1+ supports Java 5. I just
Mark St.Godard wrote:
Hey Ben,
Have you had any luck getting the latest Jalopy plugin ?
When I go to:
http://jalopy.sourceforge.net/jalopy/download.html
I get 404s will try again.. could be SF
I used http://jalopy.sourceforge.net/jalopy-eclipse/downloads.html.
Alternatively,
Samuel Le Berrigaud wrote:
1) the class doesn't compile correctly with maven
org.acegisecurity.intercept.method
MethodDefinitionSourceEditorTigerTests, the cause being that the main
method references the MethodDefinitionSourceEditorTests class (Tiger
is missing). I think it is simply a copy
Trent wrote:
I’m seeing some odd behaviour using Acegi with JSF. Does anyone know
what causes Acegi to render the page in the “AuthenticationFailureUrl”
property from the class “AuthenticationProcessingFilter” when an
authenticated user navigates back to the login page? Also this page
Brandon Keepers wrote:
Is there a good reason for requiring constructor args instead of
setter methods for properties? I don't intend to start a flame war
about constructor vs. setter injection, but I do think the setters
should at least be an option, especially to be consistent with the
rest
Cagatay Civici wrote:
http://www.jroller.com/page/cagataycivici
http://horde/services/go.php?url=http%3A%2F%2Fwww.jroller.com%2Fpage%2Fcagataycivici
Thanks for publishing this. I've added a link to it on the Acegi
Security articles page.
Best regards
Ben
David Medinets wrote:
I did some developmental work with ACL and large tables at a previous
company. However, I did not use ACEGI. I didn't know about ACEGI at
the time. Instead I used GUID values at keys with various entities
having various permissions to access specific GUiDs. I used
David Berkowicz wrote:
A more probable and managable alternative, I think, will be to
use a better database schema.
I agree. The basic schema expected by JdbcDaoImpl is not intended for
large applications. For large applications we expect people will use a
schema optimised for their
Hi Tom
Dunstan Tom wrote:
the existing upgrade notes for 0.9.0 are
plain wrong).
I have corrected this in CVS, so at the least the public web site
(acegisecurity.org) will display the correct upgrade instructions for
those moving to 0.9.0.
- I see that Oliver Hutchison sent a
Tyler Nelson wrote:
The provider manager seems to only need one provider to authenticate,
not all . What would be the suggested way to handle this situation.
besides extending ProviderManager?
Could you subclass LdapAuthenticationProvider and override
additionalAuthenticationChecks?
For the
Hongbo HE wrote:
My config is like following:
The configuration is incorrect. In your case you will require not one
but two AnonymousProcessingFilters. The first will be the standard
AnonymousProcessingFilter which will always setup the
SecurityContextHolder with ROLE_ANONYMOUS. The
Patrick Huber wrote:
Hi Mark
I've only used acegi in a relatively small private project where I
have full control over the server. For that project, I added that
first user after creating the database trough another sql script.
That's one way. Other ways might be to use an InitializingBean
Sergio Bossa wrote:
One implementation could be to add a call to a template method into
AbstractProcessingFilet.successfulAuthentication(HttpServletRequest
request, HttpServletResponse response, Authentication authResult)
method, something like :
You could also write your own custom
Sergio Bossa wrote:
I don't see how implementing a custom AuthenticationEntryPoint would
solve my problem, which is not related to the login page, but rather
to the page displayed after successfull login.
It could be done by using the AuthenticationEntryPoint to modify the
target URL defined
Vijay Varadan wrote:
Reducing the size of the build output and reattaching so it doesn't
require moderator approval.
The test failure is occurring as follows:
[junit] Running
org.acegisecurity.providers.anonymous.AnonymousProcessingFilterTests
[junit] Tests run: 5, Failures: 1,
Brian Moseley wrote:
where i'm stumbling is that BasicProcessingFilter immediately
authenticates the credentials it finds in the Authorization header,
and upon failure it commences its configured authentication entry
point. why does it do this? why doesn't it simply set up an
authentication
Brian Moseley wrote:
so, i'll work up a patch tomorrow that adds an ignoreFailure
property to BasicAuthenticationFilter (or to its superclass, if
appropriate) and send it in. thanks for the suggestion!
I've logged it as
http://opensource2.atlassian.com/projects/spring/browse/SEC-180 and just
Dear Spring Community
I'm pleased to announce that Acegi Security release 1.0.0 Release
Candidate 2 is now available. This release includes over 50 improvements
and fixes since 1.0.0 RC1, including comprehensive new LDAP
capabilities. We recommend that users upgrade to 1.0.0 RC2 in order to
[EMAIL PROTECTED] wrote:
How can one set up acegi to accept either one of basic or digest
authentication?
Just add them both to the filter chain, and specify your preferred
default (for unauthenticated requests which attempt to access a secure
resource) as the
Brian Moseley wrote:
i've configured a custom error page for 403 responses in my web.xml. i
want that page to use the authz taglib to render itself differently
depending on whether the authentication for the request is anonymous
or represents a known user of my application.
This is
Jeoff Wilks wrote:
It's not immediately obvious to me how you'd do this, since Basic Auth
normally prompts with a 401 response. However, I could require that
machine clients proactively send the basic auth info (not waiting for
a 401), so the server just attempts to process basic auth, and
Andrey Moiseenko wrote:
Javadoc for org.acegisecurity.context.SecurityContextHolder: Associates a
given SecurityContext with the current execution thread and any new threads
the current execution thread may spawn.
Logged as SEC-188 and fixed in CVS.
Ben
Scott Battaglia wrote:
If there's interest I can write an AuthenticationHandler that
delegates to an Acegi AuthenticationManager similar to what the
current CAS adapter does.
Hi Scott
I think it would be good to have a 3.x-series compatible
AuthenticationHandler, so that people wanting
Scott Battaglia wrote:
Ben,
I'll work on a CAS3/Acegi AuthenticationHandler this week. It
shouldn't be too difficultlt. Do you think having both the
PasswordHandler and an AuthenticationHandler will cause problems? We
are in RC, so I'm not sure we want to remove the handler.
After reading
Konstantin Shaposhnikov wrote:
I would recommend you to write simple bean with getter method that
returns current logged in user from SecurityContext:
class CurrentUser {
Object getPrincipal() {
SecurityContext ctx = SecurityContextHolder.getContext();
if (ctx == null)
return
Jeoff Wilks wrote:
Ben, can you elaborate a bit on how you structured your DB schema for
ACLs? I'm facing this problem right now (need ACLs at both app level
and database level), and I would appreciate understanding a little
more about the intent of the Acegi design in that respect.
Hao Chen wrote:
I thing I can
think of is to change the GrantedAuthorities
dynamically for every request based on which workspace
the user is trying to access. Will this work?
That will work, but it means you will be using AuthenticationManager
again for every request and you will need to be
Tim Kettering wrote:
I scoured the forums and mailing list and did not find anyone bringing
up this issue. I suspect it's because everyone (?) so far might have
been using the filter based login. Which we are not, so this would
not be a problem for them.
Hi Tim
If you are able to
Carlos Sanchez wrote:
- What is the preferred maven version? I think maven2 is easier to tame
1.0.2 is the one I used a few weeks back to successfully build Acegi
Security 1.0.0 RC2.
- Which repos are to be used?
They are defined in project.properties and you shouldn't need to
Scott Battaglia wrote:
Would it make sense to change the Object getPrincipal() method to
UserDetails getPrincipal() such that users can swap the providers
without having to worry whether the Authentication object from one
provider returns a different Principal from the other Authentication
Tim Kettering wrote:
Maybe it'd be useful if those checks found in
DaoAuthenticationProvider be made available as a pluggable component
that other AuthenticationProviders can utilize?
Hi Tim
If you please add it to JIRA, I'll make a static method that accepts a
UserDetails and throws an
[EMAIL PROTECTED] wrote:
Is it possible to secure perl scripts that are invoked as CGI programs?
FilterSecurityInterceptor works at the filter level, so if the filter
will be called, it should be able to authorize based on URI.
Best regards
Ben
Hi everyone
SourceForge have recently modified their offering so we can migrate to
SVN (without losing revision history) - see
http://sourceforge.net/docman/display_doc.php?docid=31070group_id=1#import.
I have also been using SVN recently and had good results. The Subclipse
plugin at Update
Ben Alex wrote:
Does anyone have any concerns with the project migrating from CVS to
SVN? If there aren't any objections, I'll make the change in about a
week.
Last weekend SF had some CVS issues, so I didn't make the switch as
intended.
I'm now going to hold-off doing this until early May
Hi everyone
Just wanted to let you all know that I'll be attending two conference in
Europe this June:
* The Second International Conference on Open Source Systems on 8-10
June in Como, Italy. See http://oss2006.dti.unimi.it/.
* SpringOne on 15-16 June in Antwerp, Belgium. I'll be
Konstantin Shaposhnikov wrote:
I think that functionality provided in acegi 0.9.0 was quite useful,
because ant patterns much more flexible then those provided by
servlet-api, so it would be good to restore this behavior - when value
is empty then no filters will be applied to request.
Please
Marc-Antoine Garrigue wrote:
I see 3 solutions :
I will refer this one to Scott, as he maintains the CAS integration
these days. Scott, your thoughts?
Cheers
Ben
---
Using Tomcat but need to do more? Need to support web services,
[EMAIL PROTECTED] wrote:
I've managed to authorize my perl scripts now as expected.
Now I need to send some data from my java filters i.e. roles possessed by the
user to the CGI perl script but I don't know how to do this.
Any suggestion?
What exact approach are you using to run your Perl
Ben Alex wrote:
Last weekend SF had some CVS issues, so I didn't make the switch as
intended.
I'm now going to hold-off doing this until early May, because I'm
largely on the road until then and don't want to change things and be
unavailable if anything goes wrong. Just wanted to let
Hi everyone
Last night I went through all open JIRA tasks. Most are now assigned to
a target release and a specific developer. I would like to release 1.0.0
final in around two weeks, and I have set aside some days to work
exclusively on Acegi Security in this period.
Would developers
Carlos Sanchez wrote:
Looks right, only that
https://svn.sourceforge.net/svnroot/acegisecurity/trunk/CVSROOT should
be deleted
Thanks for the feedback, Carlos.
Re CVSROOT, that's an artifact of the cvs2svn process. Even
automatically migrated SF repositories (eg Spring Rich Client) have
Scott Battaglia wrote:
I'm looking at re-working the CAS (some of it based on the new CAS
client code). Would you prefer I wait until after the Acegi 1.0.0
Final release (i.e. target 1.1) and just focus on the current open CAS
issues?
Hi Scott
I am trying to get 1.0.0 final out within a
Hi everyone
For the sake of consistency and ease of reviewing history logs, would
developers please always format SVN commit messages to begin with the
JIRA issue number, followed by a colon, then a brief description of the
check-in. More detailed messages can be placed in the JIRA task. eg:
Vikas Sasidharan wrote:
I am not so enthusiastic about setting the flag to true. Could anybody
suggest some other possible alternatives? My last option is to have a
custom MethodSecurityInterceptor that enables separation of
before-invocation and after-invocation interception.
The problem is
Ben Munat wrote:
I'm using RC-2 and I think I'm having trouble with the
IllegalStateException problem as detailed in SEC-211. It appears that
this issue is fixed in CVS, but won't be in a release until 1.0 final.
Wondering if you guys are close on final (like in the next week or
so), or if I
Richard Han wrote:
My question probably is more suitable to user-list, but we don't have one.
Anyway, I am new to acegi, my question is, how do you customize role names,
for instance, if I want to use ROLE_STUDENT, ROLE_PROFESSOR, how would I let
acegi recognize them?
In two places:
1.
Hi everyone
I would like to release 1.0.0 final on Friday 26 May. All JIRA issues
assigned to me are now either completed or marked for a future release.
Please note that source code reformatting with Jalopy has been completed
(SEC-97) and the /jalopy.xml file revised. One of the changes
Joern Huxhorn wrote:
It's possible that I'm missing something but I think it should be
removed from the jar.
It has already been taken care of. See SEC-240.
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Angelo Luis wrote:
this is not fixed:
http://opensource.atlassian.com/projects/spring/browse/SEC-99
It isn't fixed for the reasons I provided in the comment, being:
I wish there was a simple way of resolving this issue, but whatever we
do would inevitably break backward compatibility and
Dear Spring Community
After more than two and a half years of development, I am delighted to
announce that Acegi Security 1.0.0 is now officially released.
In addition to more than 80 improvements and fixes since 1.0.0 RC2, this
new release also includes several changes to help new users. This
Matthew Holt wrote:
1. Read SSO cookie username.
2. Check username against LDAP.
You need to write an authentication mechanism that can setup the
SecurityContextHolder with an Authentication object representing the
username derived from your SSO cookie. Usually this will be
Andrew Perepelytsya wrote:
1. Where is
net.sf.acegisecurity.context.ContextInvalidExceptionContextInvalidException
now? What is the replacement for it?
2. The SecureContext class had the validate() method, but I can't find it in
SecurityContext now, neither does SecurityContextImpl contain
[EMAIL PROTECTED] wrote:
Hi All,
In the Docbook, at the end of Chapter 9: Siteminder
Authentication Mechanism, someone added a TODO suggesting that a
dedicated AuthenticationProvider be created instead of users having to
modify their DaoAuthenticationProvider. They don't actually,
Brian Pontarelli wrote:
Hello everyone. I'd like to try one last time to get some backing from
the Acegi developers for a patch to include AJAX login support into
Acegi. I have written all of the code and just need to finish test
cases, but I'd like to commit this back into the main line
Luke Taylor wrote:
I agree that reusability is important but I'm not convinced that these
changes are justified on this basis, or that is just about balancing
reusability and ease of use. The use of constructor arguments is about
guaranteeing that objects can only be created with a specific
Kirin Eugene wrote:
I want to allow to watch this link not all users with user permission,
but only user with concrete ID. Other words, if user has the user role and
id = 5,
then to show link. Do you know how better it to implement?
The taglib is designed only to work with roles. You'll
Kujat, Aaron wrote:
I have downloaded the acegi-security-1.0.1 release from a number of
mirrors now and I have not been able to find a properly signed jar file.
Hi Aaron
The JARs were not signed in 1.0.1 and this is not a problem. You can
read more at
201 - 300 of 360 matches
Mail list logo