Hi Vikas,
I have used a Servlet Filter to detect if the session id is present, or if
it has changed... to trigger a redirect to a session timeout page.
Cheers
Mark
On 3/21/07, Vikas Sasidharan [EMAIL PROTECTED] wrote:
Hi,
In our application, we have the (seemingly common) requirement
I asked the same question to Rod @ TSE, as well talked with Ben
and there is no immediate intention to change the source code
packaging, rather its an explicit rebranding to reflect that it is a
part of the Spring portfolio.
Also this keys into the release train concept discussed at TSE...
Hi Jason,Can you clarify what you mean byI want to be able to impersonate another
user (i.e. switch user) for a specific authority that I don't want to
allow when impersonating.Do you mean that once you switch to a user, you dont actually want to run with that target user's authorities?User A
Hi Jason,Thanks for the example... yes, for your case, the switch user filter does not filter the authorities... This would require an improvement to the current implementation to optionally filter target authorities.
I would suggest either creating a JIRA entry for this improvement, so we can
Yeah, its definitely a Classloading problem
Basically a Commons class is being loaded, but the wrong version
Application servers / servlet containers sometimes bundle their own
version of Commons... so depending on what Classloader picked it up..
thats the class it will use their after.
Great job Ben et gang
Just a note, Ben I will be updating the contacts-tiger sample project,
I noticed it was not converted over. I will create an JIRA entry for
myself and update this tomorow.
Also with Spring 2.0, I noticed that a jira entry was created for
namespace handlers, XSD support,
MethodSecurityInterceptors using the new Aspect pointcuts.
Not sure if we should also include examples of usage using Spring 2.0?
I assume we need to wait for it to go final.
Uri is on it...Great, I'll keep my eyes posted for acegi:config :)
Cheers
Mark
On 5/30/06, Ben Alex [EMAIL PROTECTED] wrote:
Mark
+1
On 3/25/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
No concerns here.
Scott
-Original Message-
From: Ben Alex [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 25, 2006 5:43 AM
To: acegisecurity-developer@lists.sourceforge.net
Subject: [Acegisecurity-developer]
You can write and register a custom ApplicationListener, then check for theauthentication failure event... you can do something to update the failed logon attempts, then on subsequent logon attempts you will probably have to check the logon attempts count something like that.
Acegi does not
Hi Justin,
I would open a JIRA item and attach the details.
http://opensource2.atlassian.com/projects/spring/browse/SEC
Cheers,
Mark
On 12/29/05, Justin Garten [EMAIL PROTECTED] wrote:
Hi,I haven't been able to find an area for submitting documentation edits.I'm just working through the docs
Hi John,
The Acegi Java 5 Annotations approach is very similiar to that of the
Commons Attributes configuration. (except instead of using doclet, its
using Java 5 annotations)
Please see the Reference Guide (search for annotations) for example config.
i.e.
bean id=attributes
Ben M - I would submit an JIRA entry and people could vote on it , plus it would also get more visability.
You found a need for it could be useful to other Acegi users.
Cheers,
Mark
On 11/17/05, Scott McCrory [EMAIL PROTECTED] wrote:
Quoting Ben Munat [EMAIL PROTECTED]: So, should I take
Hi Scott,
From my perspective, I always saw the AuthenticationDao as just that... a pluggable interface for authentication data access (i.e.in-memory, jdbc, ldap, etc.)
I personally dont see this interface at a Service Layer level?
The AuthenticationProvider err.. provides a layer ontop of the
Ben, Scott,
Scott what version of Websphere are you running? What JRE/JDK version?
Ben the code looks fine... seems abnormal for InheritableThreadLocalto NPE...
Scott, try without the InheritableTL or as Ben suggests try a different servlet container / appserver if you can.
Cheers,
Mark
On
+1
On 11/6/05, Ben Alex [EMAIL PROTECTED] wrote:
Hi everyoneThe JIRA changelog is now complete, and I've just updated the referenceguide to reflect the latest changes:
http://opensource2.atlassian.com/projects/spring/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel
I would
Hi Vijay,
I am pretty sure the commons attribute plugin was removed to accomodate the Java 5 annotations samples.
Ben mentioned that using Java 5 compiler and the commons-attributes plugin would cause errors.
We discussed disabling that plugin so that we could properly build the Java 5
[EMAIL PROTECTED] wrote:
Mark,Thanks for the pointer. I'll be sure to ask over there, too. If I can findsome interested people, would it make sense to add a C# branch to the
Acegi project?Bill--- Mark St.Godard [EMAIL PROTECTED] wrote: You might want to check with the Spring .NET team to see
You might want to check with the Spring .NET team to see if there is any related work on security.
http://www.springframework.net
Cheers,
Mark
On 10/17/05, Bill Barr [EMAIL PROTECTED] wrote:
Are there any plans for a .Net version of Acegi?Is there even any interest in such a beast?
Ben et al,
Has anyone implemented a custom session timeout page using Acegi yet?
As we all know, the Authentication object is stored in HttpSession between web requests logging out invalidates the session..
and inactivity destroys the session..
I am working on an app and they would like to
Hi Chris,
I really enjoy doing presentations /talks, however I am located up in Canada ;)
Cheers,
Mark
On 10/2/05, Chris Richardson [EMAIL PROTECTED] wrote:
Hello,
I organise the Java SIG that meets in Oakland (http://www.ebig.org/sig/sig.aspx?SIGid=21
), which is in the San Francisco bay area.
Hi Ben et al,
I have committed a Contacts example that uses the new @Secured and @Transactionalannotations.
I have added a /samples/contacts-tiger project that has a pre goal to also include the original Contacts source for compilation.
(so no need to duplicate code).
To try the new sample,
When you capture a failed login attempt (like in your listener)... you will need to update (i.e. increment) your User's failed login attempts.
You would need some sort of user management service in your application.. basically the application code that does the (update user set login_attempt = ?
Hi Ben,
Yeah I agree.. lets keep the base build and Contacts sample JDK 1.3 compatible.
I think I could create another sample subproject and just do some simple Ant build.xml stuff to
reuse the actual source code in the (regular) contacts example.
Ok thats I need to continue with this...
Hi Ben,
I have finished the Contacts sample application to use both Spring @Transactional and the new @Secured annotations.
However, I currently have it under the same /samples/contacts build structure.
I can exclude the samples/attributes project to get around the Java 5 compile issues, we
Hi Matt,
Thanks for the great user feedback I did the initial Switch User implementation this summer,
soI appreciate your feedback / experience whenusing yourcustom UserDetails..
I have changed the extracting of the original user to just check based on the interface (UserDetails), since
Thanks Ben,
Cheers,
Mark
On 9/18/05, Ben Alex [EMAIL PROTECTED] wrote:
Mark St.Godard wrote: Anyone else having problems with the core project tests failing?
Strange thing is all the tests run through, dont see any actual junit failures, however maven complains and says the BUILD FAILED
Thanks Matt,
I have committed the changes to CVS.
Cheers,
Mark
On 9/18/05, Matt DeHoust [EMAIL PROTECTED] wrote:
I have been using Acegi Security for a few months now with muchsuccess. I am very pleased with the framework. Great job and thanks!
Last week I tried the SwitchUserProcessingFilter
Ben et al,
I have checked in the first Annotations sample... basically a straightforward port of the samples/attributes -- samples/annotations.
Note: This sample project requires the acegi-security-tiger-0.9.0-SNAPSHOT.jar, so please ensure its built to your local maven repo.
See core-tiger/
Ben
.
Cheers,
Mark
On 8/21/05, Ben Alex [EMAIL PROTECTED] wrote:
Mark St.Godard wrote:
The HttpSessionContextIntegrationFilter should be able to set some
sort of indicator that this is the first logon attempt since it
generates a new SecurityContext however this wouldnt work for
remote client
up:
- can we package the core-tiger classes into the single acegi security dist?
- where should the new samples (for java5) be located?
Thoughts?
Cheers,
Mark
Anyway
On 8/21/05, Ben Alex [EMAIL PROTECTED] wrote:
Mark St.Godard wrote:
Ben et al,
Just a note, I have checked in some
Ben et al,
Just a note, I have checked in some initial Security annotation
support and unit tests.
(see http://opensource.atlassian.com/projects/spring/browse/SEC-4)
I will be also checking in a Contacts webapp example, however using
Spring @Transaction annotations and the new @Secured
Ben,
Re: SEC-15
I have committed the initial draft of the Switch User ('su')
functionality. I created a new filter (SwitchUserProcessingFilter)
that handles the 'switch' and 'exit' url requests.
This filter also uses the authenticationDao to allow access to load
users. A few initial assumptions
Cameron, this does not sound like the desired semantics. I have also
confirmed that this is happening on the contacts sample.
Ben, I can create a JIRA entry and fix, test and commit this today.
Cheers,
Mark
Re:
--
DaoAuthenticationProvider.java
33 matches
Mail list logo