magarrigue wrote:
Hi,
I will post some code here soon concerning the acegi/www.jcaptcha.net
<http://www.jcaptcha.net/> integration.
The whole story is here :
http://forum.springframework.org/viewtopic.php?p=17030#17030
Have you some requests concerning the design ? do you agree with the
plan ?
Thanks again for this great framework.
MAG
No concerns at all. Having used a channel processing approach, I think
you've got the right idea. The only area to consider is how to store
state that indicates a human was processed. An extended SecureContext is
the most logical way, but equally it might be preferable to not store it
at all. Do MethodSecurityInterceptor or FilterSecurityInterceptor really
need to know a human user was authenticated? Surely it's more a concern
of the channel processing filter configuration, and they shouldn't need
to be separately advised of it. I guess we could offer a protected
method so applications that need this information can use a custom
SecureContext or some other mechanism.
Thanks for your offer to share the code. I'll be only too happy to add it.
Cheers
Ben
-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
