On 11/28/05, Allen Gilliland <[EMAIL PROTECTED]> wrote: > On Mon, 2005-11-28 at 11:10, Matt Raible wrote: > > > > > > I think it's very important that we continue to have settings like this > > > come from our RollerConfig properties class. Right now this doesn't seem > > > to be an issue because the port switching logic is done using a custom > > > "secure" tag and our scheme enforcement filter. It's probably a little > > > redundant to have that stuff moving forward, but until we are sure that > > > Acegi can access the properties it needs via our RollerConfig class then > > > I am fine with just leaving things as they are. > > > > Yeah, the "secure" tag can go away - I don't believe that's in my > > patch, as well as remove it from any JSPs. > > I agree, we should probably remove it at some point in the future, but lets > not do that yet. What I have in my workspace now is working using the > RollerConfig class, so I don't want to make changes that would break that. > > > > > I'll have to do some additional work to read and configure the ports > > from roller.properties, as well as turning on secure login from > > roller.properties. With the current patch, you can configure both of > > these in web/WEB-INF/security.xml. > > I just want to clarify that it's probably more of an issue where we want the > properties read from the org.roller.config.RollerConfig class rather than a > file. The reason being that just reading from a file does us no good because > people are expected to be overriding values from the roller.properties in > their own roller-custom.properties files. > > > > > > > > Are you ready to commit that code or can I commit what I have working > > > from your last patch and then you can update that to 0.9.0 if you want? > > > > I'm ready to commit the code - it's currently running on my site and I > > haven't seen any issues. > > I say go ahead and commit whenever you get a chance. I plan on commiting a > number of things today and I'd like to a bunch of the 2.1 code into the > repository so I can begin testing.
OK, I committed it - with Acegi 0.9.0 and Spring 1.2.6 (to support Acegi). As I see it, there's a few more things we need to work on to make this a polished integration: 1. Use the ports from roller.properties to configure SSL Switching. This should be configurable with a PortResolverImpl - here's an example: http://forum.springframework.org/showthread.php?t=19903 2. Add the channelProcessFilter to the "filterChainProxy" bean if SSL should be used to secure certain pages. 3. Add support for switching to SSL based on a header value. 4. Add a drop table (and indexes) statement for 2.1 for the user_cookie table. Is there anything else I'm missing? Should I enter bugs in JIRA for these so we don't forget? The nice thing about using Acegi is now everything is configured in RollerContext.initializeSecurityFeatures(), instead of LoginServlet and LoginFilter. Matt > > -- Allen > > > >
