[Acegisecurity-developer] Stand up and be counted
Dear Acegi Security users If you're using CAS, you might like to assist Andrew Petro (who maintains CAS itself) with the following. If you do reply to Andrew, I'd appreciate it if you'd cc: me so I too can see where CAS is being used along with Acegi Security. We should think about doing something like this for Acegi Security itself Best regards Ben Original Message Subject:Stand up and be counted Date: Tue, 29 Jun 2004 13:01:28 -0400 From: Andrew Petro [EMAIL PROTECTED] Reply-To: Yale CAS mailing list [EMAIL PROTECTED] To: Yale CAS mailing list [EMAIL PROTECTED] CAS community, I'd like to compile a list of institutions using CAS. If you'd like to be on the list, please reply to me directly (no need to hit the list) with as much of the following information as you would like: 1) Name of institution 2) URL of main web presence of institution 3) Name email address of a technical contact who would like to be available to discuss the experience of installing / using CAS 4) CAS Login URL - so we can compare login page look and feel 5) Whether you're using CAS 2.0 Proxy CAS functionality 6) Any additional information - how many users you have, if you churn through some extraordinary number of tickets, what interesting applications you have CASified; interesting fail-over tricks, load balancing, user authorization solutions -- anything you'd like to share. Provide as much or as little information as you would like. What I will then do is post these submissions in answer to the question Who is using CAS? on the CAS FAQ. Thanks, Andrew microcline at gmail.com [EMAIL PROTECTED] ___ Yale CAS mailing list [EMAIL PROTECTED] http://tp.its.yale.edu/mailman/listinfo/cas --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] hibernate compatability ( blah blah blah )
bryan wrote: Then my methods that are in the orderService class can call systemUserHolder.getSystemUser.getId() and do searches for example where the user is only allowed to see financial data for a certain region. I am very much new to Spring so if I'm completely off the mark here feel free to flame me. I think this code will be a good reference implimentation if I can get it working good. --b Hi Bryan Not sure what you're trying to do, but on first glance there should be no need to have your orderServiceTarget have a reference to systemUserHolder. Typically any security checks would take place within an AccessDecisionVoter, which is handed the Authentication object directly. Should the Authentication object require some custom methods, you'd probably achieve that by implementing a custom AuthenticationDao (assuming you're using DaoAuthenticationProvider, which is most common). Now if the custom methods only relate to access control, you'd be well served to check out the new net.sf.acegisecurity.acl.basic package, as it would probably solve your goals in a more efficient way. If you could let the list know what you're trying to achieve at a functional level, we'd be able to point you to specific classes and interfaces to implement etc. Best regards Ben --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] AuthByAdaptors and SecurityContext
Hi, If one is authenticating using JAAS to create an AuthByAdaptor Authentication object (e.g. using JBossAcegiLoginModule), how do you then get the SecureContext populated when not using a web-layer - and thus not able to use an IntegrationFilter such as the JbossIntegrationFilter? Or do I have to create my own MethodInterceptor around all my secure method calls to check for the SecureContext, and if not found, try to retrieve it from its 'well-known location'? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] AuthByAdaptors and SecurityContext
Sean Radford wrote: Hi, If one is authenticating using JAAS to create an AuthByAdaptor Authentication object (e.g. using JBossAcegiLoginModule), how do you then get the SecureContext populated when not using a web-layer - and thus not able to use an IntegrationFilter such as the JbossIntegrationFilter? Or do I have to create my own MethodInterceptor around all my secure method calls to check for the SecureContext, and if not found, try to retrieve it from its 'well-known location'? Hi Sean There is no way included with Acegi Security to populate the ContextHolder from the JBoss JNDI location except via the JbossIntegrationFilter. So you'll have to experiment with an alternative way (sorry about that). Best regards Ben --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer