Re: [Acegisecurity-developer] Re: Acegi Security - new release 0.8.1

2005-03-23 Thread Ben Alex 
Rob Moore wrote:
I have no problem with it, but how do I get User from SecureContext?
((UserDetails)SecureContextUtils.getSecureContext().getAuthentication().getPrincipal()).getUsername();

---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Humanity concerns

2005-03-23 Thread Ben Alex 
magarrigue wrote:
Hi,
I will post some code here soon concerning the acegi/www.jcaptcha.net 
 integration.

The whole story is here : 
http://forum.springframework.org/viewtopic.php?p=17030#17030

Have you some requests concerning the design  ? do you agree with the 
plan ?

Thanks again for this great framework.
MAG
No concerns at all. Having used a channel processing approach, I think 
you've got the right idea. The only area to consider is how to store 
state that indicates a human was processed. An extended SecureContext is 
the most logical way, but equally it might be preferable to not store it 
at all. Do MethodSecurityInterceptor or FilterSecurityInterceptor really 
need to know a human user was authenticated? Surely it's more a concern 
of the channel processing filter configuration, and they shouldn't need 
to be separately advised of it. I guess we could offer a protected 
method so applications that need this information can use a custom 
SecureContext or some other mechanism.

Thanks for your offer to share the code. I'll be only too happy to add it.
Cheers
Ben
---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Re: Acegi Security - new release 0.8.1

2005-03-23 Thread Rob Moore 
Hi, Ben,
I have no problem with it, but how do I get User from SecureContext?
Thanks,
Rob
Ben Alex wrote:
Hi Rob
I did consider this, but I felt users wanting a username would have been 
using User.getUsername(). I personally use .toString() for debugging, 
and find the extra details helpful. Any concerns with swapping to 
getUsername()?

Cheers
Ben

---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Humanity concerns

2005-03-23 Thread magarrigue 








Hi,

I will post some code here soon concerning the acegi/www.jcaptcha.net integration.

The whole story is here : http://forum.springframework.org/viewtopic.php?p=17030#17030

Have you some requests concerning the design  ? do
you agree with the plan ?

Thanks again for this great framework.

MAG

Re: [Acegisecurity-developer] Re: Acegi Security - new release 0.8.1

2005-03-23 Thread Ben Alex 
Rob Moore wrote:
I think a bug has been introduced in the 0.8.1 enhancement to 
User.toString(). Previously, calling 
SecureContext.getAuthentication().getName() returned the usernname. 
Now it seems to return the result of User.toString().

Here's an example of what I'm seeing on the getName() call:
[EMAIL PROTECTED]: Username: myUser; 
Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; 
credentialsNonExpired: true; AccountNonLocked: true; Granted 
Authorities: ROLE_IT_ADMINISTRATOR, ROLE_PURCHASING_MANAGER, 
ROLE_ACCOUNTING, ROLE_PRICING_MANAGER, ROLE_PURCHASING_CLERK, 
ROLE_USER, ROLE_OPERATIONS_MANAGER, ROLE_PRICING_CLERK, 
ROLE_OWNER_OPERATOR ***

Whereas previously I would have gotten back simply 'myUser'.
Regards,
Rob
Hi Rob
I did consider this, but I felt users wanting a username would have been 
using User.getUsername(). I personally use .toString() for debugging, 
and find the extra details helpful. Any concerns with swapping to 
getUsername()?

Cheers
Ben
---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] No setter for AbstractProcessingFilter.credentialsExpiredFailureUrl

2005-03-23 Thread Ben Alex 
Alex Burgel wrote:
Hi,
in 0.8.1, there's no setter for credentialsExpiredFailureUrl in
AbstractProcessingFilter.
--Alex
 

Fixed in CVS.
Ben

---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Using MySql database for Contacts Sample

2005-03-23 Thread Ben Alex 
Mike wrote:
My questions:
- Can we make DataSourcePopulator a generic Populator, in order to
support multiple databases for testing ?
 

The goal of Contacts is to give people a non-trivial (in terms of 
security) and self-contained (ie no external database server required) 
application. My only concern with offering a generic Populator is people 
would expect the project to maintain compatibility with multiple 
databases. It's also not really part of the scope of the application, in 
that we're not trying to offer a stand-alone product people can deploy 
and use in their target environment. If you have a way of addressing 
these concerns, I am happy to offer the extra flexibility. It might be 
as simple as modifying the SQL to be more portable.

- Does anybody know the equivalant of "ID INTEGER GENERATED BY DEFAULT
AS IDENTITY(START WITH 100)" in MYSQL world?
 

Sorry, I use Postgres mostly.
Best regards
Ben

---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] AuthenticationTag setting scoped variable?

2005-03-23 Thread Ben Alex 
Brian Moseley wrote:
has there been any discussion of having AuthenticationTag setting a 
scoped variable rather than writing the principal's username to the 
output stream?

if folks think it's a good idea to offer both usages, and nobody's 
implemented it somewhere already, i'd be happy to work up a patch.

thanks!

Extra flexibility can't hurt, so feel free.
Ben

---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Re: Acegi Security - new release 0.8.1

2005-03-23 Thread Rob Moore 
I think a bug has been introduced in the 0.8.1 enhancement to 
User.toString(). Previously, calling 
SecureContext.getAuthentication().getName() returned the usernname. Now 
it seems to return the result of User.toString().

Here's an example of what I'm seeing on the getName() call:
[EMAIL PROTECTED]: Username: myUser; 
Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; 
credentialsNonExpired: true; AccountNonLocked: true; Granted 
Authorities: ROLE_IT_ADMINISTRATOR, ROLE_PURCHASING_MANAGER, 
ROLE_ACCOUNTING, ROLE_PRICING_MANAGER, ROLE_PURCHASING_CLERK, ROLE_USER, 
ROLE_OPERATIONS_MANAGER, ROLE_PRICING_CLERK, ROLE_OWNER_OPERATOR 
***

Whereas previously I would have gotten back simply 'myUser'.
Regards,
Rob

---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] AuthenticationTag setting scoped variable?

2005-03-23 Thread Brian Moseley 
has there been any discussion of having AuthenticationTag setting a 
scoped variable rather than writing the principal's username to the 
output stream?

if folks think it's a good idea to offer both usages, and nobody's 
implemented it somewhere already, i'd be happy to work up a patch.

thanks!
---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] No setter for AbstractProcessingFilter.credentialsExpiredFailureUrl

2005-03-23 Thread Alex Burgel 
Hi,

in 0.8.1, there's no setter for credentialsExpiredFailureUrl in
AbstractProcessingFilter.

--Alex




---
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Acegi Security - new release 0.8.1

2005-03-23 Thread Ben Alex 
Hi Xi
Xi Ping Wang wrote:
Hi Ben,
 I found two bugs of contacts sample on current CVS and 0.8.1.
1.wrong class position on clientContext.xml
	
class="net.sf.acegisecurity.ui.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
should be 
	
class="net.sf.acegisecurity.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>

 

Thanks for that, I've now fixed it in CVS.
2. hessian and burlap remoting clients failed to access server. I
think the problem is from the jars of spring 1.1.5 . Because they are
ok when they uses spring 1.1.3 .
 

I haven't had a chance to look into this. I tend to use HttpInvoker 
generally, as it offers more reliable serialization. Could you post a 
little more info (eg error messages)?

Cheers
Ben
---
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer