Re: [Acegisecurity-developer] Acegi J2ME client
Hello Ben, yes, SOAP is too heavy, but not kSOAP (SOAP for kvm).. question that i have was, rather than J2ME based, more on the security stuff and how acegi works. Please correct me if i am wrong, but in normal web user interaction, user logs in to my application and has an HttpSession associated with him. Now, i suppose somehow acegi is able to interact with HttpSession, so that as long as user has a session, every action that he/she does will be 'catched' by acegi to see if user is authenticated/authorized, correct? because it will look little 'silly' to me to perform authentication all the time (as far as i can see, authentication should be done once when user logs in, and after that acegi will check if user is AUTHORIZED to do certain actions, correct?) Now, i was wondering 'where is the hook' so that aceci knows that user is already been authenticated, and now it needs to be authorized. Because i will need that hook in a J2ME client, so that my J2ME client gets authenticated initially, and after that my app will check (via acegi) if the authenticated user is authorized, instead of checking authentication for every request. is there a link between acegi and HttpSession? thanx in advance and regards marco On 5/22/05, Ben Alex [EMAIL PROTECTED] wrote: Marco Mistroni wrote: hello all, i plan to use acegi as security framework for my webapplication... however i want to have also J2ME clients which will communicate using SOAP API.. will i have any problems for that? i want to avoid J2ME client to login all the time has anyone any idea on how can i achieve that? Hi Marco Sorry, I haven't done any work with J2ME, so I'm not in a position to answer your questions. I am actually a little curious about this myself, especially as I had read SOAP was too heavy-weight to use in small footprint devices like J2ME platforms... Does any else on this list have any J2ME experience? Cheers Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12alloc_id344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] acegi Mysql
Hello Ben, thanx, following those links i was able to see the 'power' of acegi!! it's simply great! i have one question though.. in one of sampe sql files, password were encrypted... and i was wondering how to deal with encryption in acegi 1 - which encryption mechanism is used? 2 - if i want to add a new user, how do i encrypt its password? 3 - how and when (and which parameter is used) for encrypting the passsword provided via the web to acegi so that the validty can be checked against the database? is it hte saltSource parameter of authenticationManager? where can i get the sources of the Contacts application? thanx in advance and regards marco On 5/20/05, Ben Alex [EMAIL PROTECTED] wrote: Marco Mistroni wrote: hello all, i am trying to run acegi contacts sample with MySQL, and i am getting errors during initialization due to dataSourcePopulator. Looks like MySQL 4.1 does not accept the syntax used by populator.. i don't have source files for contacts, so best i can do is to disable dataSourcePopulator and create tables myself.. anyone has sample sql of tables that need to be created? thanx and regards marco Hi Marco Try: http://forum.springframework.org/viewtopic.php?t=1346 http://forum.springframework.org/viewtopic.php?t=3750 http://forum.springframework.org/viewtopic.php?t=1061 http://forum.springframework.org/viewtopic.php?t=4665 Cheers Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12alloc_id344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi J2ME client
Marco Mistroni wrote: is there a link between acegi and HttpSession? Hi Marco Yes, there is. Internally Acegi Security uses a ContextHolder (SecurityContextHolder from 0.9.0 and current CVS) for all of its interactions. It's just a ThreadLocal. So the various authentication mechanisms (BASIC, Digest, CAS, form etc) put an Authentication object into the ContextHolder, and Acegi Security retrieves it from there whenever required. HttpSessionContextIntegrationFilter is responsible for copying the contents between the ContextHolder and the HttpSession at the start and end of each web request. As such, if your J2ME system is able to maintain the standard jsessionid or cookie-based session identifier, you shouldn't have any problems. HTH Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] acegi Mysql
Marco Mistroni wrote: Hello Ben, thanx, following those links i was able to see the 'power' of acegi!! it's simply great! i have one question though.. in one of sampe sql files, password were encrypted... and i was wondering how to deal with encryption in acegi 1 - which encryption mechanism is used? 2 - if i want to add a new user, how do i encrypt its password? 3 - how and when (and which parameter is used) for encrypting the passsword provided via the web to acegi so that the validty can be checked against the database? is it hte saltSource parameter of authenticationManager? Acegi Security doesn't have any encryption libraries. Encryption is two directional, as in you can take unencrypted input, encrypt it, then decrypt it back to the original. Acegi Security uses one-way hash algorithms such as MD5 and SHA1, which take unencrypted input and generate a hash code. A hash code cannot be used to regenerate the original unencrypted input. The DaoAuthenticationProvider offers a PasswordEncoder property that handles all of this. It's discussed further at http://acegisecurity.sourceforge.net/docbook/acegi.html#security-authentication-provider-dao and in the JavaDocs. where can i get the sources of the Contacts application? CVS. Take a look at http://acegisecurity.sourceforge.net/cvs-usage.html. Best regards Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] LDAP instead of DBMS
hello all, i kindly wanted to submit you a question. I have to decide if my application has to make the authentication using the classical method, via jdbc to DBMS, or, I would be more directed toward the use of an external component, a LDAP server. Someone of you has used this type of solution, maybe using the implementation of LdapPasswordAuthenticationDao? I think that this solution it's more safety and versatile in an university contest. I thought that office (secretary of department, for example) can use LDAP more easily than a DBMS; for example using the info of users to send mail or something else regard office operation, they just open their mail client (e.g.) and connect to LDAP server. Do you think it can be a good idea? thanks everybody. Kind regards P.S.: i have realized to have been wrong to write your name, Ben, sorry for my mistake :-) -- - Unless unavoidable, no Word, Excel or PowerPoint attachments, please. See http://www.fsf.org/philosophy/no-word-attachments.html - --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer