Re: [Acegisecurity-developer] Acegi J2ME client

[Marco Mistroni]

Hello Ben,
 yes, SOAP is too heavy, but not kSOAP (SOAP for kvm)..
question that i have was, rather than J2ME based, more on the security
stuff and how acegi works.
Please correct me if i am wrong, but in normal web user interaction,
user logs in to my application and has an HttpSession associated with
him.
Now, i suppose somehow acegi is able to interact with HttpSession, so
that as long as user has a session, every action that he/she does will
be 'catched' by acegi to see if user is authenticated/authorized,
correct? because it will look little 'silly' to me to perform
authentication all the time (as far as i can see, authentication
should be done once when user logs in, and after that acegi will check
if user is AUTHORIZED to do certain actions, correct?)
Now, i was wondering 'where is the hook' so that aceci knows that user
is already been authenticated, and now it needs to be authorized.
Because i will need that hook in a J2ME client, so that my J2ME client
gets authenticated initially, and after that my app will check (via
acegi) if the authenticated user is authorized, instead of checking
authentication for every request.
is there a  link between acegi and HttpSession?
thanx in advance and regards
   marco


On 5/22/05, Ben Alex [EMAIL PROTECTED] wrote:
 Marco Mistroni wrote:
 
 hello all,
 i plan to use acegi as security framework for my webapplication...
 however i want to have also J2ME clients which will communicate using
 SOAP  API..
 will i have any problems for that?
 i want to avoid J2ME client to login all the time
 has anyone any idea on how can i achieve that?
 
 
 
 Hi Marco
 
 Sorry, I haven't done any work with J2ME, so I'm not in a position to
 answer your questions. I am actually a little curious about this myself,
 especially as I had read SOAP was too heavy-weight to use in small
 footprint devices like J2ME platforms...
 
 Does any else on this list have any J2ME experience?
 
 Cheers
 Ben
 
 
 ---
 This SF.Net email is sponsored by Oracle Space Sweepstakes
 Want to be the first software developer in space?
 Enter now for the Oracle Space Sweepstakes!
 http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
 ___
 Home: http://acegisecurity.sourceforge.net
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12alloc_id344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] acegi Mysql

[Marco Mistroni]

Hello Ben,
  thanx, following those links i was able to see the 'power' of
acegi!! it's simply great!
i have one question though..
in one of sampe sql files, password were encrypted... and i was
wondering how to deal with encryption in acegi
1 - which encryption mechanism is used?
2 - if i want to add a new user, how do i encrypt its password?
3 - how and when (and which parameter is used) for encrypting the
passsword provided via the web to acegi so that the validty can be
checked against the database?

is it hte  saltSource parameter of authenticationManager?

where can i get the sources of the Contacts application?

thanx in advance and regards
  marco


On 5/20/05, Ben Alex [EMAIL PROTECTED] wrote:
 Marco Mistroni wrote:
 
 hello all,
  i am trying to run acegi contacts sample with MySQL, and i am getting
 errors during initialization due to dataSourcePopulator.
 Looks like MySQL 4.1 does not accept the syntax used by populator..
 i don't have source files for contacts, so best i can do is to disable
 dataSourcePopulator and create tables myself..
 anyone has sample sql of tables that need to be created?
 
 thanx and regards
  marco
 
 
 
 Hi Marco
 
 Try:
 
 http://forum.springframework.org/viewtopic.php?t=1346
 http://forum.springframework.org/viewtopic.php?t=3750
 http://forum.springframework.org/viewtopic.php?t=1061
 http://forum.springframework.org/viewtopic.php?t=4665
 
 Cheers
 Ben
 
 
 ---
 This SF.Net email is sponsored by Oracle Space Sweepstakes
 Want to be the first software developer in space?
 Enter now for the Oracle Space Sweepstakes!
 http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
 ___
 Home: http://acegisecurity.sourceforge.net
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12alloc_id344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Acegi J2ME client

[Ben Alex]

Marco Mistroni wrote:


is there a  link between acegi and HttpSession?
 


Hi Marco

Yes, there is.

Internally Acegi Security uses a ContextHolder (SecurityContextHolder 
from 0.9.0 and current CVS) for all of its interactions. It's just a 
ThreadLocal. So the various authentication mechanisms (BASIC, Digest, 
CAS, form etc) put an Authentication object into the ContextHolder, and 
Acegi Security retrieves it from there whenever required.


HttpSessionContextIntegrationFilter is responsible for copying the 
contents between the ContextHolder and the HttpSession at the start and 
end of each web request. As such, if your J2ME system is able to 
maintain the standard jsessionid or cookie-based session identifier, you 
shouldn't have any problems.


HTH
Ben


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] acegi Mysql

[Ben Alex]

Marco Mistroni wrote:


Hello Ben,
 thanx, following those links i was able to see the 'power' of
acegi!! it's simply great!
i have one question though..
in one of sampe sql files, password were encrypted... and i was
wondering how to deal with encryption in acegi
1 - which encryption mechanism is used?
2 - if i want to add a new user, how do i encrypt its password?
3 - how and when (and which parameter is used) for encrypting the
passsword provided via the web to acegi so that the validty can be
checked against the database?

is it hte  saltSource parameter of authenticationManager?

 

Acegi Security doesn't have any encryption libraries. Encryption is two 
directional, as in you can take unencrypted input, encrypt it, then 
decrypt it back to the original. Acegi Security uses one-way hash 
algorithms such as MD5 and SHA1, which take unencrypted input and 
generate a hash code. A hash code cannot be used to regenerate the 
original unencrypted input. The DaoAuthenticationProvider offers a 
PasswordEncoder property that handles all of this. It's discussed 
further at 
http://acegisecurity.sourceforge.net/docbook/acegi.html#security-authentication-provider-dao 
and in the JavaDocs.



where can i get the sources of the Contacts application?
 


CVS. Take a look at http://acegisecurity.sourceforge.net/cvs-usage.html.

Best regards
Ben


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] LDAP instead of DBMS

[mannobug]

hello all,
i kindly wanted to submit you a question. I have to decide if my application 
has to make the authentication using the classical method, via jdbc to DBMS, 
or, I would be more directed toward the use of an external component, a LDAP 
server. Someone of you has used this type of solution, maybe using the 
implementation of LdapPasswordAuthenticationDao? I think that this solution 
it's more safety and versatile in an university contest. I thought that 
office (secretary of department, for example) can use LDAP more easily than a 
DBMS; for example using the info of users to send mail or something else 
regard office operation, they just open their mail client (e.g.) and connect 
to LDAP server. 
Do you think it can be a good idea?
thanks everybody.
Kind regards

P.S.: i have realized to have been wrong to write your name, Ben, sorry for my 
mistake :-)

-- 
-
Unless unavoidable, no Word, Excel or PowerPoint
attachments, please.
See
http://www.fsf.org/philosophy/no-word-attachments.html
-


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer