RE: [Acegisecurity-developer] ACL interfaces
Attached patch to http://opensource.atlassian.com/projects/spring/browse/SEC-32 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > March, Andres > Sent: Tuesday, July 05, 2005 10:05 AM > To: acegisecurity-developer@lists.sourceforge.net > Subject: RE: [Acegisecurity-developer] ACL interfaces > > Will do. > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf > Of > > Ben Alex > > Sent: Friday, July 01, 2005 6:24 PM > > To: acegisecurity-developer@lists.sourceforge.net > > Subject: Re: [Acegisecurity-developer] ACL interfaces > > > > March, Andres wrote: > > > > > Thanks to the acegi team, my ACL implementation is relatively > simple. > > > But I have been struggling a little finding the proper extension > > > points. The basic implementations are great but I have them hard to > > > extend. In particular, the BasicAclEntryAfterInvocationProvider > > > requires the use of the AbstractBasicAclEntry, so it can call > > > isPermitted(). I am wondering why this method cannot be part of an > > > interface (maybe BasicAclEntry). For various reasons, some of them > > > hibernate-related, I need to have my own implementation of > > > BasicAclEntry. Does this make sense? > > > > > > > > > > I can't see any problem with this at first glance, but would need to > > take a closer look. Could you please add it to JIRA? > > > > Thanks > > Ben > > > > > > --- > > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > > from IBM. Find simple to follow Roadmaps, straightforward articles, > > informative Webcasts and more! Get everything you need to get up to > > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > > ___ > > Home: http://acegisecurity.sourceforge.net > > Acegisecurity-developer mailing list > > Acegisecurity-developer@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > --- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=ick > ___ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] why require an ADM
I'm sure the overhead would barely register in an app of our size but it just feels wrong. Our authorities cannot be represented by a string that is why we don't have the ROLE_X concept. It is more of a PITA then anything else but it seems kind of illogical to have a NoOperationAccessDecisionManager. Still it maybe just a unique situation, so we'll deal with the extra config. Thanks for the tip. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Ben Alex > Sent: Friday, July 01, 2005 6:20 PM > To: acegisecurity-developer@lists.sourceforge.net > Subject: Re: [Acegisecurity-developer] why require an ADM > > March, Andres wrote: > > > When using an afterInvocationManager it may not always be necessary or > > possible to provide before invocation security, so why require an > > ADM? I just use one that is allows everyone and abstentions to pass > > but it seems like a bit of overhead when all I really care about is > > filtering the response data. Am I missing something? > > > You could always write (assuming you haven't already, as it sounds like > from your email) a NoOperationAccessDecisionManager which implements > AccessDecisionManager and just immediately returns from each method. > Most people check the user has a ROLE_USER or similar in the > AccessDecisionManager, to ensure the user is logged in before they > invoke the method. I can't see that invocation adding much overhead to > be honest - it's not being dynamically proxied or anything, it's just > calling a method that immediately returns. Do you have some profiling > that shows it's adding a lot of overhead to your app? If so we could > possibly make it a switchable parameter on the > AbstractSecurityInterceptor. > > Cheers > Ben > > > --- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > ___ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] ACL interfaces
Will do. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Ben Alex > Sent: Friday, July 01, 2005 6:24 PM > To: acegisecurity-developer@lists.sourceforge.net > Subject: Re: [Acegisecurity-developer] ACL interfaces > > March, Andres wrote: > > > Thanks to the acegi team, my ACL implementation is relatively simple. > > But I have been struggling a little finding the proper extension > > points. The basic implementations are great but I have them hard to > > extend. In particular, the BasicAclEntryAfterInvocationProvider > > requires the use of the AbstractBasicAclEntry, so it can call > > isPermitted(). I am wondering why this method cannot be part of an > > interface (maybe BasicAclEntry). For various reasons, some of them > > hibernate-related, I need to have my own implementation of > > BasicAclEntry. Does this make sense? > > > > > > I can't see any problem with this at first glance, but would need to > take a closer look. Could you please add it to JIRA? > > Thanks > Ben > > > --- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > ___ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] How about enable checking username in JdbcDaoImpl?
Parker Wong wrote: > If there is a property in JdbcDaoImpl can hold a regular expression, >JdbcDaoImpl would able to check the username before inserting it to the >sql template. > > > Hi Parker No, there is no property that does this. Whilst it would be easy to add, I'm not sure the regular expression processing would in aggregate save that much CPU time compared with the RDBMS simply returning no rows. Or was there some other scenario where the regular expression would help? Don't forget people can write their own AuthenticationDao that wraps JdbcDaoImpl and performs the regular expression check prior to delegation to the JdbcDaoImpl if such performance was required. Cheers Ben --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Adding User/permissions programmatically
Marco Mistroni wrote: Hello all, i am currently using Acegi for security purposes in my application. Currently, i have populated database tables via SQL, but i was curious if Acegi provides APIs for populating database programmatically.. i plan to use Hibernate to do that...i was curious to know if acegi has already its own API for doing that.. thanks in advance and regards marco Hi Marco No, there are no APIs for populating the DB tables with authentication or authorization data. The one exception is the ACL services do have a mutable DAO, JdbcExtendedDaoImpl: http://acegisecurity.sourceforge.net/multiproject/acegi-security/clover/net/sf/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImpl.html Cheers Ben --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Adding User/permissions programmatically
Hello all, i am currently using Acegi for security purposes in my application. Currently, i have populated database tables via SQL, but i was curious if Acegi provides APIs for populating database programmatically.. i plan to use Hibernate to do that...i was curious to know if acegi has already its own API for doing that.. thanks in advance and regards marco --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Captcha
marc antoine garrigue wrote: -I can commit my adapter code, under your license and copyright, as soon as you give me the access to your VSC. Hi Marc I've given you CVS access to the project. Welcome aboard. Cheers Ben --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Captcha
Hello, > Could you have a look at the code I attached to > http://opensource.atlassian.com/projects/spring/browse/SEC-2 a little > while > ago. I saw your code Georges, it is great, but it is very tied to JCaptcha and to the specific use case you implemented (captcha-ize the login page). > I really don't know too much about JCpatcha, other than the fact that I > have > it working with Acegi, but I'm wondering how "Spring friendly" it is - or > could be. For example, can it be configured by setting JavaBean > properties? JCaptcha is fully designed according to IOC principle. We do not use JavaBean properties injection but constructor injection (IOC type 3). > If so, it could be plugged into a Spring context file. This would > eliminate > the need to create a JCaptcha singleton, since Spring could manage its > 'singleton-ness". You are so right! As a consequence it is possible to use Spring to instanciate the service singleton and much more : using spring configuration file allows simple captcha test configuration.It is also possible to use the Spring JMX handler to register the JCaptcha MBeans (for statistics collection and monitoring) and we are working on a new CapthcaEngine that use the Spring/Quartz handler to schedule asynchronous captcha generation. Here is a sample spring config file for JCaptcha (contains reference to unpublished code): testBuffered 0.9 0.1 3000 1 500 1 captchas true true true feedPersistentBuffer false swapCaptchasFromPersistentToVolatileMemory false 0 0 * * * ? 0/5 * * * * ? > All of this is not directly related to an Acegi adapter > to > JCaptcha, since Acegi can be used in non-spring applications. However, I > expect that people who use Acegi would also be using Spring - so it would > be > nice if JCaptcha could be managed from a Spring context file. DWR took > that > approach with their AJAX framework (well, sort of) and I think it opens it > up to a whole new set of people. I agree. Best regards. MAG > > > > - Original Message - > From: "marc antoine garrigue" <[EMAIL PROTECTED]> > To: > Sent: Sunday, July 03, 2005 9:59 AM > Subject: RE: [Acegisecurity-developer] Captcha > > > > Hi guys, > > It took me some time to answer, because I had to talk with my project > team > > in order to make a decision, and I also wanted to let people here > comment > on > > this subject. > > > > We though the current discussion could be split