[Acegisecurity-developer] Concurrent session check and username primary key issue
I'm absolutely impressed with the architecture of Acegi Security, how clean Acegi classes link up to each other, but I encountered an issue when trying to use ConcurrentSessionControllerImpl. I stepped through the code, and I realised that it does not work when UserDetails.getUsername() is overridden with user's primary key after successful login. Simply because the session check is performed before the actual authentication takes place using the login username e.g. 'user1', while the registration of new session takes place after successful authentication using the already overriden .getUsername() with the user's primary key, e.g. '101'. So the ConcurrentLogin exception is never thrown in such case. Just wondering if there's a known workaround? Or Should I just avoid using the user primary key as the username? Thx. Herry
Re: [Acegisecurity-developer] AclVoter expecting SimpleAclEntry
Tim Kettering wrote: I think could either add the methods to BasicAclEntry, or make another interface to back the added functions that AbstractBasicAclEntry brings to the table and update AclVoter accordingly. Hi Tim I applied your patch for SEC-51 to move the isPermitted() method to the BasicAclEntry interface, and BasicAclEntryVoter now casts to BasicAclEntry (instead of SimpleAclEntry). Does this resolve this issue for you? Cheers Ben --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] AclVoter expecting SimpleAclEntry
I ran into a interesting problem when setting up AclVoters for our project.
We are using our own custom AclEntry that subclasses AbstractBasicAclEntry.
So when I tried to set up a class that uses AclVoter, I got a
ClassCastException at this particular section:
for(int i = 0; i < entries.length; i++) {
SimpleAclEntry sae = (SimpleAclEntry)entries[i];
for(int j = 0; j < requirePermission.length; j++) {
if(sae.isPermitted(requirePermission[j])) {
result = ACCESS_GRANTED;
}
}
}
So, from this, it seems that we are casting to SimpleAclEntry because we
need to access the method .isPermitted(). But this method is defined in
AbstractBasicAclEntry. However because it is abstract, we cannot cast to
that specifically...
So my subclass doesn't work, even though it has the method necessary to work
properly.
I think this can be improved... it just seems rather odd for BasicAclEntry
to not declare the method, but the abstract implementation does, and then
SimpleAclEntry makes use of it? This doesn't lend well to making AclVoter
very extensible.
I think could either add the methods to BasicAclEntry, or make another
interface to back the added functions that AbstractBasicAclEntry brings to
the table and update AclVoter accordingly.
Thanks!
-tim
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Preparing for 0.9.0
Hi everyone CVS now contains pretty much all the tasks scheduled for 0.9.0. The roadmap is at: http://opensource2.atlassian.com/projects/spring/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel I'd be grateful if people using CVS could checkout and provide feedback on the changes / stability of the code over the next couple of days so that we can release. Cheers Ben --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
