[Acegisecurity-developer] Re: Is it possible to secure CGI scripts?

[Gunnar.Bostrom]

Hi Ray,
Can you give me an example (piece of code) how to actually add parameters to 
the servlet request? I can't see how it could be done.

Regards
Gunnar

Ray Krueger Wrote:
> You can write your own servlet filter that picks up the CGIServlet
>requests and adds whatever parameters you need to the request. Just
>make sure it's chained after the Acegi security filters.



  




---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Subversion? (Change completed)

[Carlos Sanchez]

Looks right, only that
https://svn.sourceforge.net/svnroot/acegisecurity/trunk/CVSROOT should
be deleted

On 4/24/06, Ben Alex <[EMAIL PROTECTED]> wrote:
> Ben Alex wrote:
> > Last weekend SF had some CVS issues, so I didn't make the switch as
> > intended.
> >
> > I'm now going to hold-off doing this until early May, because I'm
> > largely on the road until then and don't want to change things and be
> > unavailable if anything goes wrong. Just wanted to let everyone know
> > what's happening with the change.
>
> I have now completed the migration from CVS to SVN. This includes:
>
> - CVS is no longer visible on the SF project page
> - SVN is now visible on the SF project page
> - All developers have had their CVS permissions revoked (in case they
> don't see this email)
> - All developers now have SVN permissions granted
> - The Maven POMs have been modified accordingly
> - SVN commit messages are now emailed to acegisecurity-cvs, just as CVS
> used to
> - The daily script now builds checkouts from SVN only (see
> http://acegisecurity.sourceforge.net/nightly)
>
> As an aside, I had to complete the migration manually (use a SF CVS
> tarball, run cvs2svn on a local Linux box, SSH the resulting dump file,
> then import). The SF process didn't work, and cvs2svn failed locally
> with keyword failure errors. If anyone else has similar difficulties,
> the "--use-cvs" option on cvs2svn sorted it out.
>
> Would one of our resident Maven experts (Luke, Carlos?) please check
> that the checkout instructions in /docs/xdocs/cvs-usage.html are
> correct, as are the various POM files.
>
> Cheers
> Ben
>
>
> ---
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> ___
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>


--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
 -- The Princess Bride


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Roadmap for 1.0.0 final

[Ben Alex]

Hi everyone

Last night I went through all open JIRA tasks. Most are now assigned to 
a target release and a specific developer. I would like to release 1.0.0 
final in around two weeks, and I have set aside some days to work 
exclusively on Acegi Security in this period.


Would developers therefore please take a look at their assigned tasks 
and comment on their present status within the next couple of days. If 
you do not believe you will have time to resolve assigned tasks over the 
next fortnight, please reassign them back to me so that I can either 
action it or defer it until a future release.


Thanks in advance.

BTW, I'll ensure 1.0.0 final includes some extra samples, tutorials, and 
revised reference documentation to help new users. We need to improve 
the quality of support resources for new users, such that forum time can 
be diminished in favor of more development time.


Cheers
Ben


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Subversion? (Change completed)

[Ben Alex]

Ben Alex wrote:
Last weekend SF had some CVS issues, so I didn't make the switch as 
intended.


I'm now going to hold-off doing this until early May, because I'm 
largely on the road until then and don't want to change things and be 
unavailable if anything goes wrong. Just wanted to let everyone know 
what's happening with the change.


I have now completed the migration from CVS to SVN. This includes:

- CVS is no longer visible on the SF project page
- SVN is now visible on the SF project page
- All developers have had their CVS permissions revoked (in case they 
don't see this email)

- All developers now have SVN permissions granted
- The Maven POMs have been modified accordingly
- SVN commit messages are now emailed to acegisecurity-cvs, just as CVS 
used to
- The daily script now builds checkouts from SVN only (see 
http://acegisecurity.sourceforge.net/nightly)


As an aside, I had to complete the migration manually (use a SF CVS 
tarball, run cvs2svn on a local Linux box, SSH the resulting dump file, 
then import). The SF process didn't work, and cvs2svn failed locally 
with keyword failure errors. If anyone else has similar difficulties, 
the "--use-cvs" option on cvs2svn sorted it out.


Would one of our resident Maven experts (Luke, Carlos?) please check 
that the checkout instructions in /docs/xdocs/cvs-usage.html are 
correct, as are the various POM files.


Cheers
Ben


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Returning from a haitus - build problems

[scott]

Hi All,
After returing from a several month haitus from Acegi, I'm ready to
make some Siteminder filter improvements.  I updated from CVS (in Eclipse
3.1.1) and tried to run the following from DOS:

cd C:\java\eclipse\workspace\acegisecurity/core
maven clean
maven jar:install

Several new jars were downloaded, Acegi was compiled successfully and the
unit tests were executed, but failed with:

java.lang.OutOfMemoryError: PermGen space
java.lang.reflect.InvocationTargetException
Exception in thread "main" java.lang.OutOfMemoryError: PermGen space
Exception in thread "ApacheDS Shutdown Hook (default)"
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration
Exception in thread "ApacheDS Shutdown Hook (default)"
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration
Exception in thread "ApacheDS Shutdown Hook (default)" Exception in thread
"ApacheDS Shutdown Hook (default)" Exception in thread "ApacheDS Shutdown
Hook (default)" Exception in thread "ApacheDS Shutdown Hook (default)"
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration
Exception in thread "ApacheDS Shutdown Hook (default)"
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration
java.lang.NoClassDefFoundError: jdbm/helper/MRUEnumeration

Furthermore, Eclipse tells me that it can't find ldapsdk-4.1.jar and
spring-hibernate3-2.0-m2.jar.

Are there some jars missing in the Maven 1.x project file?

Thanks,
Scott



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Re: Is it possible to secure CGI scripts?

[Ray Krueger]

You can write your own servlet filter that picks up the CGIServlet
requests and adds whatever parameters you need to the request. Just
make sure it's chained after the Acegi security filters.



On 4/24/06, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> I use Tomcat 5.5 to run my Perl scripts as CGI programs with the help of the 
> CGIServlet (org.apache.catalina.servlets.CGIServlet) that comes with Tomcat.
>
> For testing I run Tomcat 5.5 on Windows XP with ActivePerl as interpretator.
>
> I've found out that Tomcat/Acegi creates a cookie with a JSESSIONID that I 
> can read in my Perl script. So I could create a table in a database with the 
> id as a key and then one or more columns with the data that I need to send to 
> the Perl scripts.
>
> I find this a bit awkward, but doable. I expected to be able to modify the 
> servlet request in some way (add a header or a parameter) but I can only do 
> that on the servlet response (after it has passed the Perl script) and not on 
> the request.
>
> Ben Alex wrote:
> >[EMAIL PROTECTED] wrote:
> >> I've managed to authorize my perl scripts now as expected.
> >> Now I need to send some data from my java filters i.e. roles possessed by 
> >> >the user to the CGI perl script but I don't know how to do this.
> >>
> >> Any suggestion?
> >>
> >What exact approach are you using to run your Perl scripts?
> >
> >Cheers
> >Ben
>
> Regards
> Gunnar
>
>
>
>
>
>
>
> ---
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmdlnk&kid0709&bid&3057&dat1642
> ___
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Re: Is it possible to secure CGI scripts?

[Gunnar.Bostrom]

I use Tomcat 5.5 to run my Perl scripts as CGI programs with the help of the 
CGIServlet (org.apache.catalina.servlets.CGIServlet) that comes with Tomcat.

For testing I run Tomcat 5.5 on Windows XP with ActivePerl as interpretator.

I've found out that Tomcat/Acegi creates a cookie with a JSESSIONID that I can 
read in my Perl script. So I could create a table in a database with the id as 
a key and then one or more columns with the data that I need to send to the 
Perl scripts.

I find this a bit awkward, but doable. I expected to be able to modify the 
servlet request in some way (add a header or a parameter) but I can only do 
that on the servlet response (after it has passed the Perl script) and not on 
the request.  

Ben Alex wrote: 
>[EMAIL PROTECTED] wrote:
>> I've managed to authorize my perl scripts now as expected.
>> Now I need to send some data from my java filters i.e. roles possessed by 
>> >the user to the CGI perl script but I don't know how to do this.
>>
>> Any suggestion?
>>   
>What exact approach are you using to run your Perl scripts?
>
>Cheers
>Ben

Regards 
Gunnar


  




---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Re: CAS configuration

[Scott Battaglia]

Sorry for the delayed response on this.  I'm actually looking at 
revisiting not only the Acegi CAS clients, but also the CAS clients in 
general.


I've posted some initial work on re-working the underlying CAS clients 
(and updating the Acegi code to reflect the new CAS code).


That code can be found here:
http://developer.ja-sig.org/source/viewrep/jasig/cas-clients/java-client

I'm going to look at the three solutions and see how they fit into what 
I was thinking :-)


I'm still trying to figure out the best way to incorporate the "gateway" 
feature of CAS into the Acegi CAS client (unless no one really uses 
gateway).


-Scott

Scott Battaglia
Application Developer, Architecture & Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] 




Ben Alex wrote:

Marc-Antoine Garrigue wrote:

I see 3 solutions :
  
I will refer this one to Scott, as he maintains the CAS integration 
these days. Scott, your thoughts?


Cheers
Ben


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job 
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache 
Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer