Re: [Acegisecurity-developer] AuthenticationSimpleHttpInvokerRequestExecutor should validate response codes?
Camilo Arango wrote: > Not always. I seems that only exceptions thrown by the called object > are propagated by the client. In my case, the exception is thrown by a > filter, and therefore the call to the Spring remoting proxy never > occurs and I get and ugly 500 response code at the client. > > What would be the best thing to do in that case? Depends where ExceptionTranslationFilter appears in your chain. Which filter is throwing the exception, and where is ETF in your chain? Cheers Ben - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MethodDefinitionMap and inherited methods
Luc Boudreau wrote: > I'd like to propose a patch to the MethodDefinitionMap. With the actual > source code, you can't secure inherited methods. This patch will fix the > problem. It's really simple and straightforward. > > I needed it see the inherited methods so I could secure my generic service > layer interfaces. > > Could the patch be applied fast, if possible ? There are complications in doing this. Please see: http://opensource.atlassian.com/projects/spring/browse/SEC-99 Cheers Ben - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] using acl_permission and acl_object_identity for complex cases
[EMAIL PROTECTED] wrote: > The problem here is that the unique key on the ACL_PERMISSION table is > [Object (the ACL_OBJECT_IDENTITY reference column), Recipient]. It > wouldn't seem from the suggested schema for this table that you can > support different collections for the same Recipient based on the Mask. > > > Is this the case? Is it safe to extend the unique key to include Mask? > Would collection filtering even work if I did? You just need to use an integer which represents both the "read" and "write" bits being high. You shouldn't need two separate rows. This is whole idea of bit masking in the ACL system - to represent multiple permissions being switched on or off via a single integer. BTW I'd recommend you consider using the new ACL package in 1.0.3. It has a CumulativePermission class which may help. Cheers Ben - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] How can the objectDefintionSource be updated dynamically?
[EMAIL PROTECTED] wrote: > I would like to add new resources (web-pages) to the > objectDefinitionSource dynamically. > I don't want to stop the application, change the applicationContext.xml > and then start the application again. > > What is the best way to achieve this? Just write a database-backed FilterInvocationObjectDefinitionSource implementation. I know others have done this. Simply dependency inject your custom implementation into the FilterSecurityInterceptor. Cheers Ben - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
