[Acegisecurity-developer] ROLE of ACLS in ACEGI SPRING
Query: I understand the ACL is Access control list. But I don't understand is this 1. Can I put the URLS in the ACL? and if yes how ? 2. Can I put the Classes in the ACL? and if yes how? 3. I want to take the database model. 4. How come I can propogate the different time of exception for the different resources? 5. If somebody can point me to the good resource for understaning of ACLS , then It would be great. ~Rajneesh - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security
Carlos, exclusions are for things you DON'T want. If you exclude a dependency, that one and all its children will be excluded, so you don't need to go one by one if you want a different version you have to explicitly add that as a dependency and maven will use YOUR version instead of the one that acegi uses That it not what is happening. If I specify two separate dependencies for Spring-2.0.2, and Acegi-Security-1.0.3, I get BOTH Spring 2.0.2 AND Spring 1.2.8, as well as all of the 1.2.8 submodules. Why should resin be optional in acegi-security-resin? if you want the resin extension you absolutely need the resin classes I'm choosing the resin module specifically because my container is Resin (2.1.17, not 3.0.9). This is like making the argument that Spring or Acegi should be dependent (and require) Java 1.4.2_09, and as a result, forcing a download of that JVM. Sure, it requires Java, but (hopefully) it doesn't require a specific version (even though it is compatible with _02 or 1.5). And, since it is an implied requirement/dependency that is met by the parent/container, it (maven and POM author) should trust that those dependencies will be there when the time is right. Maybe optional isn't the right flag, but certainly, it shouldn't be downloading a new Resin for me. You need to depend in whatever spring-*-2.0.2 jar you need. And here lies the real issue... I don't need any other spring- submodules, except spring-mock. I don't need them for Resin, not for Acegi, and not for Spring... So why am I getting them? And I don't need Spring-1.2.8, or any of its submodules for Acegi or anything else (the project compiles and runs fine without them), so why am I getting them? It's not a big deal, and if this is the way it is, I'll go back to our old build-system, and just use Maven2 for specific packages that work the way I expect. Perhaps this is better left to the Maven folks. Kyle - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Runtime configuration of the
Is there any mechanism of providing the support of changing the URL patterns(Secured resouce) on the Runtime. Why do we require? Our security application is independent of the applications. What we want is that when ever we add a new application we should be able to add the New URL in the secuirity applicaiton and we don't want to redeploy as it introduces down time. ~Rajneesh Bhandari - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security
Kyle, Tell me if I'm wrong but I suspect you tried Acegi versions prior 1.0.3 - right? If this is the case, I recommend you clean your Maven local repository (delete the .m2/repository directory) - then retry your build. Something tells me the problem will be gone :) Then tell us the result. If it work, I'll try to explain the reason. In short, this is due to the way Maven resolves transitive dependencies and the quality of the information it obtains from the repository... /bertrand -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Mallory Sent: vendredi 16 février 2007 19:38 To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security Carlos, exclusions are for things you DON'T want. If you exclude a dependency, that one and all its children will be excluded, so you don't need to go one by one if you want a different version you have to explicitly add that as a dependency and maven will use YOUR version instead of the one that acegi uses That it not what is happening. If I specify two separate dependencies for Spring-2.0.2, and Acegi-Security-1.0.3, I get BOTH Spring 2.0.2 AND Spring 1.2.8, as well as all of the 1.2.8 submodules. Why should resin be optional in acegi-security-resin? if you want the resin extension you absolutely need the resin classes I'm choosing the resin module specifically because my container is Resin (2.1.17, not 3.0.9). This is like making the argument that Spring or Acegi should be dependent (and require) Java 1.4.2_09, and as a result, forcing a download of that JVM. Sure, it requires Java, but (hopefully) it doesn't require a specific version (even though it is compatible with _02 or 1.5). And, since it is an implied requirement/dependency that is met by the parent/container, it (maven and POM author) should trust that those dependencies will be there when the time is right. Maybe optional isn't the right flag, but certainly, it shouldn't be downloading a new Resin for me. You need to depend in whatever spring-*-2.0.2 jar you need. And here lies the real issue... I don't need any other spring- submodules, except spring-mock. I don't need them for Resin, not for Acegi, and not for Spring... So why am I getting them? And I don't need Spring-1.2.8, or any of its submodules for Acegi or anything else (the project compiles and runs fine without them), so why am I getting them? It's not a big deal, and if this is the way it is, I'll go back to our old build-system, and just use Maven2 for specific packages that work the way I expect. Perhaps this is better left to the Maven folks. Kyle - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security
I'm willing to bet this problem is caused by using the full Spring
dependency rather than fine-grained Spring dependencies. I use the
full Spring dependency and have experienced this issue as well. It's
too bad there's not a way in Maven to say this JAR overrides all
others.
Here's what I've been doing:
dependency
groupIdorg.acegisecurity/groupId
artifactIdacegi-security-tiger/artifactId
version${acegi.version}/version
exclusions
exclusion
groupIdorg.springframework/groupId
artifactIdspring-aop/artifactId
/exclusion
exclusion
groupIdorg.springframework/groupId
artifactIdspring-dao/artifactId
/exclusion
exclusion
groupIdorg.springframework/groupId
artifactIdspring-jdbc/artifactId
/exclusion
exclusion
groupIdorg.springframework/groupId
artifactIdspring-remoting/artifactId
/exclusion
exclusion
groupIdorg.springframework/groupId
artifactIdspring-support/artifactId
/exclusion
/exclusions
/dependency
dependency
groupIdorg.springframework/groupId
artifactIdspring/artifactId
version${spring.version}/version
!-- commons-logging 1.1. has invalid dependencies --
exclusions
exclusion
groupIdavalon-framework/groupId
artifactIdavalon-framework/artifactId
/exclusion
exclusion
groupIdlog4j/groupId
artifactIdlog4j/artifactId
/exclusion
exclusion
groupIdlogkit/groupId
artifactIdlogkit/artifactId
/exclusion
exclusion
groupIdjavax.servlet/groupId
artifactIdservlet-api/artifactId
/exclusion
exclusion
groupIdjunit/groupId
artifactIdjunit/artifactId
/exclusion
/exclusions
/dependency
This isn't the Maven way as they recommend using Spring's
fine-grained dependencies. However, I've found that the fine-grained
dependencies refer to artifacts that aren't in the Maven repos - so
the this way seems more pragmatic to me. ;-)
Hope this helps,
Matt
On 2/16/07, Bertrand Renuart [EMAIL PROTECTED] wrote:
On 2/16/07, Kyle Mallory [EMAIL PROTECTED] wrote:
Carlos,
exclusions are for things you DON'T want. If you exclude a dependency,
that one and all its children will be excluded, so you don't need to
go one by one
if you want a different version you have to explicitly add that as a
dependency and maven will use YOUR version instead of the one that
acegi uses
That it not what is happening. If I specify two separate dependencies
for Spring-2.0.2, and Acegi-Security-1.0.3, I get BOTH Spring 2.0.2 AND
Spring 1.2.8, as well as all of the 1.2.8 submodules.
sorry, but i have to say here that you are wrong. That doesn't happen
as you say, if you post the output of mvn -X compile i'll point you
what you're doing wrong
Before saying Kyle is wrong you probably had better to test it...
Give a try the following POM:
project
modelVersion4.0.0/modelVersion
groupIdtest/groupId
artifactIdtest/artifactId
packagingwar/packaging
version1.0-SNAPSHOT/version
dependencies
dependency
groupIdorg.springframework/groupId
artifactIdspring-webmvc/artifactId
version2.0.2/version
/dependency
dependency
groupIdorg.acegisecurity/groupId
artifactIdacegi-security/artifactId
version1.0.3/version
/dependency
/dependencies
/project
Just do a 'mvn package' - of course Maven will complain because the WAR
structure is incorrect but you will get the resolved libraries in the
target/test-1.0-SNAPSHOT/WEB-INF/lib. Have a look and you will notice some
1.2.8 Spring libraries are included.
The reason is quite straightforward if you know how Maven resolves
transitive dependencies... and if you look at the Acegi parent pom.
/Bertrand
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security
First, i'm very familiar with how acegi m2 build works, and I do know how Maven resolves transitive dependencies. In both cases i can say that I wrote it, literally ;) if you do take a look to the library folder you will see that there are no jars in both 1.2.8 and 2.0.2, they are all different. You are forcing 2.0.2 only in spring-webmvc, thus spring dao, jdbc and remote are not forced to 2.0.2 because they are not part of webmvc dependencies I'd suggest everybody trying to play seriously with maven to take a look at Better builds with Maven, edite by Mergere and downloadable for free from http://www.mergere.com/m2book_download.jsp Take a look to the output of -X an you'll probably understand better [DEBUG] test:test:war:1.0-SNAPSHOT (selected for null) [DEBUG] org.springframework:spring-webmvc:jar:2.0.2:compile (selected for compile) [DEBUG] commons-logging:commons-logging:jar:1.1:compile (selected for compile) [DEBUG] log4j:log4j:jar:1.2.12:compile (selected for compile) [DEBUG] logkit:logkit:jar:1.0.1:compile (selected for compile) [DEBUG] avalon-framework:avalon-framework:jar:4.1.3:compile (selected for compile) [DEBUG] javax.servlet:servlet-api:jar:2.3:compile (selected for compile) [DEBUG] org.springframework:spring-beans:jar:2.0.2:compile (selected for compile) [DEBUG] org.springframework:spring-core:jar:2.0.2:compile (selected for compile) [DEBUG] org.springframework:spring-context:jar:2.0.2:compile (selected for compile) [DEBUG] aopalliance:aopalliance:jar:1.0:compile (selected for compile) [DEBUG] org.springframework:spring-core:jar:2.0.2:compile (selected for compile) [DEBUG] org.springframework:spring-support:jar:2.0.2:compile (selected for compile) [DEBUG] org.springframework:spring-web:jar:2.0.2:compile (selected for compile) [DEBUG] org.acegisecurity:acegi-security:jar:1.0.3:compile (selected for compile) [DEBUG] org.springframework:spring-remoting:jar:1.2.8:compile (selected for compile) [DEBUG] org.springframework:spring-dao:jar:1.2.8:compile (selected for compile) [DEBUG] org.springframework:spring-context:jar:1.2.8:compile (removed - nearer found: 2.0.2) [DEBUG] org.springframework:spring-webmvc:jar:1.2.8:compile (removed - nearer found: 2.0.2) [DEBUG] org.springframework:spring-jdbc:jar:1.2.8:compile (selected for compile) [DEBUG] org.springframework:spring-beans:jar:1.2.8:compile (removed - nearer found: 2.0.2) [DEBUG] org.springframework:spring-support:jar:1.2.8:runtime (removed - nearer found: 2.0.2) [DEBUG] commons-lang:commons-lang:jar:2.1:compile (selected for compile) [DEBUG] commons-logging:commons-logging:jar:1.0.4:compile (removed - nearer found: 1.1) [DEBUG] commons-codec:commons-codec:jar:1.3:compile (selected for compile) [DEBUG] oro:oro:jar:2.0.8:compile (selected for compile) [DEBUG] commons-collections:commons-collections:jar:3.1:compile (selected for compile) [DEBUG] log4j:log4j:jar:1.2.9:runtime (setting scope to: compile) On 2/16/07, Bertrand Renuart [EMAIL PROTECTED] wrote: Before saying Kyle is wrong you probably had better to test it... Give a try the following POM: project modelVersion4.0.0/modelVersion groupIdtest/groupId artifactIdtest/artifactId packagingwar/packaging version1.0-SNAPSHOT/version dependencies dependency groupIdorg.springframework/groupId artifactIdspring-webmvc/artifactId version2.0.2/version /dependency dependency groupIdorg.acegisecurity/groupId artifactIdacegi-security/artifactId version1.0.3/version /dependency /dependencies /project Just do a 'mvn package' - of course Maven will complain because the WAR structure is incorrect but you will get the resolved libraries in the target/test-1.0-SNAPSHOT/WEB-INF/lib. Have a look and you will notice some 1.2.8 Spring libraries are included. The reason is quite straightforward if you know how Maven resolves transitive dependencies... and if you look at the Acegi parent pom. /Bertrand -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security
On 2/16/07, Matt Raible [EMAIL PROTECTED] wrote: I'm willing to bet this problem is caused by using the full Spring dependency rather than fine-grained Spring dependencies. I use the full Spring dependency and have experienced this issue as well. It's too bad there's not a way in Maven to say this JAR overrides all others. not yet, but it'll be in this case that's not the problem as i said in my previous answer. This isn't the Maven way as they recommend using Spring's fine-grained dependencies. However, I've found that the fine-grained dependencies refer to artifacts that aren't in the Maven repos - so the this way seems more pragmatic to me. ;-) i don't know what artifacts are missing, if you point it out you know that that things get fixed. if people keep using the coarse grained dependencies we'll keep getting this user questions all the time. Hope this helps, Matt - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
