Re: [Acegisecurity-developer] contacts example with basic authentication only ?
You know, I think that responsibility may have been moved to the exceptionTranslationFilter. That's probably not very clear... Look at what entryPoints you have and look how they're being used. On Nov 8, 2007 5:42 AM, [EMAIL PROTECTED] wrote: I looked inside the acegi-security-sample-contacts-filter.war that came with acegi 1.0.4 the filter chain in applicationContext-acegi-security.xml is defined as follows: bean id=filterChainProxy class=org.acegisecurity.util.FilterChainProxy property name=filterInvocationDefinitionSource value CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter /value /property /bean The javadoc of BasicProcessingFilterEntryPoint also talks about SecurityEnforcementFilter. But I can not find an class/interface or bean name with that name ? Are we talking about the same acegi version ? Regards, - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
I needed to change the authenticationEntryPoint property of the ExceptionTranslationFilter bean in order to make it work. Thanks a lot Ray !- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
I looked inside the acegi-security-sample-contacts-filter.war that came with acegi 1.0.4 the filter chain in applicationContext-acegi-security.xml is defined as follows: bean id=filterChainProxy class=org.acegisecurity.util.FilterChainProxy property name=filterInvocationDefinitionSource value CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter /value /property /bean The javadoc of BasicProcessingFilterEntryPoint also talks about SecurityEnforcementFilter. But I can not find an class/interface or bean name with that name ? Are we talking about the same acegi version ? Regards,- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] contacts example with basic authentication only ?
Hi acegi users, maybe someone of you knows the trick What do I have to change in the contacts sample application in order to enforce basic authentication only ? if I remove the authenticationProcessingFilter from the filter chain and keep basicProcessingFilter only it does not have the expected effect. I would expect the browser to bring up a pop-up and ask me for username/password, but i'm still being redirected to the login page. What am I doing wrong ? Regards, Dirk - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
No problem, glad I could help. That's the trick to remember with Acegi that I think people misunderstand. The filters that actually handle credentials, like the BasicProcessingFilter, AuthenticationProcessingFilter, DigestProcessingFilter only do anything when the credentials are presented. An entry point is used at the end of the filter chain as the final gate keeper. Each filter has it's own entry point wired in though, those are used when you screw up the credentials presented to one of the filters. So if you present bad credentials to the BasicProcessingFilter, it will send your request to it's entry point. In your case, that's the same entry point used by the ExceptionTranslationFilter. I really don't like that the final enforcement is done by something named ExceptionTranslationFilter. That's very unclear. There used to be a SecurityEnforcementFilter back there who's name made it's responsibility clear. The ExceptionTranslationFilter was added, as it's name implies, to handle translating the exception messages using ResourceBundles and such. Unfortunately it was put in as a replacement for the ExceptionTranslationFilter which sort of blurred the line. I should have complained about this like a year ago when it was implemented but I wasn't paying attention :P On Nov 8, 2007 6:31 AM, [EMAIL PROTECTED] wrote: I needed to change the authenticationEntryPoint property of the ExceptionTranslationFilter bean in order to make it work. Thanks a lot Ray ! - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] J2EE pre-authenticated authentication provider
Hello, In our company the IT security policy is to place all applications behind IBM WebSeal. The applications themselves need to be based on J2EE security as provided by IBM WebSphere. The use of Acegi Security is somewhat limited in such an environment, as authentication and parts of authorization are already taken care of. However, we would still like to re-use Acegi functionality for things like more flexible web resource authorizations, Spring bean authorizations, ACL support and Acegi JSP tags. Therefore we would like to make the J2EE user name and roles available through Acegi Authentication and GrantedAuthority objects. I've implemented a generic pre-authenticated Acegi authentication provider (and corresponding servlet filters and such), together with J2EE-specific extensions. The generic provider can also be used for other purposes, for example the already available X509 provider could be easily rewritten as an extension to the pre-authenticated authentication provider. Any chance that this functionality will be added to the next version of Acegi (by myself if given access to the Acegi source repository, or by somebody else)? Any comments on the code as it is now? I've created a JIRA issue for this with source code attached: http://opensource.atlassian.com/projects/spring/browse/SEC-576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel With kind regards, Ruud Senden. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Anthony W Ryan is out of the office.
I will be out of the office starting Thu 08/11/2007 and will not return until Mon 12/11/2007. I will respond to your message when I return. If your query is urgent please contact Philip Callanan at [EMAIL PROTECTED] Thank you, Anthony Ryan ** This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. This email has been scanned by an external email security system. Allied Irish Banks AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator. Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173 ** - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] how to get online users list from acegi ????
hi all, yes scott, i want get a list of users currently on my system i saw the code, i wrote something like it, but i thought that acegi has some feature for this thank you. On Nov 8, 2007 2:00 AM, Scott McCrory [EMAIL PROTECTED] wrote: Or does he mean to get a list of users currently on his system (i.e. with active HTTP Sessions)? If so, Matt Raible wrote a very nice UserCounterListener that did the trick nicely for me: http://raibledesigns.com/downloads/appfuse/api/org/appfuse/webapp/listener/UserCounterListener.java.html Scott Ray Krueger wrote: The user forum is at http://forum.springframework.org/forumdisplay.php?f=33 Is that what you mean? On 11/7/07, Mohammad Shamsi [EMAIL PROTECTED] wrote: hi all, i used acegi in my spring based Java EE web application. i want to access online users list, anyone know how ? please help me... Edit/Delete Message -- sincerely yours M. H. Shamsi - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- sincerely yours M. H. Shamsi - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] how to get online users list from acegi ???? (Ray Krueger)
String users [] = (String[])SessionRegistry.getAllPrincipals(); List online; for(int i=0;iusers.length;i++) if(getAllSessions(users[i], Boolean.FALSE)!=null) online.add(users[i]); this is how I get online users - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer