Re: [Acegisecurity-developer] Subversion?

2006-03-25 Thread Matthew E. Porter 

+1

On Mar 25, 2006, at 7:46 AM, Mark St.Godard wrote:


+1

On 3/25/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

No concerns here.
Scott


-Original Message-
From: Ben Alex [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 25, 2006 5:43 AM
To: acegisecurity-developer@lists.sourceforge.net
Subject: [Acegisecurity-developer] Subversion?

Hi everyone

SourceForge have recently modified their offering so we can
migrate to SVN (without losing revision history) - see
http://sourceforge.net/docman/display_doc.php?docid=31070&grou

p_id=1#import.


I have also been using SVN recently and had good results. The
Subclipse plugin at Update Manager URL
http://subclipse.tigris.org/update_1.0.x
works quite well.

Does anyone have any concerns with the project migrating from
CVS to SVN? If there aren't any objections, I'll make the
change in about a week.

Cheers
Ben




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting  
language
that extends applications into web and mobile media. Attend the  
live webcast
and join the prime developer group breaking into this new coding  
territory!
http://sel.as-us.falkag.net/sel? 
cmd=lnk&kid=110944&bid=241720&dat=121642

___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting  
language
that extends applications into web and mobile media. Attend the  
live webcast
and join the prime developer group breaking into this new coding  
territory!

http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] knowledge of valid username but incorrect password

2005-12-07 Thread Matthew E. Porter 
One small piece of advice - Set something up to prevent users from  
entering their username as passwords.


The sad fact is that the industry has billions of lines of code and  
the weakest element is Susie in HR who writes her password down on a  
Post-It note attached to her monitor.



Cheers,
  Matthew

On Dec 7, 2005, at 11:46 AM, Trent wrote:


Thanks Ray, I've looked into the code and this looks like the place to
start...I'm just a developer; orders take precedence over the evil- 
doers.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On  
Behalf Of

Ray Krueger
Sent: Wednesday, December 07, 2005 9:58 AM
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] knowledge of valid username but
incorrect password

You can set the hideUserNotFoundExceptions property on the
AuthenticationDaoProvider to false.

Keep in mind that you are giving hackers a hint by doing that though.
You are telling any potential evil-doers "Well, you guesed correctly
on a username, now just guess the password".

On 12/7/05, Trent <[EMAIL PROTECTED]> wrote:
Currently we have ACEGI authenticating a web app. However I need  
to change
some current behavior. Right now if a user enters a correct  
username but
incorrect password the error is the same as a user passing an  
incorrect
username. I need to find out how Acegi can notify the application  
that the
username is correct but the password isn't. Could someone point me  
in the

right direction on how to do this?

Trent


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through  
log

files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  
SPLUNK!

http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through  
log files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  
SPLUNK!

http://ads.osdn.com/?ad_idv37&alloc_id865&op=ick
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through  
log files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  
SPLUNK!

http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] CVS update fails

2005-12-06 Thread Matthew E. Porter 
Same here Brandon.  Not sure what SF.net is doing about it.  Ben  
mentioned that a ticket was filed with them.



Cheers,
  Matthew

On Dec 6, 2005, at 12:05 PM, Brandon Keepers wrote:


I've been trying to update my CVS checkout of acegi all morning and
keep getting the same error:

cvs update: failed to create lock directory for
`/cvsroot/acegisecurity/acegisecurity/core/src/main/java/org/ 
acegisecurity/userdetails'
(/cvsroot/acegisecurity/acegisecurity/core/src/main/java/org/ 
acegisecurity/userdetails/#cvs.lock):

Permission denied
cvs update: failed to obtain dir lock in repository
`/cvsroot/acegisecurity/acegisecurity/core/src/main/java/org/ 
acegisecurity/userdetails'

cvs [update aborted]: read lock failed - giving up

Brandon


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through  
log files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  
SPLUNK!

http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] pseudo roles?

2005-04-22 Thread Matthew E . Porter 
FWIW, we are handling something similar by using groups.  The tend to 
be easier for users to conceptualize.

Cheers,
  Matthew
On Apr 22, 2005, at 12:58 PM, [EMAIL PROTECTED] wrote:
I have a situation in which it would be convenient to be able to define
pseudo roles in my application. By this I mean a role that exists only 
in
the Acegi Security configuration and not in the back-end datastore. A
pseudo role would be defined based on existing real roles.

Say the following roles are explicitly defined in the datastore behind 
a
DAO provider:

  ROLE_A
  ROLE_B
  ROLE_C
  ROLE_D
  ROLE_E
I would like to be able to define a role within Acegi Security that
aggregates multiple roles into one. For example:
  ROLE_X=ROLE_A,ROLE_B,ROLE_C
  ROLE_Y=ROLE_D,ROLE_E
Where ROLE_X means any of the roles on the right hand side. In other 
words,
ROLE_X is equivalent to ROLE_A, ROLE_B or ROLE_C. In my application I 
only
care about whether the user has ROLE_X or ROLE_Y.

I understand that this can be accomplished a few different ways in 
Acegi
Security. I am looking for suggestions as to what might be the best
approach. Here are a couple possibilities I can think of.

  1. Implement an AuthenticationProvider that wraps other 
providers and
adds pseudo roles based on its configuration.
  2. Implement a custom RoleVoter that knows about role 
equivalence.

I lean toward the first option. Is there already something out there 
that
does what I need? Is there a better way than what I have suggested 
above?

Thanks,
Matt DeHoust
Dollar Tree Stores, Inc.
757.321.5668

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real 
users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Any thought given to donating FilterToBeanProxy ?

2005-01-29 Thread Matthew E . Porter 
I thought this was discussed before on the Spring-dev mailing list.  
Anybody remember what happened?

Cheers,
  Matthew
On Jan 29, 2005, at 2:53 PM, Scott Battaglia wrote:
+1
I'd like to see it as part of the Spring Framework.  Luckily so far 
whenever we've used filters for something we've also been using Acegi 
for security so we haven't run into any problems of needing it  and 
not using Acegi. :-)

Scott Battaglia
Application Developer, Architecture and Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED]

François Beausoleil wrote:
Hi !
Just wondering if any thought had been given to moving 
FilterToBeanProxy to the Spring Framework project ?  Seems like it 
would be a good idea, given that it's a general item, and other 
people would like it ?

Bye !
François

---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive 
Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] How to implement the following 2 cases in webapp?

2005-01-08 Thread Matthew E . Porter 
+1 for remember me functionality
+2 for anonymous user functionality
Cheers,
  Matthew
On Jan 8, 2005, at 5:34 PM, Ben Alex wrote:
YH Cheng wrote:
Anyway, I have a suggestion on this issue: I think the 'remember me'
feature is so application-dependent, that it shouldn't be included in
the acegi core. I think maybe we can develop a sub-project of acegi,
which is intended to give some sort of special features (like
'remember me'). E.g. the current acegi library would be acegi-core,
extensions would be acegi-ext, and app-features would be
acegi-reference. So that more higher application-level developers can
contribute to those subprojects without affecting the core. And more
usages/references would be out there.

Just wondering why you feel remember-me is application dependent? We 
can easily provide an implementation that automatically identifies the 
user from a cookie. People can elect not to use it, simply by not 
adding the relevant filter to web.xml.

In relation to the modularisation of the project, we already use Maven 
and subprojects extensively. As shown in CVS, there's no difficulty in 
adding more subprojects as the need arises.

Best regards
Ben

---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] ACL Assistance and Questions

2004-12-23 Thread Matthew E . Porter 
Greetings.  I am looking for some guidance on the ACL system and how to 
integrate it into our application.  Furthermore, I plan to get the 
second article out for Javalobby within the next week or two.  Any help 
is appreciated.

In our application, we define domains (i.e. companies).  Objects of 
different types belong to each domain.  For example, each domain has a 
set of servers assigned to it.  In addition, there is a set of users 
assigned to the domain.  For example, the "Contegix " domain contains 
Server1, Server2, and Server17.  Each domain has one or more 
administrators which should have unrestricted access to any object tied 
to the domain.  Furthermore, domains can be nested.

As I am trying to get my head wrapped around the ACL system in Acegi, I 
am having difficulties finding the best way to apply permissions and 
restrictions.

Cheers,
  Matthew

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Security Guidelines?

2004-12-01 Thread Matthew E . Porter 
Mark:
  Are you looking for a reference guide or tutorial?  If it's the 
former, they are available from the website.  The current version can 
be generated from the cvs source.  If it's the tutorial, I wrote an 
article for Javalobby on Acegi a few weeks ago.  There will be a second 
part coming soon.

http://www.javalobby.org/articles/acegisecurity/part1.jsp
Cheers,
  Matthew
On Dec 1, 2004, at 11:34 PM, mark bernard wrote:
Hello, I was wondering if anyone has a high level security guideline 
for Acegi? Any sort of pdf or whitepaper will do. I scoured on google 
for a while and didnt find much.
  
Mark Bernard
Webmaster
http://www.pet2002.org/ethical_hacking.html
http://www.certifiedethicalhacker.com/

Do you Yahoo!?
 All your favorites on one personal page – Try My Yahoo!

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer