Re: [Acegisecurity-developer] contribution: SecureContextLoginModule
Brian Moseley wrote: Jackrabbit uses JAAS internally to authenticate access to its repository, so my first attempt at integration was providing a custom LoginModule implemented using Acegi Security. i've since been reminded that the JCR spec allows us to bypass the JCR implementation's internal authentication, and i've reimplemented my server to do just that. so i no longer need the custom LoginModule i developed. Brian, are you able to share how you have achieved this? (I presume it is something to do with AccessControlContext but I don't know enough about that stuff as yet). Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] AbstractSecurityInterceptor
A thought... When using a DefaultAdvisorAutoProxyCreator and an AbstractSecurityInterceptor (e.g. MethodSecurityInterceptor) with an AuthenticationManager and/or AccessDecisionManager (or their subcomponents) that need advising themselves (e.g. transactional advice) using the DefaulAdvisorAutoProxyCreator to apply it. They won't get it as the DefaulAdvisorAutoProxyCreator doesn't exist yet. Would it be an idea as an option to specify the AuthenticationManager and AccessDecisionManager by id/name for later 'binding' on at the start of the 'invoke' method? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Release 0.61
March, Andres wrote: +1 for Apache guidelines And +1 for a 1.0 release after a maven build is implemented I concur -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] AuthenticationManager
Ben Alex wrote: Sean Radford wrote: Hi, Just wondering what the intended functionality of AuthenticationManager is for the authenticate method when an instance is passed an Authentication object that the manager is unable to process as it is simply the incorrect type (it does not support it). Should it be an java.lang.IllegalArgumentException or just an AuthenticationException? (This is similar to the ProviderManager, which throws a ProviderNotFoundException) And as a slight aside. Why does AuthenticationProvider not extend AuthenticationManager? Or just have one interface that covers both? Regards, Sean Hi Sean AuthenticationManager is expected to throw an AuthenticationException or subclass if it cannot authenticate (not IllegalArgumentException). Whilst ProviderManager is the only concrete implementation of AuthenticationManager, and it is expected to be used in most cases, I wanted to provide flexibility in case people didn't like the way ProviderManager worked. For instance, they may not want to use a supports() method or even a provider-based approach at all. AuthenticationProvider needs to have the supports() method, meaning we can't use the same interface as AuthenticationManager. You're probably right in that we could subclass AuthenticationManager, but the reason we don't is because of the subtle behaviour that an AuthenticationProvider can return null from its authenticate() method to indicate it does not support a given Authentication. On the other hand, AuthenticationManager should never return null from the authenticate() method. Best regards Ben --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer Thanks Bean for clearing that up. It's how I guessed things were intended, but even with reading the source, just wanted the clarification. Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] AuthenticationManager
Hi, Just wondering what the intended functionality of AuthenticationManager is for the authenticate method when an instance is passed an Authentication object that the manager is unable to process as it is simply the incorrect type (it does not support it). Should it be an java.lang.IllegalArgumentException or just an AuthenticationException? (This is similar to the ProviderManager, which throws a ProviderNotFoundException) And as a slight aside. Why does AuthenticationProvider not extend AuthenticationManager? Or just have one interface that covers both? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MethodDefinitionAttributes
Sean Radford wrote: Also, should net.sf.acegisecurity.ConfigAttributeDefinition have a size() method (particularly useful if null is not returned)? I also think that maybe ConfigAttributeDefinition should have a contains(ConfigAttribute) method too -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] MethodDefinitionAttributes
Hi, Been playing with Acegi today and just wondered the following... Should the net.sf.acegisecurity.intercept.method.MethodDefinitionAttributes.lookupAttributes(MethodInvocation invocation) return null when there are no ConfigAttributes within the ConfigAttributeDefinition instead of an empty one? Also, should net.sf.acegisecurity.ConfigAttributeDefinition have a size() method (particularly useful if null is not returned)? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] AuthByAdaptors and SecurityContext
Ben Alex wrote: Sean Radford wrote: Hi, If one is authenticating using JAAS to create an AuthByAdaptor Authentication object (e.g. using JBossAcegiLoginModule), how do you then get the SecureContext populated when not using a web-layer - and thus not able to use an IntegrationFilter such as the JbossIntegrationFilter? Or do I have to create my own MethodInterceptor around all my secure method calls to check for the SecureContext, and if not found, try to retrieve it from its 'well-known location'? Hi Sean There is no way included with Acegi Security to populate the ContextHolder from the JBoss JNDI location except via the JbossIntegrationFilter. So you'll have to experiment with an alternative way (sorry about that). Best regards Ben --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer Hi Ben, That's ok - I wrote an interceptor to do just that when I first looked at Acegi in its early days. Now (at last!) I'm going to get some time to look at it all again and so wondered if something had plugged the gap in the meantime. Any code I am able to make public, naturally I will. Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] AuthByAdaptors and SecurityContext
Hi, If one is authenticating using JAAS to create an AuthByAdaptor Authentication object (e.g. using JBossAcegiLoginModule), how do you then get the SecureContext populated when not using a web-layer - and thus not able to use an IntegrationFilter such as the JbossIntegrationFilter? Or do I have to create my own MethodInterceptor around all my secure method calls to check for the SecureContext, and if not found, try to retrieve it from its 'well-known location'? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer