[Acegisecurity-developer] AuthorizeTag.java
Hello, the following method, private Collection getPrincipalAuthorities() { SecureContext context = ((SecureContext) ContextHolder.getContext()); if (null == context) { return Collections.EMPTY_LIST; } Authentication currentUser = context.getAuthentication(); if (null == currentUser) { return Collections.EMPTY_LIST; } Collection granted = Arrays.asList(currentUser.getAuthorities()); return granted; } Could there be instances where currentUser.getAuthorities() returns null. If so, Arrays.asList(currentUser.getAuthorities()); will throw an exception. Thanks Shishir --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Reducing the number of filters needed in web.xml
+1 to it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bryan ( [EMAIL PROTECTED]) Sent: Sunday, January 23, 2005 11:52 AM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml I think they're is a more elegant and intuitive way to do this. I also think this a good idea,it would be good to have a more elegant syntax though, perhaps you might also consider the following. snip -- And configure the chain of filters in the application context, something like channelProcessingFilter=/* authenticationProcessingFilter=/* basicProcessingFilter=/* sessionIntegrationFilter=/* securityEnforcementFilter=/* Best Regards Bryan Hunt On Sun, 23 Jan 2005 09:26:48 -0500, Dmitriy Kopylenko <[EMAIL PROTECTED]> wrote: > This idea looks good to me. > > Regards, > Dmitriy. > > - Original Message - > From: Carlos Sanchez <[EMAIL PROTECTED]> > Date: Sunday, January 23, 2005 7:59 am > Subject: [Acegisecurity-developer] Reducing the number of filters > needed in web.xml > > > Hi, > > > > I think this was already discussed but I wasn't able to find it. > > > > I'd like to reduce the number of filters in web.xml to just one, say > > > > > > Acegi Filter > > net.sf.acegisecurity.util.FilterToBeanProxy > class> > >targetClass > >net.sf.acegisecurity.FilterChain > > > > > > > > And configure the chain of filters in the application context, > > something like > > > > > > > > > > > > > > > > > > > > > > > > > > > > /* > > /* > > /* > > /* > > /* > > > > > > > > Any thoughts? > > > > Regards > > > > Carlos Sanchez > > A Coruña, Spain > > http://www.jroller.com/page/carlossg > > > > > > > > > > --- > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive > > ReportingTool for open source databases. Create drag-&-drop reports. > > Save time by over 75%! Publish reports on the web. Export to DOC, > > XLS, RTF, etc. > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > > ___ > > Home: http://acegisecurity.sourceforge.net > > Acegisecurity-developer mailing list > > Acegisecurity-developer@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > > --- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive > Reporting Tool for open source databases. Create drag-&-drop reports. > Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, > etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > ___ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] RE: [Springframework-user] Acegi Security - new release 0.7.0
Ben, I believer AutoIntegrationFilter is no longer available in 0.7. Could you please update the "Upgrading to 0.7.0" link on ACEGI site mentioning the same. I guess instead of AutoIntegrationFilter , we can use either HttpRequestIntegrationFilter or HttpSessionIntegrationFilter. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Wednesday, January 19, 2005 3:43 PM To: acegisecurity-developer@lists.sourceforge.net; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Springframework-user] Acegi Security - new release 0.7.0 Dear Spring Community I'm pleased to announce the Acegi Security System for Spring release 0.7.0 is now available from http://acegisecurity.sourceforge.net. The project provides comprehensive security services for The Spring Framework. You can read about the features in detail at http://acegisecurity.sourceforge.net. There are many changes, improvements and fixes in release 0.7.0 (as listed at http://acegisecurity.sourceforge.net/changes-report.html). The major new feature areas are: * Significant improvements to ACL security services * AspectJ support (useful for instance-level security) * Refactoring of ObjectDefinitionSources (especially useful for web URI security) * Automatic propagation of security identity via RMI and HttpInvoker * Integration with Servlet Spec's getRemoteUser() * Refactoring of Contacts sample to use the new ACL security services * Additional event publishing (now includes authorisation, not just authentication) * CVS restructure to use Maven as the build system * A new project web site with FAQs, links to external articles etc The new ACL security services deserve special mention, as they make it possible to develop applications that require complex instance-based security without any custom code. The entire configuration of such applications can be declared in the IoC container using standard Acegi Security services, so this should help significantly improve architecture and development time. As per the Apache APR project versioning guidelines, this is a major release. We expect the next major release will be 1.0.0, although release 0.7.0 should be considered stable enough for most projects to use. There are detailed upgrade instructions included in the release ZIP and on the Acegi Security home page. For Maven users, Acegi Security's latest JARs are available from http://acegisecurity.sourceforge.net/maven/acegisecurity/jars. We will also be adding release 0.7.0 and above to iBiblio. We hope you find this new release useful in your projects. Best regards Ben --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Springframework-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/springframework-user --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] RE: AbstractProcessingFilter
Thanks. That clears it. -Original Message- From: Ben Alex [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 4:36 PM To: Shishir K. Singh; [EMAIL PROTECTED] Subject: Re: AbstractProcessingFilter Shishir K. Singh wrote: > Hi Ben, > > Tried posting this on "[EMAIL PROTECTED]" > but for some reason it's bouncing back. Therefore sending directly to you. > > > I have not tested it out, but my understanding after going through the > contacts sample for cas authorization is that when the authentication > fails in CasProcessingFilter, the failure url is "/casfailed.jsp". > What if the the use case is to go to > _https://localhost:8443/cas/login_ directrly instead of "/casfailed.jsp". > > If there is not workaround to the above, I was wondering if it makes > sense to check if failureUrl starts with http/https and if so, then > just redirect it to the failureUrl, else do as the existing code is > doing, instead of always doing httpRequest.getContextPath() + > failureUrl. > > I think I am missing something here ,not sure though . > > The AbstractProcessingFilter.authenticationFailureUrl (CasProcessingFilter's superclass) will only be used if the ticket provided by the CAS server is invalid for some reason. Typically, the CasProxyTicketValidator delegates to CAS' ProxyTicketValidator.validate() method which returns false to proxyTicketValidator.isAuthenticationSuccessful(). Put differently, you'll only see /casfailed.jps if there is something fundamentally wrong with the ticket. This will usually only happen if the user has attempted to do something invalid, like POSTing a false ticket to /j_acegi_cas_security_check. Normal user interaction takes place on the CAS server, and invalid passwords cause the re-display of the CAS server login page so they can try again. HTH Ben --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Vote: Change to build system and CVS layout
Okay with it , though I am not too fond of maven :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Tuesday, October 19, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Vote: Change to build system and CVS layout Ben Alex wrote: > > I should emphasize that typical Acegi Security users will not be > impacted at all from these changes, except perhaps defining the > correct substitute for AutoIntegrationFilter in web.xml. Users already > need to build the samples using Ant, so the need to build the samples > via Maven shouldn't be a major issue. > > Any comments, concerns, support, votes etc regarding the above are > most welcome. > Any response to the above? If nobody has any objections within the next 24 hours, we'll make the changes. Thanks Ben --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Release 0.61
+1 for Apache guidelines. +1 for 0.6.1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ricardo Matinata Sent: Friday, September 24, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Release 0.61 IMHO : +1 for Apache guidelines. +1 for 0.6.1 (same reason as Ben). --- Ricardo On Fri, 24 Sep 2004 15:52:44 +1000, Ben Alex <[EMAIL PROTECTED]> wrote: > Scott McCrory wrote: > > >No objections - "release early and release often..." But are you > >sure it's just a 0.61 release? I'd recommend 0.7, as most > >non-programmers (and some bit twiddlers too) consider anything prior > >to 1.0 not mature enough for production, and I think Acegi is a lot further along that that... > > Scott > > > > > > > I just did a quick Google for version number guidelines. I found quite > a few references to Apache's Portable Runtime Project versioning > guidelines at http://apr.apache.org/versioning.html. These seem > reasonable, but if there is some other guideline people would prefer > to follow, please provide a URL. Alternatively, if people are happy > with the Apache guidelines, please send a +1 to the list. > > The current CVS HEAD is directly compatible with 0.6. So people > recognise the new release is directly compatible with 0.6 deployments, > I favor tagging it 0.61. Or, if we decide to adopt the Apache > guidelines above, the new release would be tagged 0.6.1. > > The 1.0 issue has come up in the forum and been sighted as a reason > for not using the project. I can't identify any foreseeable additional > features that would require architectural changes, and as stability is > pretty good, we should seriously think about whether the next release > after this one should be 1.0. The one major issue I would like to > resolve before we tag it 1.0 is moving to a Maven-based build rather > than Ant, just in case this migration requires changes in the classes > contained in each artifact. > > Comments welcome. > > Ben > --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Authz taglibs for freemarker
Yes. Velocity has a bigger following than freemarker. But I find freemarker to be more rich in feature, just my personal opinion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Thursday, September 02, 2004 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Authz taglibs for freemarker Shishir K. Singh wrote: >Ben, > >Is there any work going on to port the authorization taglibs to >freemarker tags ? > >Thanks >Shishir > > > Not as far as I know. Besides, doesn't everyone use Velocity these days? ;-) Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Authz taglibs for freemarker
Ben, Is there any work going on to port the authorization taglibs to freemarker tags ? Thanks Shishir --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun
Ben, One small thingy...on line 94 of FilterToBeanProxy, you may want to check if the delegate is not null before destroying. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shishir K. Singh Sent: Wednesday, September 01, 2004 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun Ben, Thanks. It works fine. Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Tuesday, August 31, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun Shishir K. Singh wrote: >Ben, > >Even if I use ContextLoaderServlet, won't the filters get created >before ContextLoaderListener. In that case, the "init" of the filters >will be called even before the Spring context is available and thus, >the WebApplicationContextUtils.getRequiredWebApplicationContext will >fail in the filters. > >I changed the ContextLoaderListener to ContextLoaderServlet in >contacts's web.xml and got the same error when deploying in tomcat now. > > > > Yes, you're right. I've just committed to CVS HEAD an enhancement to FilterToBeanProxy which enables it to lazily initialize the proxied Filter (ie on the first HTTP request, not at filter initialization time). Just set initialization property "init" to "lazy". Please let me know if this works OK. Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=ick ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun
Ben, Thanks. It works fine. Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Tuesday, August 31, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun Shishir K. Singh wrote: >Ben, > >Even if I use ContextLoaderServlet, won't the filters get created >before ContextLoaderListener. In that case, the "init" of the filters >will be called even before the Spring context is available and thus, >the WebApplicationContextUtils.getRequiredWebApplicationContext will >fail in the filters. > >I changed the ContextLoaderListener to ContextLoaderServlet in >contacts's web.xml and got the same error when deploying in tomcat now. > > > > Yes, you're right. I've just committed to CVS HEAD an enhancement to FilterToBeanProxy which enables it to lazily initialize the proxied Filter (ie on the first HTTP request, not at filter initialization time). Just set initialization property "init" to "lazy". Please let me know if this works OK. Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun
Ben, Even if I use ContextLoaderServlet, won't the filters get created before ContextLoaderListener. In that case, the "init" of the filters will be called even before the Spring context is available and thus, the WebApplicationContextUtils.getRequiredWebApplicationContext will fail in the filters. I changed the ContextLoaderListener to ContextLoaderServlet in contacts's web.xml and got the same error when deploying in tomcat now. Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Tuesday, August 31, 2004 7:37 PM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun Shishir K. Singh wrote: >Hi, > >I am running into issues when deploying the contacts.war on Jrun. It >works fine when deployed on tomcat. Here's starting the stack trace >from the Jrun console. > > > > This is a Spring-specific issue. I think you'll need to use ContextLoaderServlet rather than ContextLoaderListener in web.xml. Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun
Hi, I am running into issues when deploying the contacts.war on Jrun. It works fine when deployed on tomcat. Here's starting the stack trace from the Jrun console. 1 / 901# Created by JRun on 08/31 15:33:12 2 / 90108/31 15:33:12 info Deploying web application "Contacts Sample Application" from: file:/C:/Downloads/acegi-security-0.51/samples/contacts/dist/contacts.wa r 3 / 90108/31 15:33:12 error Error loading class for Filter Acegi Authentication Processing Filter: Filter is disabled. 4 / 901java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered? 5 / 901 at org.springframework.web.context.support.WebApplicationContextUtils.getRe quiredWebApplicationContext(WebApplicationContextUtils.java:69) 6 / 901 at net.sf.acegisecurity.util.FilterToBeanProxy.getContext(FilterToBeanProxy .java:158) 7 / 901 at net.sf.acegisecurity.util.FilterToBeanProxy.init(FilterToBeanProxy.java: 98) 8 / 901 at jrun.servlet.FilterObject.init(FilterObject.java:63) 9 / 901 at jrun.servlet.FilterManager.loadFilter(FilterManager.java:195) 10 / 901at jrun.servlet.FilterManager.init(FilterManager.java:155) 11 / 901at jrun.servlet.FilterManager.create(FilterManager.java:74) 12 / 901at jrun.servlet.WebApplicationService.start(WebApplicationService.java:223) 13 / 901at jrun.deployment.DeployerService.initModules(DeployerService.java:710) 14 / 901at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService. java:242) 15 / 901at jrun.deployment.DeployerService.deploy(DeployerService.java:430) 16 / 901at jrun.deployment.DeployerService.deployPersistentURL(DeployerService.java :1570) 17 / 901at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 18 / 901at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) 19 / 901at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) 20 / 901at java.lang.reflect.Method.invoke(Method.java:324) 21 / 901at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628) 22 / 901at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523) 23 / 901at jrunx.kernel.agents.JRunAdminService.invoke(JRunAdminService.java:127) 24 / 901at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source) 25 / 901at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) - Any help would be appreciated. I am running the 30 days evaluation of Jrun on Windows. Thanks Shishir --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Sourceforge CVS
Is something wrong with the source forge cvs access (anonymous) to acegi module. Can't seem to get through for the last two days. Shishir --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] removeCache in UserDetails
I was wondering if the method public void removeUserFromCache(String username) { cache.remove(username); } In EhCacheBasedUserCache can be made implement able i.e moved to UserCache interface. Thanks Shishir --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Uisng Acegi with Netegrity's Site Minder singlesignon
Hi, Has anyone tried to integrate the propriety Netegrity SiteMinder single sign on ( http://www.netegrity.com/products/products.cfm?page=SMoverview ) with Acegi security. If so , any pointers on how to implement this would be appreciated. Thanks Shishir
RE: [Acegisecurity-developer] Is Authentication not really Serializable?
Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Tuesday, July 13, 2004 6:10 PM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Is Authentication not really Serializable? Hi Shishir Shishir K. Singh wrote: >Same goes for forcePrincipalAsString. > > > There is already an isForcePrincipalAsString() method. > > >-Original Message----- >From: Shishir K. Singh >Sent: Tuesday, July 13, 2004 10:15 AM >To: '[EMAIL PROTECTED]' >Subject: RE: [Acegisecurity-developer] Is Authentication not really >Serializable? > >Ben, > >I was wondering if the context variable in DaoAuthenticationProvider >could be made protected or better yet, have a getContext() method. Sub >classes extending the provider then can provide their own custom >events if necessary. > > > I just added to CVS HEAD a getter for the context. Best regards Ben --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Is Authentication not really Serializable?
Same goes for forcePrincipalAsString. -Original Message- From: Shishir K. Singh Sent: Tuesday, July 13, 2004 10:15 AM To: '[EMAIL PROTECTED]' Subject: RE: [Acegisecurity-developer] Is Authentication not really Serializable? Ben, I was wondering if the context variable in DaoAuthenticationProvider could be made protected or better yet, have a getContext() method. Sub classes extending the provider then can provide their own custom events if necessary. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Burleson Sent: Tuesday, July 13, 2004 10:04 AM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Is Authentication not really Serializable? On Tue, 13 Jul 2004 08:40:09 +1000, Ben Alex <[EMAIL PROTECTED]> wrote: > Hi Patrick > > I've just made Authentication Serializable in CVS HEAD. > > Best regards > Ben > Ben, Thank you very much. Going to test it out today. Any ideas on the schedule for 0.6? Thanks, Patrick --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Is Authentication not really Serializable?
Ben, I was wondering if the context variable in DaoAuthenticationProvider could be made protected or better yet, have a getContext() method. Sub classes extending the provider then can provide their own custom events if necessary. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Burleson Sent: Tuesday, July 13, 2004 10:04 AM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Is Authentication not really Serializable? On Tue, 13 Jul 2004 08:40:09 +1000, Ben Alex <[EMAIL PROTECTED]> wrote: > Hi Patrick > > I've just made Authentication Serializable in CVS HEAD. > > Best regards > Ben > Ben, Thank you very much. Going to test it out today. Any ideas on the schedule for 0.6? Thanks, Patrick --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] URL redirection when session expires
Hi Ben, I think ignoreRedirectUrl is good idea. Enhancing on that, would it make sense to have a property type attribute , which will have a key URL and the URL that needs to be redirected to. If the existing URL ends with any one of the above, then redirect to the valid url as defined in the props value. If none matches, then defaultURL is picked up. If ignoreRedirectUrl is on, then straight away redirect to the default. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Wednesday, June 09, 2004 5:47 PM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] URL redirection when session expires Hi Shishir > When the session expires, the login screen comes up (if I try to click > some link). However, it tries to redirect me (as it > should) to the page that I was trying to access. Since I was storing > some objects in the session to display in this new page, they are no > longer there since this is a new session. > > This results in a null pointer kind of exception > > > Is there a way to force the URL redirection to the defaultTargetUrl or > any other page rather than the one that is stored in > AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY. > > Say for certain pages, I always want the user to be redirected to the > base page from where they can start again. > > Is this something that is not security related ? > > If not, then I guess I will have to handle these programmatically. No, you can't do that directly within Acegi Security. A fundamental problem is how Acegi Security would differentiate between a legitimate first request for the secured resource in which ACEGI_SECURITY_TARGET_URL_KEY should be honoured, versus an exired request that should have its ACEGI_SECURITY_TARGET_URL_KEY ignored. I guess we could have a boolean "ignoreRedirectUrl", which if true always redirects to defaultTargetUrl. Would this be of interest to others? I'd suggest writing a filter that ensures valid objects exist in the session. If they don't exist, either redirect to the start page or create them on-the-fly. HTH Ben --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] URL redirection when session expires
Hi, When the session expires, the login screen comes up (if I try to click some link). However, it tries to redirect me (as it should) to the page that I was trying to access. Since I was storing some objects in the session to display in this new page, they are no longer there since this is a new session. This results in a null pointer kind of exception Is there a way to force the URL redirection to the defaultTargetUrl or any other page rather than the one that is stored in AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY. Say for certain pages, I always want the user to be redirected to the base page from where they can start again. Is this something that is not security related ? If not, then I guess I will have to handle these programmatically. Thanks Shishir --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Custom attributes on User Object
> I'm not clear how managing the password would be easier in this situation? As long as the getPassword semantic is maintained, I guess it does not matters. Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Monday, June 07, 2004 5:06 PM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Custom attributes on User Object > Also, do you think this would be a correct to do: > > Have a User Interface with the three methods as existing in the > current User Object Create a DefaultUserImpl (same as the existing > User Object )for this interface for simple use cases. > > Users can then implement/extend this User Interface instead of having > to use the DefaultUserImpl. This way, you can easily manage the > password. We'd need to be careful doing this. User is an object the majority of Acegi Security end users will be directly using via their custom DAO implementations. Having said that, it's easy enough to do. Just create a new UserDetails interface and make the existing User implement it. That way nobody's existing code will break. I'm not clear how managing the password would be easier in this situation? Ben --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Password Synchronization
I was wondering as to how to approach the password synchronization?? The use case is: a) There is an enterprise wide authentication system vide the LDAP. b) There's a custom web application that maintains it's own user list and roles (say local user list). Only if the users exist in the local user list, they will be validated against the LDAP for password authentication (if this is active). c) If for some reason the LDAP is down, the user should be able to bypass the authentication and login using the local authentication. For this, I always need to synchronize the successful password login to the local password (one way encoding..off course). I was wondering how to implement this using ACEIG. Do you think that this is outside the security domain and should be handled separately ? Or can a new method, say synchronizePassword (in the dao provider for now ) can be added just like loadUserByUsername. Thanks Shishir
[Acegisecurity-developer] Compilation error
I am trying to compile the source code as downloaded from the sourceforge acegi-security-0.51-with-dependencies.zip. However, on running the alljar task, I get this error: Buildfile: C:\Downloads\acegi-security-0.51\build.xml [taskdef] Could not load definitions from resource clovertasks. It could not be found. [typedef] Could not load definitions from resource clovertypes. It could not be found. build: I think I am missing some properties file. Also, I could not check out the latest code from CVS. It does not allow me to get in as anonymous. Do I need user/password to get in the project. Any help would be appreciated. Thanks Shishir
RE: [Acegisecurity-developer] Custom attributes on User Object
Ben, Also, do you think this would be a correct to do: Have a User Interface with the three methods as existing in the current User Object Create a DefaultUserImpl (same as the existing User Object )for this interface for simple use cases. Users can then implement/extend this User Interface instead of having to use the DefaultUserImpl. This way, you can easily manage the password. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shishir K. Singh Sent: Monday, June 07, 2004 3:23 AM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Custom attributes on User Object Yup. Exactly. This way, I still can subclass the Existing User and not have to worry about breaking anything. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Monday, June 07, 2004 3:09 AM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Custom attributes on User Object > Since getPrincipal already has a signature of Object, why can't it be > allowed to store the user object sans password instead of only the > user name as string. Then in my provider, I can prepare my user object > in anyway I like, whether it be string (user name) or an object with > some info and then cast it accordingly in my view . So you're proposing DaoAuthenticationProvider returns an Authentication object (specifically UsernamePasswordAuthenticationToken) that has as its Principal the User, rather than the current User.getUsername() String? DaoAuthenticationProvider uses authentication.getPrincipal() in which it expects a String to be presented. We would need to have DaoAuthenticationProvider detect if the presented Authentication.getPrincipal() object is a String or User, and handle it accordingly. Aside from this, I can't see any problems with this approach. I also think we should overwrite the password in the User object before passing it to the AuthenticationEvent and/or using it as the returned Authentication.getPrincipal() value. Would doing this cause concerns for anyone? Ben --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Custom attributes on User Object
Yup. Exactly. This way, I still can subclass the Existing User and not have to worry about breaking anything. Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Monday, June 07, 2004 3:09 AM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Custom attributes on User Object > Since getPrincipal already has a signature of Object, why can't it be > allowed to store the user object sans password instead of only the > user name as string. Then in my provider, I can prepare my user object > in anyway I like, whether it be string (user name) or an object with > some info and then cast it accordingly in my view . So you're proposing DaoAuthenticationProvider returns an Authentication object (specifically UsernamePasswordAuthenticationToken) that has as its Principal the User, rather than the current User.getUsername() String? DaoAuthenticationProvider uses authentication.getPrincipal() in which it expects a String to be presented. We would need to have DaoAuthenticationProvider detect if the presented Authentication.getPrincipal() object is a String or User, and handle it accordingly. Aside from this, I can't see any problems with this approach. I also think we should overwrite the password in the User object before passing it to the AuthenticationEvent and/or using it as the returned Authentication.getPrincipal() value. Would doing this cause concerns for anyone? Ben --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Custom attributes on User Object
Thanks Ben, I have taken the 2nd approach. i.e have another method on the interface called UserInfo that contains all info sans the password. However, I think that this becomes a bit messy (imo :)) . What I was thinking was : Since getPrincipal already has a signature of Object, why can't it be allowed to store the user object sans password instead of only the user name as string. Then in my provider, I can prepare my user object in anyway I like, whether it be string (user name) or an object with some info and then cast it accordingly in my view . Just my 2 cents!! Thanks Shishir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Monday, June 07, 2004 2:39 AM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Custom attributes on User Object Hi Shishir > How do I access some attributes (like email Id's etc )on the my User > object in addition to the userName, password and granted authorities > as existing on the ACEIG User object, . > Right now, I am querying the database and getting my User object > separate from the Authentication object of ACEIG, but I feel that this > is not the right way to do it. > > Is there a way out. The way I do it is subclass User and make an ExtendedUser. My ExtendedUser has a salt property, so that ReflectionSaltSource can be used. But anyway, back to your question You'll need to modify your AuthenticationDao.loadUserByUsername(String) method to return your ExtendedUser instead of the normal User. If you're interested in this from an event logging perspective, the User is available inside the AuthenticationEvent. So it's a simple matter of casting to ExtendedUser and accessing your properties. If you're interested in this from a non-event logging perspective (eg you want email Ids etc available during web view rendering via the ContextHolder etc), you'll need to generate your own Authentication object. The most elegant way of doing this would be to make an Authentication object that has a property for the User. That way any extensions to User (like ExtendedUser) would be available in web views etc. So your code would be something like: ((ExtendedUser) ((ExtendedAuthentication) ((SecureContext) ContextHolder.getContext()).getAuthentication()).getUser()).getEmail().I f people think this is of interest, please let me know. HTH Ben --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Custom attributes on User Object
Hello, How do I access some attributes (like email Id's etc )on the my User object in addition to the userName, password and granted authorities as existing on the ACEIG User object, . Right now, I am querying the database and getting my User object separate from the Authentication object of ACEIG, but I feel that this is not the right way to do it. Is there a way out. Thanks Shishir --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer