[Acegisecurity-developer] AuthorizeTag.java

[Shishir K. Singh]

Hello, the following method, 

private Collection getPrincipalAuthorities() {
SecureContext context = ((SecureContext)
ContextHolder.getContext());

if (null == context) {
return Collections.EMPTY_LIST;
}

Authentication currentUser = context.getAuthentication();

if (null == currentUser) {
return Collections.EMPTY_LIST;
}

Collection granted =
Arrays.asList(currentUser.getAuthorities());
return granted;
}


Could there be instances where currentUser.getAuthorities() returns
null. 
If so, Arrays.asList(currentUser.getAuthorities()); will throw an
exception. 

Thanks
Shishir


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

[Shishir K. Singh]

+1 to it.  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bryan ( [EMAIL 
PROTECTED])
Sent: Sunday, January 23, 2005 11:52 AM
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] Reducing the number of filters needed in 
web.xml

I think they're is a more elegant and intuitive way to do this.
I also think  this a good idea,it would be good to have a more elegant syntax 
though, perhaps you might also consider the following.

snip --

And configure the chain of filters in the application context, something like





channelProcessingFilter=/*
authenticationProcessingFilter=/*
basicProcessingFilter=/*
sessionIntegrationFilter=/*
securityEnforcementFilter=/*






Best Regards 

Bryan Hunt






On Sun, 23 Jan 2005 09:26:48 -0500, Dmitriy Kopylenko <[EMAIL PROTECTED]> wrote:
> This idea looks good to me.
> 
> Regards,
> Dmitriy.
> 
> - Original Message -
> From: Carlos Sanchez <[EMAIL PROTECTED]>
> Date: Sunday, January 23, 2005 7:59 am
> Subject: [Acegisecurity-developer] Reducing the number of filters 
> needed in web.xml
> 
> > Hi,
> >
> > I think this was already discussed but I wasn't able to find it.
> >
> > I'd like to reduce the number of filters in web.xml to just one, say
> >
> > 
> >  Acegi Filter
> >  net.sf.acegisecurity.util.FilterToBeanProxy > class>  
> >targetClass
> >net.sf.acegisecurity.FilterChain
> >  
> > 
> >
> > And configure the chain of filters in the application context, 
> > something like
> >
> > 
> >  
> >
> >  
> >  
> >  
> >  
> >  
> >
> >  
> >  
> >
> >  /*
> >  /*
> >  /*
> >  /*
> >  /*
> >
> >  
> >
> > Any thoughts?
> >
> > Regards
> >
> > Carlos Sanchez
> > A Coruña, Spain
> > http://www.jroller.com/page/carlossg
> >
> >
> >
> >
> > ---
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive 
> > ReportingTool for open source databases. Create drag-&-drop reports. 
> > Save time by over 75%! Publish reports on the web. Export to DOC, 
> > XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > ___
> > Home: http://acegisecurity.sourceforge.net
> > Acegisecurity-developer mailing list 
> > Acegisecurity-developer@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
> >
> 
> ---
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive 
> Reporting Tool for open source databases. Create drag-&-drop reports. 
> Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, 
> etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> ___
> Home: http://acegisecurity.sourceforge.net
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool 
for open source databases. Create drag-&-drop reports. Save time by over 75%! 
Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] RE: [Springframework-user] Acegi Security - new release 0.7.0

[Shishir K. Singh]

Ben, 

I believer AutoIntegrationFilter is no longer available in 0.7. Could
you please update the "Upgrading to 0.7.0" link on ACEGI site mentioning
the same. I guess instead of  AutoIntegrationFilter , we can use either
HttpRequestIntegrationFilter or HttpSessionIntegrationFilter. 

Thanks
Shishir 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ben Alex
Sent: Wednesday, January 19, 2005 3:43 PM
To: acegisecurity-developer@lists.sourceforge.net;
[EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: [Springframework-user] Acegi Security - new release 0.7.0

Dear Spring Community

I'm pleased to announce the Acegi Security System for Spring release
0.7.0 is now available from http://acegisecurity.sourceforge.net. The
project provides comprehensive security services for The Spring
Framework. You can read about the features in detail at
http://acegisecurity.sourceforge.net.

There are many changes, improvements and fixes in release 0.7.0 (as
listed at http://acegisecurity.sourceforge.net/changes-report.html). The
major new feature areas are:

* Significant improvements to ACL security services
* AspectJ support (useful for instance-level security)
* Refactoring of ObjectDefinitionSources (especially useful for web URI
security)
* Automatic propagation of security identity via RMI and HttpInvoker
* Integration with Servlet Spec's getRemoteUser()
* Refactoring of Contacts sample to use the new ACL security services
* Additional event publishing (now includes authorisation, not just
authentication)
* CVS restructure to use Maven as the build system
* A new project web site with FAQs, links to external articles etc

The new ACL security services deserve special mention, as they make it
possible to develop applications that require complex instance-based
security without any custom code. The entire configuration of such
applications can be declared in the IoC container using standard Acegi
Security services, so this should help significantly improve
architecture and development time.

As per the Apache APR project versioning guidelines, this is a major
release. We expect the next major release will be 1.0.0, although
release 0.7.0 should be considered stable enough for most projects to
use. There are detailed upgrade instructions included in the release ZIP
and on the Acegi Security home page.

For Maven users, Acegi Security's latest JARs are available from
http://acegisecurity.sourceforge.net/maven/acegisecurity/jars. We will
also be adding release 0.7.0 and above to iBiblio.

We hope you find this new release useful in your projects.

Best regards
Ben



---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time by
over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Springframework-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/springframework-user


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] RE: AbstractProcessingFilter

[Shishir K. Singh]

Thanks. That clears it. 

-Original Message-
From: Ben Alex [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 16, 2004 4:36 PM
To: Shishir K. Singh; [EMAIL PROTECTED]
Subject: Re: AbstractProcessingFilter

Shishir K. Singh wrote:

> Hi Ben,
>
> Tried posting this on "[EMAIL PROTECTED]" 
> but for some reason it's bouncing back. Therefore sending directly to
you.
>
>
> I have not tested it out, but my understanding after going through the

> contacts sample for cas authorization is that when the authentication 
> fails in CasProcessingFilter, the failure url is "/casfailed.jsp".
> What if the  the use case is to go to 
> _https://localhost:8443/cas/login_ directrly instead of
"/casfailed.jsp".
>
> If there is not workaround to the above, I was wondering if it makes 
> sense to check if failureUrl starts with http/https and if so, then 
> just redirect it to the failureUrl, else do as the existing code is 
> doing,  instead of always doing httpRequest.getContextPath() + 
> failureUrl.
>
> I think I am missing something here ,not sure though .
>
>

The AbstractProcessingFilter.authenticationFailureUrl
(CasProcessingFilter's superclass) will only be used if the ticket
provided by the CAS server is invalid for some reason. Typically, the
CasProxyTicketValidator delegates to CAS' 
ProxyTicketValidator.validate() method which returns false to
proxyTicketValidator.isAuthenticationSuccessful(). Put differently,
you'll only see /casfailed.jps if there is something fundamentally wrong
with the ticket. This will usually only happen if the user has attempted
to do something invalid, like POSTing a false ticket to
/j_acegi_cas_security_check. Normal user interaction takes place on the
CAS server, and invalid passwords cause the re-display of the CAS server
login page so they can try again.

HTH
Ben





---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Vote: Change to build system and CVS layout

[Shishir K. Singh]

Okay with it , though I am not too fond of maven :)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex
Sent: Tuesday, October 19, 2004 7:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Vote: Change to build system and CVS layout

Ben Alex wrote:

>
> I should emphasize that typical Acegi Security users will not be 
> impacted at all from these changes, except perhaps defining the 
> correct substitute for AutoIntegrationFilter in web.xml. Users already 
> need to build the samples using Ant, so the need to build the samples 
> via Maven shouldn't be a major issue.
>
> Any comments, concerns, support, votes etc regarding the above are 
> most welcome.
>
Any response to the above? If nobody has any objections within the next 
24 hours, we'll make the changes.

Thanks
Ben



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer




---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Release 0.61

[Shishir K. Singh]

+1 for Apache guidelines.
+1 for 0.6.1
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ricardo Matinata
Sent: Friday, September 24, 2004 11:39 AM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Release 0.61

IMHO :

+1 for Apache guidelines.
+1 for 0.6.1 (same reason as Ben).

---
Ricardo

On Fri, 24 Sep 2004 15:52:44 +1000, Ben Alex <[EMAIL PROTECTED]>
wrote:
> Scott McCrory wrote:
> 
> >No objections - "release early and release often..."  But are you 
> >sure it's just a 0.61 release?  I'd recommend 0.7, as most 
> >non-programmers (and some bit twiddlers too) consider anything prior 
> >to 1.0 not mature enough for production, and I think Acegi is a lot
further along that that...
> >   Scott
> >
> >
> >
> I just did a quick Google for version number guidelines. I found quite

> a few references to Apache's Portable Runtime Project versioning 
> guidelines at http://apr.apache.org/versioning.html. These seem 
> reasonable, but if there is some other guideline people would prefer 
> to follow, please provide a URL. Alternatively, if people are happy 
> with the Apache guidelines, please send a +1 to the list.
> 
> The current CVS HEAD is directly compatible with 0.6. So people 
> recognise the new release is directly compatible with 0.6 deployments,

> I favor tagging it 0.61. Or, if we decide to adopt the Apache 
> guidelines above, the new release would be tagged 0.6.1.
> 
> The 1.0 issue has come up in the forum and been sighted as a reason 
> for not using the project. I can't identify any foreseeable additional

> features that would require architectural changes, and as stability is

> pretty good, we should seriously think about whether the next release 
> after this one should be 1.0. The one major issue I would like to 
> resolve before we tag it 1.0 is moving to a Maven-based build rather 
> than Ant, just in case this migration requires changes in the classes 
> contained in each artifact.
> 
> Comments welcome.
> 
> Ben
>


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Authz taglibs for freemarker

[Shishir K. Singh]

Yes. Velocity has a bigger following than freemarker. But I find
freemarker to be more rich in feature, just my personal opinion. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Thursday, September 02, 2004 9:17 PM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Authz taglibs for freemarker

Shishir K. Singh wrote:

>Ben,
>
>Is there any work going on to port the authorization taglibs to 
>freemarker tags ?
>
>Thanks
>Shishir
>
>  
>
Not as far as I know. Besides, doesn't everyone use Velocity these days?
;-)

Ben


---
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Authz taglibs for freemarker

[Shishir K. Singh]

Ben, 

Is there any work going on to port the authorization taglibs to
freemarker tags ?

Thanks
Shishir


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun

[Shishir K. Singh]

Ben, 

One small thingy...on line 94 of FilterToBeanProxy, you may want to
check if the delegate is not null before destroying. 

Thanks
Shishir 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Shishir K. Singh
Sent: Wednesday, September 01, 2004 1:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] Problems when trying to deploy
contacts.war on JRun

Ben, 

Thanks. It works fine.

Shishir 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Tuesday, August 31, 2004 10:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Problems when trying to deploy
contacts.war on JRun

Shishir K. Singh wrote:

>Ben,
>
>Even if I use ContextLoaderServlet, won't the filters get created 
>before ContextLoaderListener. In that case, the "init" of the filters 
>will be called even before the Spring context is available and thus, 
>the WebApplicationContextUtils.getRequiredWebApplicationContext will 
>fail in the filters.
>
>I changed the  ContextLoaderListener to ContextLoaderServlet in 
>contacts's web.xml and got the same error when deploying in tomcat now.
>  
>
>  
>
Yes, you're right. I've just committed to CVS HEAD an enhancement to
FilterToBeanProxy which enables it to lazily initialize the proxied
Filter (ie on the first HTTP request, not at filter initialization
time). Just set initialization property "init" to "lazy". Please let me
know if this works OK.

Ben



---
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=ick
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun

[Shishir K. Singh]

Ben, 

Thanks. It works fine.

Shishir 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Tuesday, August 31, 2004 10:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Problems when trying to deploy
contacts.war on JRun

Shishir K. Singh wrote:

>Ben,
>
>Even if I use ContextLoaderServlet, won't the filters get created 
>before ContextLoaderListener. In that case, the "init" of the filters 
>will be called even before the Spring context is available and thus, 
>the WebApplicationContextUtils.getRequiredWebApplicationContext will 
>fail in the filters.
>
>I changed the  ContextLoaderListener to ContextLoaderServlet in 
>contacts's web.xml and got the same error when deploying in tomcat now.
>  
>
>  
>
Yes, you're right. I've just committed to CVS HEAD an enhancement to
FilterToBeanProxy which enables it to lazily initialize the proxied
Filter (ie on the first HTTP request, not at filter initialization
time). Just set initialization property "init" to "lazy". Please let me
know if this works OK.

Ben



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun

[Shishir K. Singh]

Ben, 

Even if I use ContextLoaderServlet, won't the filters get created before
ContextLoaderListener. In that case, the "init" of the filters will be
called even before the Spring context is available and thus, the
WebApplicationContextUtils.getRequiredWebApplicationContext will fail in
the filters. 

I changed the  ContextLoaderListener to ContextLoaderServlet in
contacts's web.xml and got the same error when deploying in tomcat now.


Shishir



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Tuesday, August 31, 2004 7:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Problems when trying to deploy
contacts.war on JRun

Shishir K. Singh wrote:

>Hi,
>
>I am running into issues when deploying the contacts.war on Jrun. It 
>works fine when deployed on tomcat. Here's starting the stack trace 
>from the Jrun console.
>
>
>  
>
This is a Spring-specific issue. I think you'll need to use
ContextLoaderServlet rather than ContextLoaderListener in web.xml.

Ben


---
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Problems when trying to deploy contacts.war on JRun

[Shishir K. Singh]

Hi, 

I am running into issues when deploying the contacts.war on Jrun. It
works fine when deployed on tomcat. Here's starting the stack trace from
the Jrun console. 





  1 / 901# Created by JRun on 08/31 15:33:12   
  2 / 90108/31 15:33:12 info Deploying web application "Contacts
Sample Application" from:
file:/C:/Downloads/acegi-security-0.51/samples/contacts/dist/contacts.wa
r   
  3 / 90108/31 15:33:12 error Error loading class for Filter
Acegi Authentication Processing Filter: Filter is disabled.   
  4 / 901java.lang.IllegalStateException: No
WebApplicationContext found: no ContextLoaderListener registered?   
  5 / 901 at
org.springframework.web.context.support.WebApplicationContextUtils.getRe
quiredWebApplicationContext(WebApplicationContextUtils.java:69)   
  6 / 901 at
net.sf.acegisecurity.util.FilterToBeanProxy.getContext(FilterToBeanProxy
.java:158)   
  7 / 901 at
net.sf.acegisecurity.util.FilterToBeanProxy.init(FilterToBeanProxy.java:
98)   
  8 / 901 at
jrun.servlet.FilterObject.init(FilterObject.java:63)   
  9 / 901 at
jrun.servlet.FilterManager.loadFilter(FilterManager.java:195)   
  10 / 901at
jrun.servlet.FilterManager.init(FilterManager.java:155)   
  11 / 901at
jrun.servlet.FilterManager.create(FilterManager.java:74)   
  12 / 901at
jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)

  13 / 901at
jrun.deployment.DeployerService.initModules(DeployerService.java:710)   
  14 / 901at
jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.
java:242)   
  15 / 901at
jrun.deployment.DeployerService.deploy(DeployerService.java:430)   
  16 / 901at
jrun.deployment.DeployerService.deployPersistentURL(DeployerService.java
:1570)   
  17 / 901at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)   
  18 / 901at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)   
  19 / 901at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)   
  20 / 901at java.lang.reflect.Method.invoke(Method.java:324)   
  21 / 901at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)

  22 / 901at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)

  23 / 901at
jrunx.kernel.agents.JRunAdminService.invoke(JRunAdminService.java:127)

  24 / 901at
sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)   
  25 / 901at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)   
 

-

Any help would be appreciated. I am running the 30 days evaluation of
Jrun on Windows. 

Thanks
Shishir


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Sourceforge CVS

[Shishir K. Singh]

Is something wrong with the source forge cvs access (anonymous) to acegi
module. Can't seem to get through for the last two days. 

Shishir 


---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] removeCache in UserDetails

[Shishir K. Singh]

I was wondering if the method 

public void removeUserFromCache(String username) {
cache.remove(username);
}


In  EhCacheBasedUserCache can be made implement able  i.e moved to
UserCache interface.


Thanks
Shishir


---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Uisng Acegi with Netegrity's Site Minder singlesignon

[Shishir K. Singh]

Hi, 

 
Has 
anyone tried to integrate the propriety Netegrity SiteMinder single sign 
on  ( http://www.netegrity.com/products/products.cfm?page=SMoverview  
) with Acegi security. 
 
If so 
, any pointers on how to implement this would be appreciated. 

 
Thanks
Shishir

RE: [Acegisecurity-developer] Is Authentication not really Serializable?

[Shishir K. Singh]

Thanks.  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Tuesday, July 13, 2004 6:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Is Authentication not really
Serializable?

Hi Shishir

Shishir K. Singh wrote:

>Same goes for forcePrincipalAsString. 
>
>  
>
There is already an isForcePrincipalAsString() method.

> 
>
>-Original Message-----
>From: Shishir K. Singh
>Sent: Tuesday, July 13, 2004 10:15 AM
>To: '[EMAIL PROTECTED]'
>Subject: RE: [Acegisecurity-developer] Is Authentication not really 
>Serializable?
>
>Ben,
>
>I was wondering if the  context variable in DaoAuthenticationProvider 
>could be made protected or better yet, have a getContext() method. Sub 
>classes extending  the provider then can provide their own custom 
>events if necessary.
>
>  
>
I just added to CVS HEAD a getter for the context.

Best regards
Ben



---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital
self defense, top technical experts, no vendor pitches, unmatched
networking opportunities. Visit www.blackhat.com
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Is Authentication not really Serializable?

[Shishir K. Singh]

Same goes for forcePrincipalAsString. 

 

-Original Message-
From: Shishir K. Singh 
Sent: Tuesday, July 13, 2004 10:15 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Acegisecurity-developer] Is Authentication not really
Serializable?

Ben, 

I was wondering if the  context variable in DaoAuthenticationProvider
could be made protected or better yet, have a getContext() method. Sub
classes extending  the provider then can provide their own custom events
if necessary. 

Thanks
Shishir


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Patrick Burleson
Sent: Tuesday, July 13, 2004 10:04 AM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Is Authentication not really
Serializable?

On Tue, 13 Jul 2004 08:40:09 +1000, Ben Alex <[EMAIL PROTECTED]>
wrote:

> Hi Patrick
> 
> I've just made Authentication Serializable in CVS HEAD.
> 
> Best regards
> Ben
> 

Ben, 

Thank you very much. Going to test it out today. Any ideas on the
schedule for 0.6?

Thanks,
Patrick


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital
self defense, top technical experts, no vendor pitches, unmatched
networking opportunities. Visit www.blackhat.com
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Is Authentication not really Serializable?

[Shishir K. Singh]

Ben, 

I was wondering if the  context variable in DaoAuthenticationProvider
could be made protected or better yet, have a getContext() method. Sub
classes extending  the provider then can provide their own custom events
if necessary. 

Thanks
Shishir


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Patrick Burleson
Sent: Tuesday, July 13, 2004 10:04 AM
To: [EMAIL PROTECTED]
Subject: Re: [Acegisecurity-developer] Is Authentication not really
Serializable?

On Tue, 13 Jul 2004 08:40:09 +1000, Ben Alex <[EMAIL PROTECTED]>
wrote:

> Hi Patrick
> 
> I've just made Authentication Serializable in CVS HEAD.
> 
> Best regards
> Ben
> 

Ben, 

Thank you very much. Going to test it out today. Any ideas on the
schedule for 0.6?

Thanks,
Patrick


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital
self defense, top technical experts, no vendor pitches, unmatched
networking opportunities. Visit www.blackhat.com
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] URL redirection when session expires

[Shishir K. Singh]

Hi Ben, 


I think ignoreRedirectUrl is good idea. 

Enhancing on that, would it make sense to have a property type attribute
, which will have a key URL and the URL that needs to be redirected to.
If the existing URL ends with any one of the above, then redirect to the
valid url as defined in the props value. If none matches, then
defaultURL is picked up. If ignoreRedirectUrl is on, then straight away
redirect to the default. 

Thanks
Shishir

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Wednesday, June 09, 2004 5:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] URL redirection when session
expires

Hi Shishir

> When the session expires, the login screen comes up (if I try to click

> some link). However, it tries to redirect me (as it
> should) to the page that I was trying to access. Since I  was storing 
> some objects in the session to display in this  new page, they are no 
> longer there since this is a new session.
> 
> This results in a null pointer kind of exception
> 
> 
> Is there a way to force the URL redirection to the defaultTargetUrl or

> any other page rather than the one  that is stored  in 
> AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY.
> 
> Say for certain pages, I always want the user to be redirected to the 
> base page from where they can start again.
> 
> Is this something that is not security related ? 
> 
> If not, then  I guess I will have to handle these programmatically. 

No, you can't do that directly within Acegi Security. A fundamental
problem is how Acegi Security would differentiate between a legitimate
first request for the secured resource in which
ACEGI_SECURITY_TARGET_URL_KEY should be honoured, versus an exired
request that should have its ACEGI_SECURITY_TARGET_URL_KEY ignored. I
guess we could have a boolean "ignoreRedirectUrl", which if true always
redirects to defaultTargetUrl.
Would this be of interest to others?

I'd suggest writing a filter that ensures valid objects exist in the
session. If they don't exist, either redirect to the start page or
create them on-the-fly.

HTH
Ben



---
This SF.Net email is sponsored by: GNOME Foundation Hackers Unite!
GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org ___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] URL redirection when session expires

[Shishir K. Singh]

Hi, 


When the session expires, the login screen comes up (if I try to click
some link). However, it tries to redirect me (as it should) to the page
that I was trying to access. Since I  was storing some objects in the
session to display in this  new page, they are no longer there since
this is a new session.  

This results in a null pointer kind of exception


Is there a way to force the URL redirection to the defaultTargetUrl or
any other page rather than the one  that is stored  in
AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY. 

Say for certain pages, I always want the user to be redirected to the
base page from where they can start again.

Is this something that is not security related ? 

If not, then  I guess I will have to handle these programmatically. 

Thanks
Shishir


---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Custom attributes on User Object

[Shishir K. Singh]

> I'm not clear how managing the password would be easier in this
situation?

As long as the getPassword semantic is maintained, I guess it does not
matters.

Shishir

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Monday, June 07, 2004 5:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] Custom attributes on User Object


> Also, do you think this would be a correct to do:
> 
> Have a User Interface with the three methods as existing in the 
> current User Object Create a DefaultUserImpl (same as the existing 
> User Object )for this interface for simple use cases.
> 
> Users can then implement/extend  this User Interface instead of having

> to use the DefaultUserImpl. This way, you can easily manage the 
> password.

We'd need to be careful doing this. User is an object the majority of
Acegi Security end users will be directly using via their custom DAO
implementations. Having said that, it's easy enough to do. Just create a
new UserDetails interface and make the existing User implement it. That
way nobody's existing code will break. 

I'm not clear how managing the password would be easier in this
situation?

Ben



---
This SF.Net email is sponsored by: GNOME Foundation Hackers Unite!
GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org ___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Password Synchronization

[Shishir K. Singh]

I was wondering as to 
how to approach the password synchronization??
 
The use case 
is:
 
a) There is an 
enterprise wide authentication system vide the LDAP.
b) There's a custom web 
application that maintains it's own user list and roles (say local 
user list). Only if the users exist in the local user list, they will be 
validated against the LDAP for password authentication (if this is 
active). 
c) If for some reason 
the LDAP is down, the user should be able to bypass the authentication and login 
using the local authentication. For this, I always need to synchronize the 
successful password login to the local password (one way encoding..off course). 

 
I was wondering how to 
implement this using ACEIG. Do you think that this is outside the security 
domain and should be handled separately ? Or can a new method, say 
synchronizePassword (in the dao provider for now ) can be added just like 
loadUserByUsername. 

 
Thanks
Shishir
 
 
 

[Acegisecurity-developer] Compilation error

[Shishir K. Singh]

I am trying to compile the source code  as downloaded from the 
sourceforge  acegi-security-0.51-with-dependencies.zip. However, on running the alljar 
task, I get this 
error:
 Buildfile: 
C:\Downloads\acegi-security-0.51\build.xml
[taskdef] Could not load definitions from resource clovertasks. It could not 
be found.
[typedef] Could not load definitions from resource clovertypes. It could not 
be found.
build: 
I think I am missing some properties file. Also, I could not 
check out the latest code from CVS. It does not allow me to get in as anonymous. 
Do I need user/password to get in the 
project.
Any help would be 
appreciated. 
 
Thanks
Shishir 

RE: [Acegisecurity-developer] Custom attributes on User Object

[Shishir K. Singh]

Ben, 

Also, do you think this would be a correct to do:

Have a User Interface with the three methods as existing in the current
User Object
Create a DefaultUserImpl (same as the existing User Object )for this
interface for simple use cases. 

Users can then implement/extend  this User Interface instead of having
to use the DefaultUserImpl. This way, you can easily manage the
password. 

Thanks
Shishir

  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Shishir K. Singh
Sent: Monday, June 07, 2004 3:23 AM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] Custom attributes on User Object

Yup. Exactly. This way, I still can subclass the Existing User and not
have to worry about breaking anything.

Thanks
Shishir

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Monday, June 07, 2004 3:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] Custom attributes on User Object


> Since getPrincipal already has a signature of Object, why can't it be 
> allowed to store the user object sans password instead of only the 
> user name as string. Then in my provider, I can prepare my user object

> in anyway I like, whether it be string (user name) or an object with 
> some info and then cast it accordingly in my view .

So you're proposing DaoAuthenticationProvider returns an Authentication
object (specifically UsernamePasswordAuthenticationToken) that has as
its Principal the User, rather than the current User.getUsername()
String?

DaoAuthenticationProvider uses authentication.getPrincipal() in which it
expects a String to be presented. We would need to have
DaoAuthenticationProvider detect if the presented
Authentication.getPrincipal() object is a String or User, and handle it
accordingly. Aside from this, I can't see any problems with this
approach.

I also think we should overwrite the password in the User object before
passing it to the AuthenticationEvent and/or using it as the returned
Authentication.getPrincipal() value.

Would doing this cause concerns for anyone?

Ben



---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Custom attributes on User Object

[Shishir K. Singh]

Yup. Exactly. This way, I still can subclass the Existing User and not
have to worry about breaking anything.

Thanks
Shishir

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Monday, June 07, 2004 3:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] Custom attributes on User Object


> Since getPrincipal already has a signature of Object, why can't it be 
> allowed to store the user object sans password instead of only the 
> user name as string. Then in my provider, I can prepare my user object

> in anyway I like, whether it be string (user name) or an object with 
> some info and then cast it accordingly in my view .

So you're proposing DaoAuthenticationProvider returns an Authentication
object (specifically UsernamePasswordAuthenticationToken) that has as
its Principal the User, rather than the current User.getUsername()
String?

DaoAuthenticationProvider uses authentication.getPrincipal() in which it
expects a String to be presented. We would need to have
DaoAuthenticationProvider detect if the presented
Authentication.getPrincipal() object is a String or User, and handle it
accordingly. Aside from this, I can't see any problems with this
approach.

I also think we should overwrite the password in the User object before
passing it to the AuthenticationEvent and/or using it as the returned
Authentication.getPrincipal() value.

Would doing this cause concerns for anyone?

Ben



---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] Custom attributes on User Object

[Shishir K. Singh]

Thanks Ben, 

I have taken the 2nd approach.  i.e have another method on the interface
called UserInfo  that contains all info sans the password. However, I
think that this becomes a bit messy (imo :)) . What I was thinking was :

Since getPrincipal already has a signature of Object, why can't it be
allowed to store the user object sans password instead of only the user
name as string. Then in my provider, I can prepare my user object in
anyway I like, whether it be string (user name) or an object with some
info and then cast it accordingly in my view . 


Just my 2 cents!!

Thanks
Shishir
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ben Alex
Sent: Monday, June 07, 2004 2:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [Acegisecurity-developer] Custom attributes on User Object

Hi Shishir

> How do I access some attributes (like email Id's etc )on the my User 
> object in addition to the userName, password and granted authorities 
> as existing on the ACEIG User object, .
> Right now, I am querying the database and getting my User object 
> separate from the Authentication object of ACEIG, but I feel that this

> is not the right way to do it.
> 
> Is there a way out. 

The way I do it is subclass User and make an ExtendedUser. My
ExtendedUser has a salt property, so that ReflectionSaltSource can be
used. But anyway, back to your question You'll need to modify your
AuthenticationDao.loadUserByUsername(String) method to return your
ExtendedUser instead of the normal User.

If you're interested in this from an event logging perspective, the User
is available inside the AuthenticationEvent. So it's a simple matter of
casting to ExtendedUser and accessing your properties.

If you're interested in this from a non-event logging perspective (eg
you want email Ids etc available during web view rendering via the
ContextHolder etc), you'll need to generate your own Authentication
object. The most elegant way of doing this would be to make an
Authentication object that has a property for the User. That way any
extensions to User (like ExtendedUser) would be available in web views
etc. So your code would be something like:

((ExtendedUser)  ((ExtendedAuthentication) ((SecureContext)
ContextHolder.getContext()).getAuthentication()).getUser()).getEmail().I
f people think this is of interest, please let me know.

HTH
Ben



---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Custom attributes on User Object

[Shishir K. Singh]

Hello, 

How do I access some attributes (like email Id's etc )on the my User
object in addition to the userName, password and granted authorities as
existing on the ACEIG User object, . Right now, I am querying the
database and getting my User object separate from the Authentication
object of ACEIG, but I feel that this is not the right way to do it. 

Is there a way out. 

Thanks
Shishir



---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer