Re: [Acegisecurity-developer] Acegi J2ME client
Hello Ben, yes, SOAP is too heavy, but not kSOAP (SOAP for kvm).. question that i have was, rather than J2ME based, more on the security stuff and how acegi works. Please correct me if i am wrong, but in normal web user interaction, user logs in to my application and has an HttpSession associated with him. Now, i suppose somehow acegi is able to interact with HttpSession, so that as long as user has a session, every action that he/she does will be 'catched' by acegi to see if user is authenticated/authorized, correct? because it will look little 'silly' to me to perform authentication all the time (as far as i can see, authentication should be done once when user logs in, and after that acegi will check if user is AUTHORIZED to do certain actions, correct?) Now, i was wondering 'where is the hook' so that aceci knows that user is already been authenticated, and now it needs to be authorized. Because i will need that hook in a J2ME client, so that my J2ME client gets authenticated initially, and after that my app will check (via acegi) if the authenticated user is authorized, instead of checking authentication for every request. is there a link between acegi and HttpSession? thanx in advance and regards marco On 5/22/05, Ben Alex [EMAIL PROTECTED] wrote: Marco Mistroni wrote: hello all, i plan to use acegi as security framework for my webapplication... however i want to have also J2ME clients which will communicate using SOAP API.. will i have any problems for that? i want to avoid J2ME client to login all the time has anyone any idea on how can i achieve that? Hi Marco Sorry, I haven't done any work with J2ME, so I'm not in a position to answer your questions. I am actually a little curious about this myself, especially as I had read SOAP was too heavy-weight to use in small footprint devices like J2ME platforms... Does any else on this list have any J2ME experience? Cheers Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12alloc_id344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi J2ME client
Marco Mistroni wrote: is there a link between acegi and HttpSession? Hi Marco Yes, there is. Internally Acegi Security uses a ContextHolder (SecurityContextHolder from 0.9.0 and current CVS) for all of its interactions. It's just a ThreadLocal. So the various authentication mechanisms (BASIC, Digest, CAS, form etc) put an Authentication object into the ContextHolder, and Acegi Security retrieves it from there whenever required. HttpSessionContextIntegrationFilter is responsible for copying the contents between the ContextHolder and the HttpSession at the start and end of each web request. As such, if your J2ME system is able to maintain the standard jsessionid or cookie-based session identifier, you shouldn't have any problems. HTH Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Acegi J2ME client
hello all, i plan to use acegi as security framework for my webapplication... however i want to have also J2ME clients which will communicate using SOAP API.. will i have any problems for that? i want to avoid J2ME client to login all the time has anyone any idea on how can i achieve that? thanx in advance and regards marco --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12alloc_id344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi J2ME client
Marco Mistroni wrote: hello all, i plan to use acegi as security framework for my webapplication... however i want to have also J2ME clients which will communicate using SOAP API.. will i have any problems for that? i want to avoid J2ME client to login all the time has anyone any idea on how can i achieve that? Hi Marco Sorry, I haven't done any work with J2ME, so I'm not in a position to answer your questions. I am actually a little curious about this myself, especially as I had read SOAP was too heavy-weight to use in small footprint devices like J2ME platforms... Does any else on this list have any J2ME experience? Cheers Ben --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer