Re: [Acegisecurity-developer] Acegi J2ME client

2005-05-22 Thread Marco Mistroni 
Hello Ben,
 yes, SOAP is too heavy, but not kSOAP (SOAP for kvm)..
question that i have was, rather than J2ME based, more on the security
stuff and how acegi works.
Please correct me if i am wrong, but in normal web user interaction,
user logs in to my application and has an HttpSession associated with
him.
Now, i suppose somehow acegi is able to interact with HttpSession, so
that as long as user has a session, every action that he/she does will
be 'catched' by acegi to see if user is authenticated/authorized,
correct? because it will look little 'silly' to me to perform
authentication all the time (as far as i can see, authentication
should be done once when user logs in, and after that acegi will check
if user is AUTHORIZED to do certain actions, correct?)
Now, i was wondering 'where is the hook' so that aceci knows that user
is already been authenticated, and now it needs to be authorized.
Because i will need that hook in a J2ME client, so that my J2ME client
gets authenticated initially, and after that my app will check (via
acegi) if the authenticated user is authorized, instead of checking
authentication for every request.
is there a  link between acegi and HttpSession?
thanx in advance and regards
   marco


On 5/22/05, Ben Alex [EMAIL PROTECTED] wrote:
 Marco Mistroni wrote:
 
 hello all,
 i plan to use acegi as security framework for my webapplication...
 however i want to have also J2ME clients which will communicate using
 SOAP  API..
 will i have any problems for that?
 i want to avoid J2ME client to login all the time
 has anyone any idea on how can i achieve that?
 
 
 
 Hi Marco
 
 Sorry, I haven't done any work with J2ME, so I'm not in a position to
 answer your questions. I am actually a little curious about this myself,
 especially as I had read SOAP was too heavy-weight to use in small
 footprint devices like J2ME platforms...
 
 Does any else on this list have any J2ME experience?
 
 Cheers
 Ben
 
 
 ---
 This SF.Net email is sponsored by Oracle Space Sweepstakes
 Want to be the first software developer in space?
 Enter now for the Oracle Space Sweepstakes!
 http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
 ___
 Home: http://acegisecurity.sourceforge.net
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12alloc_id344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Acegi J2ME client

2005-05-22 Thread Ben Alex 

Marco Mistroni wrote:


is there a  link between acegi and HttpSession?
 


Hi Marco

Yes, there is.

Internally Acegi Security uses a ContextHolder (SecurityContextHolder 
from 0.9.0 and current CVS) for all of its interactions. It's just a 
ThreadLocal. So the various authentication mechanisms (BASIC, Digest, 
CAS, form etc) put an Authentication object into the ContextHolder, and 
Acegi Security retrieves it from there whenever required.


HttpSessionContextIntegrationFilter is responsible for copying the 
contents between the ContextHolder and the HttpSession at the start and 
end of each web request. As such, if your J2ME system is able to 
maintain the standard jsessionid or cookie-based session identifier, you 
shouldn't have any problems.


HTH
Ben


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Acegi J2ME client

2005-05-21 Thread Marco Mistroni 
hello all,
i plan to use acegi as security framework for my webapplication...
however i want to have also J2ME clients which will communicate using
SOAP  API..
will i have any problems for that?
i want to avoid J2ME client to login all the time
has anyone any idea on how can i achieve that?

thanx in advance and regards
   marco


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12alloc_id344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Acegi J2ME client

2005-05-21 Thread Ben Alex 

Marco Mistroni wrote:


hello all,
i plan to use acegi as security framework for my webapplication...
however i want to have also J2ME clients which will communicate using
SOAP  API..
will i have any problems for that?
i want to avoid J2ME client to login all the time
has anyone any idea on how can i achieve that?

 


Hi Marco

Sorry, I haven't done any work with J2ME, so I'm not in a position to 
answer your questions. I am actually a little curious about this myself, 
especially as I had read SOAP was too heavy-weight to use in small 
footprint devices like J2ME platforms...


Does any else on this list have any J2ME experience?

Cheers
Ben


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer