RE: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations
Yes, I'm aware that certain providers might not have the right hooks for all the checks we do, but in our case we are using Jaas alongside with our own implementation of a Provider to create an custom UserDetails object, and rather than copy/paste the checks against UserDetails that are performed in the DaoAuthenticationProvider, I thought it would be put to better use by making that specific part of code accessible for other classes to use if needed. I will file a JIRA issue on it today. Thanks! -tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ray Krueger Sent: Saturday, March 25, 2006 8:51 AM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations That isn't really possible for the JaasAuthenticationProvider without Jaas Provider specific hooks. The Jaas LoginModule interface doesn't provide isAccountNonLocked style accessors. On 3/25/06, Ben Alex [EMAIL PROTECTED] wrote: Tim Kettering wrote: Maybe it'd be useful if those checks found in DaoAuthenticationProvider be made available as a pluggable component that other AuthenticationProviders can utilize? Hi Tim If you please add it to JIRA, I'll make a static method that accepts a UserDetails and throws an appropriate AuthenticationException based on its state. Best regards Ben --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=kkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations
Tim Kettering wrote: Maybe it'd be useful if those checks found in DaoAuthenticationProvider be made available as a pluggable component that other AuthenticationProviders can utilize? Hi Tim If you please add it to JIRA, I'll make a static method that accepts a UserDetails and throws an appropriate AuthenticationException based on its state. Best regards Ben --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations
Heya Tim. The JaasAuthenticationProvider doesn't use UserDetails at all. It uses Jaas, and Jaas LoginModules. The JaasAuthenticationProvider essentially leaves all the can this guy login? logic up to the LoginModule, and then reacts to any LoginException that might be thrown. On 3/23/06, Tim Kettering [EMAIL PROTECTED] wrote: Hey all, Can someone (Ben?) explain if it is expected to check the various UserDetails states such as isAccountNonExpired(), isAccountNonLocked(), isCredentialsNonExpired(), and isEnabled() in a AuthenticationProvider? This seems to be applied inconsistently... We had originally been using DaoAuthenticationProvider, which in its code does those checks, then we switched over to the JaasAuthenticationProvider and after seeing some logins that occured that shouldn't have occured, I tracked down the issue to JaasAuthenticationProvider not doing those checks at all. Looking at CasAuthenticationProvider, this seems to not either. Maybe it'd be useful if those checks found in DaoAuthenticationProvider be made available as a pluggable component that other AuthenticationProviders can utilize? Thanks, -tim --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations
Hey all, Can someone (Ben?) explain if it is expected to check the various UserDetails states such as isAccountNonExpired(), isAccountNonLocked(), isCredentialsNonExpired(), and isEnabled() in a AuthenticationProvider? This seems to be applied inconsistently... We had originally been using DaoAuthenticationProvider, which in its code does those checks, then we switched over to the JaasAuthenticationProvider and after seeing some logins that occured that shouldn't have occured, I tracked down the issue to JaasAuthenticationProvider not doing those checks at all. Looking at CasAuthenticationProvider, this seems to not either. Maybe it'd be useful if those checks found in DaoAuthenticationProvider be made available as a pluggable component that other AuthenticationProviders can utilize? Thanks, -tim --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer