RE: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations

[Tim Kettering]

Yes, I'm aware that certain providers might not have the right hooks for all
the checks we do, but in our case we are using Jaas alongside with our own
implementation of a Provider to create an custom UserDetails object, and
rather than copy/paste the checks against UserDetails that are performed in
the DaoAuthenticationProvider, I thought it would be put to better use by
making that specific part of code accessible for other classes to use if
needed.

I will file a JIRA issue on it today.

Thanks!

-tim


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ray Krueger
Sent: Saturday, March 25, 2006 8:51 AM
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] checking for invalid user accounts in
AuthenticationProvider implementations

That isn't really possible for the JaasAuthenticationProvider without
Jaas Provider specific hooks. The Jaas LoginModule interface doesn't
provide  isAccountNonLocked style accessors.

On 3/25/06, Ben Alex [EMAIL PROTECTED] wrote:
 Tim Kettering wrote:
  Maybe it'd be useful if those checks found in
  DaoAuthenticationProvider be made available as a pluggable component
  that other AuthenticationProviders can utilize?
 
 
 
 Hi Tim

 If you please add it to JIRA, I'll make a static method that accepts a
 UserDetails and throws an appropriate AuthenticationException based on
 its state.

 Best regards
 Ben


 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting
language
 that extends applications into web and mobile media. Attend the live
webcast
 and join the prime developer group breaking into this new coding
territory!
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
 ___
 Home: http://acegisecurity.org
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=kkid0944bid$1720dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations

[Ben Alex]

Tim Kettering wrote:

Maybe it'd be useful if those checks found in
DaoAuthenticationProvider be made available as a pluggable component
that other AuthenticationProviders can utilize?


  

Hi Tim

If you please add it to JIRA, I'll make a static method that accepts a 
UserDetails and throws an appropriate AuthenticationException based on 
its state.


Best regards
Ben


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations

[Ray Krueger]

Heya Tim.
The JaasAuthenticationProvider doesn't use UserDetails at all. It uses
Jaas, and Jaas LoginModules. The JaasAuthenticationProvider
essentially leaves all the can this guy login? logic up to the
LoginModule, and then reacts to any LoginException that might be
thrown.

On 3/23/06, Tim Kettering [EMAIL PROTECTED] wrote:
 Hey all,

 Can someone (Ben?) explain if it is expected to check the various
 UserDetails states such as isAccountNonExpired(),
 isAccountNonLocked(), isCredentialsNonExpired(), and isEnabled() in a
 AuthenticationProvider?  This seems to be applied inconsistently...

 We had originally been using DaoAuthenticationProvider, which in its
 code does those checks, then we switched over to the
 JaasAuthenticationProvider and after seeing some logins that occured
 that shouldn't have occured, I tracked down the issue to
 JaasAuthenticationProvider not doing those checks at all.  Looking at
 CasAuthenticationProvider, this seems to not either.

 Maybe it'd be useful if those checks found in
 DaoAuthenticationProvider be made available as a pluggable component
 that other AuthenticationProviders can utilize?

 Thanks,

 -tim


 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642
 ___
 Home: http://acegisecurity.org
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] checking for invalid user accounts in AuthenticationProvider implementations

[Tim Kettering]

Hey all,

Can someone (Ben?) explain if it is expected to check the various
UserDetails states such as isAccountNonExpired(),
isAccountNonLocked(), isCredentialsNonExpired(), and isEnabled() in a
AuthenticationProvider?  This seems to be applied inconsistently...

We had originally been using DaoAuthenticationProvider, which in its
code does those checks, then we switched over to the
JaasAuthenticationProvider and after seeing some logins that occured
that shouldn't have occured, I tracked down the issue to
JaasAuthenticationProvider not doing those checks at all.  Looking at
CasAuthenticationProvider, this seems to not either.

Maybe it'd be useful if those checks found in
DaoAuthenticationProvider be made available as a pluggable component
that other AuthenticationProviders can utilize?

Thanks,

-tim


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer