[Acegisecurity-developer] Question about AbstractSecurityInterceptor

Hi, I am exploring AcegiSecurity by following the contacts sample application. I observed that in AbstractSecurityInterceptor.beforeInvocation method authenticationManager.authenticate is being called for every request. Why is it? Can it be optimized to check if authentication is already done and

[Acegisecurity-developer] Suggestion to optimize BasicAclEntryAfterInvocationCollectionFilteringProvider

Hi all, I'm testing ACL on acegi with the following scene: Application Contacts with 10010 contacts. Where dianne have access to 4 conctacts scott have access to 5 contacts marissa have access to all contacts When I run getAll() , this (with cache) I obtain following execution

Re: [Acegisecurity-developer] runas without authentication

Brian Moseley wrote: it seems like the runas facilities might be able to give me what i want. is there a way to set up acegi security so that the http request itself is not authenticated but runas is used specifically only for the repository login? Hi Brian Run-as replacement is more often used to

Re: [Acegisecurity-developer] Question about AbstractSecurityInterceptor

Venkat Sonnathi wrote: Hi, I am exploring AcegiSecurity by following the contacts sample application. I observed that in AbstractSecurityInterceptor.beforeInvocation method authenticationManager.authenticate is being called for every request. Why is it? Can it be optimized to check if

RE: [Acegisecurity-developer] Question about AbstractSecurityInterceptor

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Tuesday, May 17, 2005 6:00 PM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Question about AbstractSecurityInterceptor Venkat Sonnathi wrote: Hi,

Re: [Acegisecurity-developer] Question about AbstractSecurityInterceptor

Mansoor, Ghazenfer (EDS) wrote: How about adding this check at one central place, AuthenticationManager? I am doing this and I do not see any problem. I set the authenticate to true after successful authentication, and check for isAuthentication() before every call. What sets your

Re: [Acegisecurity-developer] DaoAuthenticationProvider: Ordering of exceptions...

Wesley Hall wrote: So in conclusion, I am suggesting a change of order to... username valid? account locked? password correct? account enabled? account expired? password expired? Does this make sense? Am I missing anything else? I agree, that makes sense. I have made the change in CVS. Thanks Ben

Re: [Acegisecurity-developer] Suggestion to optimize BasicAclEntryAfterInvocationCollectionFilteringProvider

Paulo Neves wrote: My suggestion is, if we optimize time to remove domain objects we optimize a lot all process. Hi Paulo To make it easier to discuss and reproduce scalability related issues with the ACL packages, I've modified the Contacts sample to automatically create 1,000 extra Contacts