CJ wrote:
> Scenario is: an Administrator disables or deletes a user account, while the
> user
> is logged in. The user's Authentication should be revoked from that moment on.
> What is the recommended approach for this in Acegi?
I'd suggest forcing reauthentication for each secure object request
Hi Ben,
thank you for your response.
I would have a couple of comments to your answers:
1) PermissionConverter (or PermissionBuilder) should look something like:
Since we expect people to inject their own Permission(s) one doesn't
know the exact implementation class, thus it needs to be provid
