Adnaan
I'm not sure why (do) tested successfully for that regular expression, as
brackets are subexpression operators. Anyway, the regular expression I'd
suggest you try is:
.*do.*
Best regards
Ben
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> On Behalf
> i would be greatly interested to see how you integrated
> acegisecurity and slide.
I wrote an EmbeddedDomainBean which wraps Slide's EmbeddedDomain. This
allows you to setup your Slide namespace via Spring application contents,
which is nice.
I'm using the Postgres RDBMS store rather than the
Hi Chris
> Hi all, i am new to acegi security framework and i wonder how
> you handle instance level permission ( the doc illustrates
> role based and owner-owned based permission) when someone has
> a permission on a specific instance.
As I know the SF archives are a bit unreliable, I'll incl
Hi Patricio
We're already using it for internal projects, and as the foundation for a
commercial webapp that will be released in about three months. Other users
may be able to provide specific sites etc already in production you can go
visit. If reliability is a concern, we've had several releases
> I'm starting to use/evaluate acegisecurity for some project,
> and here are my impressions so far on the cfg complexity.
Welcome! :-)
> I'm not sure I understand for what is "Run-As Authentication
> Replacement", and why I need it in my cfg.
> If not defined it throws:
> java.lang.IllegalArgu
Hi Andreas
> I'm using Acegi Security 0.5 with a Hibernate based
> AuthenticationDao implementation. I'd like to save "date of
> last login" and "nr. of logins"
> in a user's profile.
>
> Where do I best plug in to catch this information? In the
> AuthenticationDao when preparing the User obje
Hi Steve
> I did not see an actual user mailing list or forum.
> Should user queries be directed here? Or maybe the Spring list/forum?
We prefer user questions to go to springframework-user, but someone will
help you irrespective of where you post.
Best regards
Ben
--
Hi Patrick
> Question 1:
> I would like to implement security over NT using acegi.
> I have access to the currently logged user (username, SID,
> group names, group SIDs). So the authentication has nothing
> to do except gathering the informations (the authentication
> has been done when logging
> > It really isn't crucial, unlike the other collaborators used by
> > AbstractSecurityInterceptor. I'm happy to add null detection so
> > RunAsManager-related code is skipped if the property is null. Does
> > anyone have any concerns with this?
>
> Ouch ! Don't do that ! This would be hor
g
itself offers existing interfaces and implementations in this area.
Best regards
Ben
From: tmjee [mailto:[EMAIL PROTECTED]
Sent: Saturday, 8 May 2004 12:28 PM
To: ben alex
Subject: Tapestry Security Integration
Hi Tmjee
> Thanks for the reply. I cannot seems to access the developers
> archieve. It gives me the following errors.
>
> "Either your mailing list name was misspelled or your mailing
> list has not been archived yet. If this list has just been
> created, please retry in 2-4 hours"
The joys
Hi Mike
> When attempting to redeploy my application using JBoss 3.2
> and Tomcat 5.
> Would it be possible to make GrantedAuthorityImpl Serializable?
Done. GrantedAuthorityImpl is now serializable in CVS HEAD.
Best regards
Ben
---
This SF.
Hi everyone
An alternative mailing list archive is now available at
www.mail-archive.com.
Direct URL:
http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/
I've also added a link from the Acegi Security home page.
Best regards
Ben
--
Hi Mike
> So after 5 min of study let me revise me proposed configuration. :)
> I guess I will be using CAS's login form which is fine. So that
> elimitates the requirement for Acegi authentication filters.
> JBoss probably can't setup CAS as its AuthenticationManager so
> perhaps it could pr
Hi Jean
> Thank you so much ! I had not expected such a complete,
> accurate - and fast ! - answear :)
>
> If I may go further, I have a few more questions.
>
> I want to allow users to access Slide from a web frontend
> (actually a customized Jetspeed portal), from a 'heavy'
> (client side)
Hi Mike
> >The only thing you gain by going through all of this is EJB
> declarative
> >security.
>
> Correct me if I'm wrong but another reason might be for
> propagation of security information to a remote EJB? This is
> mainly what I need to integrate with container managed
> security f
> I had my filterInvocationInterceptor misconfigured.
> Aperantly if you pu
> tyour objectDefinitionSource property values in a single line like:
> They need to be like:
Thanks for pointing this out Chris. The relevant property editor uses new
lines to delimit each instruction. In addition, you
Hi Mike
Give this a try, and if it works, I'll commit it to CVS:
Edit net.sf.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache...
Add method:
public void destroy() throws Exception {
manager.removeCache("ehCacheBasedTicketCache");
}
Add the DisposableBea
Hi
I've just committed several changes to CVS including:
- Event support (for enabling account lockout and audit logs)
- Authentication now stores extra request details (usually IP address)
- EhCacheBasedTicketCache closes cache at shutdown
Unit tests and integration tests pass fine, although co
> is it possible to upload 0.51, once released, to ibiblio for
> maven builds.
I looked at Maven integration a few months back, but put it off due to a
lack of time. Is anyone out there willing to write a Maven build file for
Acegi Security?
Ben
---
> Documentation generation is about the only thing I can think
> of. Just to put it up on iBiblio requires only the jar file
> produced by the ant build, you don't need Maven for that...
OK, will we be uploading as per
http://maven.apache.org/repository-upload.html? In that case, what do we put
Hi Luke
> I can take a look at running a Maven build alongside the
> Spring one on Monkey Machine if you want. It would be nice to
> have it a set of up-to-date reports online for reference.
> I've been meaning to have a look at the project for some time
> now and my current job only has 5 day
> have you considered providing XACML and RBAC support in Acegi?
I did look at similar standards during the design phase of Acegi. Not all of
them, but certainly quite a few.
I ended up going with a solution that would fit our internal needs but be
reasonably extensible/pluggable. I'd certainly w
Hi Colin
> I think we need to change the existing code which does something like:
> response.sendRedirct(x)
> to
> response.sendRedirect(response.encodeRedirectURL())
I just committed changes that do this. I left out the CAS entry point, as it
redirects to a different context or web s
> Does anyone actually use XACML in practice? It seemed pretty
> complicated when I looked at it and I couldn't see any
> benefits for our project.
Exactly why I gave it a miss. :-)
It's a bit like comparing CAS and Project Liberty. The former is an elegant,
simple solution you can get your he
I have been considering the DaoAuthenticationProvider caching approach and
think we should change it. At present the cache depends on a
DaoAuthenticationToken being present in a user session. The problem with
this is BASIC authentication is stateless, meaning the
DaoAuthenticationToken is never ava
> The problem with this is BASIC authentication is
> stateless.
Sorry, of course the BASIC authentication approach itself doesn't have
state, but applications using it (such as the Spring Burlap client class,
Windows Explorer using WebDAV to access a Jakarta Slide servlet etc) often
ignore the j
> I guess it'd be pretty hard to replace the use of the token
> only for Basic authentication actually.
>
> I was trying to think if there were any issues w/regards to
> clusters (with replicated sessions). In the case of getting
> rid of the token in the session, on a failover and switch to
I've just checked into CVS the changes that were discussed on-list. I ended
up removing the DaoAuthenticationToken. The reference guide has also been
updated.
Best regards
Ben
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on
Hi Bob
I can't see why a custom ObjectDefinitionSource would
not work. You'll need to come up with your own property editor syntax to match
the dynamic pointcut method names and argument values against respective
configuration attributes.
Please let me know how you go.
Best regards
Ben
Dear Spring Community
I'm pleased to announce the Acegi Security System for Spring release 0.51 is
now available from http://acegisecurity.sourceforge.net. The project
provides comprehensive security services for The Spring Framework.
FEATURES:
* It is ready NOW
* Easy to use and deploy (include
Hi
There is no container adapter for Websphere. This is because I am not aware
of anyone having written one. Writing a container adapter is pretty easy.
It's typically one class that implements the target container's particular
authentication interface, and you can use one of the existing containe
Hi Shishir
> How do I access some attributes (like email Id's etc )on the
> my User object in addition to the userName, password and
> granted authorities as existing on the ACEIG User object, .
> Right now, I am querying the database and getting my User
> object separate from the Authenticati
> Since getPrincipal already has a signature of Object, why
> can't it be allowed to store the user object sans password
> instead of only the user name as string. Then in my provider,
> I can prepare my user object in anyway I like, whether it be
> string (user name) or an object with some in
> Also, do you think this would be a correct to do:
>
> Have a User Interface with the three methods as existing in
> the current User Object Create a DefaultUserImpl (same as the
> existing User Object )for this interface for simple use cases.
>
> Users can then implement/extend this User I
I don't think password synchronisation would be a common enough use case to
add to Acegi Security. Although I'm open to others' views as well, though...
The way I'd approach this is to embody all of the logic inside the
AuthenticationDao. Your AuthenticationDao can maintain its own "backup" list
o
Hi Carlos
> Hi Ben,
>
> I'd like to know if you agree with the uploading of
> acegisecurity jars to maven repository at ibiblio.org so they
> are available in maven automatic dependency management system.
>
> If you agree I'll make the upload request for you and you
> only need to check acegi
Hi Karel
> 1) when passwordEncoder is used with
> DaoAuthenticationProvider it is impossible to login. In the
> first call into the PasswordEncoder it is OK, but on the
> subsequent calls there are passed the encoded passwords into
> both encPass and rawPass arguments, so it fails (=> it is OK
> Is there an easy way how can the GUI ask a secured bean if an
> operation will be permited or not? Because according to the
> result it will allow logged user to for example modify some
> items or show them read only.
> Do I have to implement the same access logic (as in voters)
> again in my
My apologies to the non-Windows users out there, but there is an ant.bat in
the root of the project which sets to use the Ant and Clover JARs in lib/ant
and lib/clover respectively. You might need to use something similar or copy
the Clover JAR into $ANT_HOME/lib.
SourceForge has notorious problem
Hi Mark
My container is Jetty. I just added the following code above the block you
quoted from AbstractProcessingFilter:
logger.debug("REQ url: " + httpRequest.getRequestURL());
logger.debug("REQ servlet path: " + httpRequest.getServletPath());
logger.debug("REQ context path: " + httpRequest.getC
Hi Karel
> Why I cannot create my own voters based on just the
ConfigAttributeDefinition or for example
> IP address from which the request comes? I think that authorized user is
needed only for
> RoleVoter.
If you need IP address restrictions or similar which are not specific t
> Thank you very much for the explanation. Just another
> possible solution occurred to me:
>
> 1) to define "ask" functions like this in secured beans:
>
> public boolean canModify(MyBean obj) {
> return true;
> }
> public boolen canInsert() {
> return true;
> }
>
> 2) apply to those func
> > > Thank you very much for the explanation. Just another
> > > possible solution occurred to me:
> > >
> > > 1) to define "ask" functions like this in secured beans:
> > >
> > > public boolean canModify(MyBean obj) {
> > > return true;
> > > }
> > > public boolen canInsert() {
> > > return
> try this: In your Contacts example application I have done
> those changes in
> applicationContext.xml:
>
> 1) changed the password of marrisa to be MD5 encrypted
> 2) added passwordEncoder bean
> 3) used this passwordEncoder in daoAuthenticationProvider
Hi Karel
Yes, indeed it is a bug in 0
> Thanks for the fast fix!
> Hmmm, I'm a bit disappointed, because I wanted to propose you
> the same fix.
> I have made it, rebuilded my acegi-security.jar, placed it
> into container, tried to run it and it doesn't help :(( I'm
> still a Java rookie. :-/
>
> (just a note to our GUI thread: my
Hi everyone
The Acegi Security System for Spring (http://acegisecurity.sourceforge.net)
uses HttpServletRequest getters in a filter. I do all the development of the
project using Jetty, but we've had a report of problems with WebSphere
5.1.1. I'm writing to the Jetty list in the hope of gaining so
Thanks to Carlos Sanchez for providing an initial Maven build file. I've
just checked it into CVS along with some required changes to library names.
Would others running from CVS please check if this works. As previously
stated, I haven't used Maven before. It seems to build the main JAR
correctly
Hi Shishir
> When the session expires, the login screen comes up (if I try
> to click some link). However, it tries to redirect me (as it
> should) to the page that I was trying to access. Since I was
> storing some objects in the session to display in this new
> page, they are no longer the
Hi Mark
I'd prefer an exact match, but given the containers don't provide a
HttpServletRequest getter which consistently can be used for an exact
comparison, we'll have to do some String VooDoo.
A slightly more restrictive alternative (in that it would fire incorrectly
less often) would be:
http
Hi Shishir
> I think ignoreRedirectUrl is good idea.
>
> Enhancing on that, would it make sense to have a property
> type attribute , which will have a key URL and the URL that
> needs to be redirected to.
> If the existing URL ends with any one of the above, then
> redirect to the valid url
Hi Colin
> Ben, I've been very very busy the last while so I only had a
> chance today to try the 0.51 release. I was previously using
> the CVS HEAD version from around May 27th, which is a couple
> of days before you reworked the user caching code.
>
> There seems to be a problem when digest
Hi Alex
Acegi Security has no ties to Spring MVC. You should be able to use Struts.
The filter invocation security handler will secure your URL requests fine,
and the method invocation security handler will work for your business
methods.
HTH
Ben
From:
XM-Ong Eng Wee wrote:
Hi Ben,
we are currently using the acegi security system to do some development work on Tomcat
5.0. Everything worked fine until
we tried porting our codes over to Websphere 5.1. I did a search on the mailing list
and it seems
that we have run into the problems described in
Mike Youngstrom wrote:
Here is a simple patch for a problem I was having trying to
authenticate with Jameleon using CAS. For some reason Jameleon was
stripping one of the / in the protocol part of my full service URL.
So I added URLEncoder to the service parameter of
CasProcessingFilterEntryP
Karel Miarka wrote:
<>Hello,
I also vote for adding the possibility to have an access to a
full-app-specific-User object from an Authentication. I see it very
usefull
in my custom security voters:
1) some decisions must be based on another user properties than the
username
and it may be complicat
Karel Miarka wrote:
Yes, I agree it's worthwhile to have the User object available from an
Authentication. I think we got to the point of agreeing it would be
returned from Authentication.getCredentials() and I asked if this would
cause concerns for anybody. I didn't receive any feedback, so I
Scott Evans wrote:
Actually, the default implementation of
isAuthenticationCorrect(authentication, user) could be the code found
in the current isPasswordCorrect method.
For the filter, I think it might make more sense it just create a new
one rather than adding a hook for subclasses to instant
Joseph Schmoley wrote:
First let me say that I'm thoroughly impressed with the work you guys
have done in designing and coding the Acegi Security Framework. Thank
you (from all of us) for all that hard work. I've implemented a web
app using it but have a question regarding the ChannelProcessin
Randy Thornton wrote:
I have provided my own AuthenticationDao implementation for my users and
groups. I have my own user and group implementation that have data other
than username, password, and capabilities. It would be nice if I could
subclass off of User instead of having to create a new Use
Mark St.Godard wrote:
Hi Ben,
The code snippet I sent a few weeks back did work on both Tomcat and
Websphere 5 for me.
http://www.mail-archive.com/[EMAIL PROTECTED]/ms
g00118.html
Essentially using something like this in AbtractProcessingFilter's
doFilter()
if ( httpRequest.getRequestURL().toString
Randy Thornton wrote:
I am using hibernate to save my user objects. It needs public getters and
setters and also a default constructor. Obviously I have worked around all
this, but it would be much nicer to subclass.
Thanks
Hi Ryan
Ah, Hibernate.
To date I've had classes relying on User expec
Joseph Schmoley wrote:
I took a look at InsecureChannelProcessor and there's no
response.sendRedirect() happening in there. It's delegating those
types of calls to the entryPoint.commence() methods. So I guess it's
the RetryWithHttpEntryPoint that I need to extend and provide my own
commence(
Karel Miarka wrote:
I have downloaded and built the current CVS version and run all my
application test agains it. Everything is OK except one little backward
incompatibility:
when my old code (custom AccessDecisionVoter or Tapestry Engine) needs to
get the username of logged in user it calls auth.
Randy Thornton wrote:
That is the best answer. Thanks.
If nobody has any concerns or objections, I'll make this change later
today. I'll leave User as the concrete implementation so nobody's
existing code breaks, whilst creating a UserDetails interface.
Just checked it the refactoring of U
Scott Evans wrote:
I wonder if you might consider putting the current release's javadocs
up on the project's home page?
I'd like to place a link directly to it in the javadocs for the
application that I am using acegi in.
--
Joseph Schmoley wrote:
Ok Ben, I understand now. Except for one minor point... It's exactly
the other way around from what you suggest. The problem isn't from
HTTP to HTTPS, it's from HTTPS to HTTP. So I'd have to write a
JavaScriptRetryWithHttpEntryPoint.java and wire it in. I'll go ahead
Colin Sampaleanu wrote:
I can't speak about the release, as Ben has actually done all of those
(and after a spurt of code and suggestion in April, I' ve actually
been too busy to do much with Acegi anyways, aside from just using it
of course). W/regard to making it "the" security component for S
Joseph Schmoley wrote:
Where in the Acegi framework can I plug in a piece of code to be
called upon successful Authentication? I need a couple of things to
be placed onto the session after a user has been successfully
authenticated into our system.
I took a look at
net.sf.acegisecurity.ui.we
Scott Evans wrote:
Ben wrote:
-snip-
Ive made isPasswordCorrect protected (see CVS).
You should be able to subclass DaoAuthenticationProvider,
override this method, and achieve the desired functionality.
-snip-
Thanks for doing this but I had problems with the Authentication object that DaoA
Andy Depue wrote:
I'm using Spring + Acegi and I would like to use a custom SecureContext in my
web app (basically, it would extend SecureContextImpl and provide additional
context for my app). Unfortunately, it appears that
AbstractIntegrationFilter has a hardcoded instantiation of SecureConte
Scott Evans wrote:
Hi Ben,
I didn't have any issues with adding a protected
createSuccessAuthentication method for subclasses of
DaoAuthenticationProvider. I also think it would be
easier for future maintainer's of my code to
understand the subclass rather than the interceptor.
With the interceptor
Steve wrote:
I'm considering using Acegi for a project, but I'd like to find out a
bit more. Can you give me an idea of how Acegi fits into the J2EE
picture with regard to JAAS? The client requires J2EE "compliance" for
all new applications. That doesn't mean we have to use J2EE APIs for
everyt
Indra Gunawan wrote:
Hi all,
First, sorry if this question is too basic and simple... but I really
already gave up on this. I have a servlet called TestServlet and is mapped
into /testservlet.do ... nothing special. Then I add security constraints
needed to protect it ...
Secured Area Secu
Julien Herfurth wrote:
Julien Herfurth wrote:
Hello,
I've made a simple setup with Acegi security and CAS. When I try to
access a secured object
(in my case a method of a dao), the browser is redirected to the cas
login page as expected, but
when the browser is redireted back to
https://localhos
Julien Herfurth wrote:
Hello Ben,
I use the 0.51 release in which I put some logging lines. That is the
TicketResponse.getProxyGrantingTicketIou()
that return an empty string that causes the exception to be thrown.
When I comment out the test
"".equals(proxyGrantingTicketIou) at line 69 into
Cas
[EMAIL PROTECTED] wrote
How do I get around this? I can see 2 ways - either having something
like:
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/security/**=
/**=ROLE_ALLOWED_USER
but this doesn't seem to wor
Scott Evans wrote:
I've enabled EL support for the authz tag. We pull
content items from a CMS for display. The content
items will have ifAllGranted, ifAnyGranted, and
ifNotGranted attributes which with EL we can pull at
Hi Scott
François Beausoleil looks after the taglib area of the code, so wo
In relation to the Tapestry integration, this comes up a lot. If someone
actually using Tapestry has a working implementation and would be
willing to maintain it (ie CVS access, reference documentation section,
responding to questions on the mailing list), I would be happy to add it
to the proj
Andy Depue wrote:
I solved my problem by not using encoded passwords - now everything is working
as expected... this will work during development, but won't be an option when
we deploy. It appears that my version of Acegi has a bug concerning encoded
passwords (see my previous post for details)
Hi Mike
[EMAIL PROTECTED] wrote:
I'm using cas for authentication and I'd like to be able to take advantage
of the new UserDetails inteface on the client side. Correct me if I'm
wrong but if I were using the DaoAuthenticationProvider I'd simply
overload the createSuccessAuthentication to return m
Joseph Schmoley wrote:
Did you ever receive this piece of mail from me? I never received a
reply to it. Thanks.
Hi Joseph
Yep, I did reply:
http://article.gmane.org/gmane.comp.java.springframework.acegisecurity.devel/141/match=authentication+callback
Best regards
Ben
-
Patrick Burleson wrote:
It would appear to me that the Authentication isn't Serializable and
thus gets rejected from my session on Weblogic (well, I get a warning
that it will be upon redeployment). Is this intentional?
Hi Patrick
I've just made Authentication Serializable in CVS HEAD.
Best rega
Mike Youngstrom wrote:
Maybe I'm missing something but it appears that the only CAS and
AuthenticationDao integration point is in the DaoCasAuthoritiesPopulator
in "getAuthorities" method where it appears to only load the user in
order to get the authorities().
Maybe I should ask my question this w
Daniel Washusen wrote:
Hi All,
I've been mucking around Acegi for a few days now and I'm curious the
the "ROLE_" prefix, that, as far as I can tell is mandatory. Can
anyone confirm this?
If I make my role deffinitions look like "/secure/**=ROLE_BLOGGER" it
seems to work fine, but if I specifiy a r
Hi Mark
[EMAIL PROTECTED] wrote:
Ben,
I have been a Spring user for sometime now and am starting to investigate
Acegi Security. I am having trouble replying to the developer-list
subscription so I thought that I would email you directly if you do not
mind this once. My reply to the subscription k
Hi Shishir
Shishir K. Singh wrote:
Same goes for forcePrincipalAsString.
There is already an isForcePrincipalAsString() method.
-Original Message-
From: Shishir K. Singh
Sent: Tuesday, July 13, 2004 10:15 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Acegisecurity-developer] Is Authentica
Patrick Burleson wrote:
Thank you very much. Going to test it out today. Any ideas on the
schedule for 0.6?
Hi Patrick
Acegi Security 0.6 will be released very soon. I'm just awaiting a
Spring 1.1 RC to check everything still works.
Best regards
Ben
---
Patrick Burleson wrote:
I posted the following question to the Sitemesh list. Thought I would
see if anyone here also had any experience getting Acegi and Sitemesh
to play nice together.
-
Hello all,
I am working on an project that is using Sitemesh for decorating
pages.
Indra Gunawan wrote:
Hi all,
I want to implement the security authentication using Hibernate? But seems
that I can't find one class that support it should I extends from
HibernateDaoSupport class of Spring framework and implements
AuthenticationDao ? or do I miss the support class ?
TIA
Indra
Patrick Burleson wrote:
Well, I figured out why I am getting extra requests. Weblogic reruns
the filters when RequestDispatcher.include() is invoked. SiteMesh does
this in its PageFilter class.
I have noticed a work around for this silly behavior (which becomes
configurable in the 2.4 servlet spec)
Mike Youngstrom wrote:
Option 1 would work fine for my case...but I could also survive with
option 3 if you think option 1 would compromise the architecture in an
unfavorable manner. :)
Hi Mike
Just checked into CVS HEAD option one. Please let me know if further
changes are required, or if this
Patrick Burleson wrote:
On Wed, 14 Jul 2004 08:24:25 +1000, Ben Alex <[EMAIL PROTECTED]> wrote:
I'm just wondering why Acegi Security fails on the second pass. Your
earlier email mentioned a null gets put into the SecureContext, but I'm
not sure how or why you're seeing th
[EMAIL PROTECTED] wrote:
First, thanks to Ben for helping me understand some of the Acegi internals.
My question revolves around using BASIC authentication with Acegi. First,
let me start by stating that I am not using HTML. I am using Flex which
uses a Flash client with SOAP requests. What I wa
Travis Gregg wrote:
I am having problems getting Acegi to work in BEA Weblogic 8.1
(perhaps the same problem Patrick is having). Any help or advice would
be appreciated.
My first problem is this: Bea doesn’t seem to load the Spring
ContextLoader Listener correctly. To get around this, I'm using
Travis wrote:
Patrick and Ben,
This patch fixed the BEA issues I had with my application as well as the
sample contacts application.
Thanks!
Travis
Travis, I'm pleased this fixed your problem.
Patrick, thanks very much for your patch and help. I've applied it to
CVS HEAD.
Thanks again
Be
[EMAIL PROTECTED] wrote:
Ben,
I had to force Basic authentication by modifying the BasicProcessingFilter
class so that the doFilter method sets the header field is set to "Basic "
if header is null. I know this is ugly, but the SOAP client (Flash
component) is not sending this value when the reque
[EMAIL PROTECTED] wrote:
Ben,
You were right. It was a problem with my securityEnforcementFilter bean
configuration. I see it now. Once I changed to the
basicProcessingFilterEntryPoint bean reference it worked. I also needed
your great explaination about SOAP authorization. I will be giving a
p
Patrick Burleson wrote:
Well, when working with my pages, I would want access to my actual
UserDetail type object. It would appear that while using the
DaoAuthenticationProvider, the only thing in the Context is the
UsernamePasswordAuthenticationToken. How would I get to the user's
info that I look
Hi Westley
Wesley Hall wrote:
Lets take the example of URL based security (The
FilterInvocationInterceptor). The mapping between the security role required
and the actual code that handles that URL invocation seems to be based on a
list of URL's and the roles required to access them. I can understa
1 - 100 of 646 matches
Mail list logo
