Re: [Acegisecurity-developer] Hello acegi developers

Luke Taylor wrote: I don't think it's right at the moment. It would probably have to use Carlos's "rootdir" setting http://jroller.com/page/carlossg/20041122#maven_multiproject_sharing_common_files to allow this directory to be included in all the subprojects. I think he's best placed to decid

Re: [Acegisecurity-developer] Work to Propogate Security Context across Remote Hessian calls?

Seth Ladd wrote: Hello, Has anyone done any work to propogate the security context across remote hessian calls? It seems very straight forward, and wanted to see if previous work had been done. Thanks very much, Seth Hi Seth No, it's not yet done. I was hoping we could automate it so that at th

[Acegisecurity-developer] Maven fixes

Luke Taylor wrote: I don't think it's right at the moment. It would probably have to use Carlos's "rootdir" setting http://jroller.com/page/carlossg/20041122#maven_multiproject_sharing_common_files to allow this directory to be included in all the subprojects. I think he's best placed to decid

Re: [Acegisecurity-developer] ACL Assistance and Questions

Matthew E.Porter wrote: Greetings. I am looking for some guidance on the ACL system and how to integrate it into our application. Furthermore, I plan to get the second article out for Javalobby within the next week or two. Any help is appreciated. In our application, we define domains (i.e.

[Acegisecurity-developer] Preparing for 0.7.0

Hi everyone I am happy to report that Ant has now been officially removed from CVS (along with /lib/*.jar). The Maven build is now performing well, and the web site at http://acegisecurity.sourceforge.net has been expanded to include Maven-specific instructions. The only outstanding issue is the

Re: [Acegisecurity-developer] Preparing for 0.7.0

Please checkout again from CVS. The reported problem has been fixed. Ray, you were right: it was related to Maven group names. "acegisecurity" is the correct group name for all artifacts. Best regards Ben --- SF email is sponsored by - The IT

Re: [Acegisecurity-developer] Preparing for 0.7.0

Amad Fida wrote: Now i getting following... test:test: [junit] Running sample.attributes.BankTests log4j:WARN No appenders could be found for logger (org.springframework.beans.factory.xml.XmlBeanDefinitionReader). log4j:WARN Please initialize the log4j system properly. [junit] Tests run: 2, F

Re: [Acegisecurity-developer] Preparing for 0.7.0

Amad Fida wrote: Yes it did work, I installed the plugin used by attributes by cd ACEGI_SECURITY/samples/attributes maven install-plugin I've updated http://acegisecurity.sourceforge.net/building.html with proper instructions that make it clear what's going on with the attributes plugin. Th

[Acegisecurity-developer] Acegisecurity + Spring richclient and different versions of spring jars

Amad Fida wrote: Ben, I am starting to use acegi in my spring-richclient project, the first problem i ran into was the different version of spring jars. Well I know you Acegi is using version 1.1.3 but I am not sure of versions used by spring-richclient as they need to update the versions.txt. You

Re: [Acegisecurity-developer] Preparing for 0.7.0

Aaron Tang wrote: "Figure 4: After Invocation Implementation " in section 1.8.1 should be "Figure 5" and others in turn :) Thanks Aaron, I've fixed this and made other documentation updates. Ben --- The SF.Net email is sponsored by: Beat the p

[Acegisecurity-developer] Roadmap towards Aceg Security official 1.0.0 release

Scott McCrory wrote: Ben, Just curious - what's your approach towards an eventual 1.0 release? I ask because technical managers, architecture review boards, etc. can misinterpret sub-1.0 versions as unstable, whereas even Acegi 0.6 most certainly is not! Thanks in advance, Scott Versi

Re: [Acegisecurity-developer] MSc Thesis on middle tier security

Vladimir Horev wrote: Hello list! I'm planning to write a MSc thesis on the subject of business tier security. My idea was to take part of some open source project (acegi) and develop some component that I could use in my thesis. Could you recommend me something on that? regards, Vladimir Hi Vl

Re: [Acegisecurity-developer] Roadmap towards Aceg Security official 1.0.0 release

Scott McCrory wrote: Ben, Excellent, sounds like a well thought-out plan towards 1.0. I'd recommend an "in-between" approach for the container adapters. I agree that including lightly-used, non-portable modules in the main distribution can lead to expectations that they be maintained as full

Re: [Acegisecurity-developer] Roadmap towards Aceg Security official 1.0.0 release

Sergio Berna wrote: I have added ExpirationDetails as a separate interface to keep backwards compatibility with existing code that implementes UserDetails. Hi Sergio Good to see backward compatibility is a priority, particular in such a sensitive (ie commonly-deployed and extended) area as Dao

Re: [Acegisecurity-developer] MSc Thesis on middle tier security

Sergio Berna wrote: Andy, I agree that filtering the method response is a fascinating area. The only problem I have always found on filtering a method response is that it doesn't scale properly when performance is an issue. I'm particularly thinking on Collections here, where the full collection ch

Re: [Acegisecurity-developer] Roadmap towards Aceg Security official1.0.0 release

Sergio Berna wrote: In fact I introduced them there first, but while modifying DaoAuthenticationProvider I realized that if people simply changed the acegi jar on their respective installations they would get a NoSuchMethodException and would be forced to modify their code implementing the 2 new me

Re: [Acegisecurity-developer] Re: [Springframework-developer] Roadmap towards Aceg Security official 1.0.0 release

Matt Raible wrote: Using container-managed authentication usually only requires a handful of lines in web.xml and a few more in a server-specific deployment descriptor. This makes me wonder if there's a simpler way to configure Acegi (consolidating filters?). Or maybe defaults can be set in a

Re: [Acegisecurity-developer] Roadmap towards Aceg Security official 1.0.0 release

Ben Alex wrote: For the small minority of people who have chosen NOT to extend User (which goes against our recommendations, but there are legitimate scenarios such as having a domain object that already represents the user), I don't think adding two methods to their implementation is goi

Re: [Acegisecurity-developer] maven and eclipse compatibility

Nadeem Bitar wrote: Is the new maven build compatible with eclipse? If i run maven -Dgoal=eclipse multiproject:goal, would i build able to import each subproject into eclipse and still have the root project inside eclipse? In Acegi Security everything is in the one Eclipse project, including th

[Acegisecurity-developer] Jboss adapter improvements

Sergio Berna wrote: Hey Ben, Yep I checked out latest version yesterday to incorporate changes and show everything done ;). The only thing left is the JBossLoginModule attached to this mail. I'm attaching the modified file and a patch for the latest repository version. Hi Sergio I've now checked

Re: [Acegisecurity-developer] MSc thesis on middle tier security

Johan Andries wrote: Vladimir Horev wrote: Hi all! Could you please explain me what lacks CAS that we need to write an additional single sign on system? In general, which features are you going to implement in near future? I mean, I have no strong preference, but I feel that a sample application

Re: [Acegisecurity-developer] How to implement the following 2 cases in webapp?

YH Cheng wrote: Hi all, I am deciding to use acegi as the login system for my webapp, and thinking about the customization I need to do in order to handle 2 requirements: 1. let user to switch HTTP or HTTPS - It's not related to acegi; but I am thinking about the implementation. SO JUST IGNORE TH

Re: [Acegisecurity-developer] How to implement the following 2 cases in webapp?

YH Cheng wrote: Anyway, I have a suggestion on this issue: I think the 'remember me' feature is so application-dependent, that it shouldn't be included in the acegi core. I think maybe we can develop a sub-project of acegi, which is intended to give some sort of special features (like 'remember me'

[Acegisecurity-developer] Away

Hi everyone I'm off on holidays for about a week. If others could keep an eye on this list and the Spring forum, it would be appreciated. Best regards Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edit

[Acegisecurity-developer] Acegi Security - new release 0.7.0

Dear Spring Community I'm pleased to announce the Acegi Security System for Spring release 0.7.0 is now available from http://acegisecurity.sourceforge.net. The project provides comprehensive security services for The Spring Framework. You can read about the features in detail at http://acegise

Re: [Acegisecurity-developer] Re: [Springframework-user] Acegi Security - new release 0.7.0

Ricardo Marin Matinata wrote: Hi, I (think) you are right about the use of AutoIntegrationFilter. Oops, sorry for the oversight. I've just updated CVS, which Monkey Machine uses for an automatic daily build and publish to SF. Best regards Ben -

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

bryan ( [EMAIL PROTECTED]) wrote: channelProcessingFilter=/* authenticationProcessingFilter=/* basicProcessingFilter=/* sessionIntegrationFilter=/* securityEnforcementFilter=/* +1, especially using the syntax shown ab

Re: [Acegisecurity-developer] Acegi jars at ibiblio

Carlos Sanchez wrote: Hi, I've uploaded all acegi artifacts at http://acegisecurity.sourceforge.net/maven/acegisecurity/ (jars, poms and licenses) to ibiblio. Now they're available http://www.ibiblio.org/maven/acegisecurity Carlos, just re the licenses, I'm not sure of what's normal but I thin

Re: [Acegisecurity-developer] Source zip/tarfile

Colin Sampaleanu wrote: I noticed that on SF (unless I'm missing it), there's actually no source archive for v0.70. It'd probably be a good idea to have one, so people can sync this up when stepping through code and the like... I've just added a Maven goal that will do that when releasing. The

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Ray Krueger wrote: I like the idea as well, my only question is (and I've been wondering this for a while), why do we target the class and not the bean name? targetClass net.sf.acegisecurity.FilterChain Instead of... targetBean filterChain There's no strong reason Ray. It's just mos

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Carlos Sanchez wrote: About the syntax, I looked at , that would suit here, but Spring application context don't allow beans as keys, maybe a lack of functionality? Just use a custom PropertyEditor that works at a String level. The PropertyEditor would identify name/value pairs, and create its

Re: [Acegisecurity-developer] method invocation not guarded when SecurityConfiguration forgotten

Joost de Vries wrote: Hi, I'm using acegi to guard the security of our service layer pretty much exactly like the BankManager sample. The annotations declare the authorisations. /** * @@SecurityConfig("ROLE_SUPERVISOR") * @@SecurityConfig("RUN_AS_SERVER") */ public void deleteSomething

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Carlos Sanchez wrote: Using my proposed syntax each filter configuration can be separated in different files and reused, furthermore there are many bean definitions that can be bundled with acegi out of the box. Spring is about using POJOs, avoiding complex hierarchies and interface implementation

Re: [Acegisecurity-developer] Proposed change to JaasAuthenticationCallbackHandler

Ray Krueger wrote: This is a concurrency issue. The quick fix is to wrap those two calls in a synchronized block. The real fix is to drop the setAuthentication method and modify the handle method to be handle(Callback, Authentication). As it is a contract change I wanted to check with the team firs

Re: [Acegisecurity-developer] Where to find retroweaver-1.0fcs.jar?

Seth Ladd wrote: Hello, I'm trying to build acegi with maven, and now it's time to find and download retroweaver-1.0fcs.jar. Unfortunately, ibiblio doesn't have it, and only version 1.1 is available from sourceforge (or so it seems). Google also doesn't know about it. Does anyone have a tip o

Re: [Acegisecurity-developer] Adding getUserPrincipal to ContextHolderAwareRequestWrapper

Seth Ladd wrote: Seth Ladd wrote: Hello, I'd like to propose we add getUserPrincipal to ContextHolderAwareRequestWrapper. We can return the Authentication, which itself is a Principal. I just checked in something similar to CVS, with consistent handling of nulls and a unit test. Best regards

Re: [Acegisecurity-developer] ACL and BeforeInvocationProvider ?

jw wrote: wouldn't it be nice to have a BeforeInvocation - security mechanism, for example to set some User-specific filter properties in a hibernate Query object, so only a specific set of domainobjects is fetched by the database AfterInvocation can only filter-out objects after all are fetched

Re: [Acegisecurity-developer] AbstractIntegrationFilter/HttpSessionIntegrationFilter design problem?

Andreas Schildbach wrote: I was just wondering why my HttpSessionIntegrationFilter does not save my custom user object to the next request... For my application, I have extended SecureContext to SecureUserContext, adding my domain object for users as a property. Looking at the source of Abstrac

Re: [Acegisecurity-developer] PostInvocation and Hibernate Sessions

Gavin Terrill wrote: We recently adopted Acegi Security for one of our enterprise products security requirement, and we will be facing the same issues, so this thread is very useful and timely. Thought out of the blue: instead of mutating the domain objects, would it be possible to wrap them up in

[Acegisecurity-developer] Re: acegi filters and RequestDispatcher include

Hi Sanjiv We don't use OncePerRequestFilter as it subclasses GenericFilterBean, which unfortunately is designed for Filters that are wired by web.xml. The property setting this class performs I suspect would conflict with Acegi Security Filters, which are wired directly in the IoC container and

Re: [Acegisecurity-developer] Informative servlet responses and the AuthenticationEntryPoint

Ray Krueger wrote: I spoke with Ben off-list on IM. We'd like some more input on this before I commit all the changes... These are the two overall changes, copy and paste from my notes. Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example o

Re: [Acegisecurity-developer] Bug in Contacts Sample App

Matt Raible wrote: I couldn't seem to find a issue tracker for Acegi Security - I'd be happy to enter this there. acegi-security-sample-contacts-filter.war on OS X (10.3.8) with Tomcat 5.5.7 and Acegi Security 0.7: Adding log4j-1.2.8.jar to WEB-INF/lib fixes the problem. Hi Matt Thanks for th

Re: [Acegisecurity-developer] LDAP DAO and Samba+LDAP

Robert r. Sanders wrote: I have a basic OpenLDAP server setup which Samba 2 is authenticating against. My understanding is that Samba 2 is fairly picky about the LDAP scheme it uses, so I don't want to mess with this. The current LdapPasswordAuthenticationDao assumes that the user will be iden

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

I've just committed to CVS a FilterChainProxy class, docs and tests which make web.xml significantly simpler for Acegi Security-based applications. It means you only need a single FilterToBeanProxy in web.xml, which delegates to your FilterChainProxy. The FilterChainProxy is defined like this:

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Matt Raible wrote: This looks very cool - anything to cut down the amount of XML needed for Acegi Security is a good thing IMO. I just finished my chapter on security for Spring Live - do you think I should scrap the old stuff and update it to reflect this "new way"? If so, when will 0.8.0 (or

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Robert r. Sanders wrote: While I don't have a huge amount of spare time, I would be glad to look over any list of tasks you have and see if I could fit any of them in. I tried to look on the sourceforge site and see if there were any bug/feature lists but couldn't find any. Hi Robert Given you

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Dmitriy Kopylenko wrote: Ben, how about start using JIRA for Acegi release/issue management? I could create a project for JIRA in Spring JIRA installation. Would it be appropriate, taking into consideration that Acegi is not the official Spring subproject? Dmitriy. Thanks for the offer, but

Re: [Acegisecurity-developer] AbstractIntegrationFilter/HttpSessionIntegrationFilter design problem?

Andreas Schildbach wrote: Hello everyone, I was just wondering why my HttpSessionIntegrationFilter does not save my custom user object to the next request... For my application, I have extended SecureContext to SecureUserContext, adding my domain object for users as a property. Looking at the s

Re: [Acegisecurity-developer] Reducing the number of filters needed in web.xml

Ray Krueger wrote: OH, also, sorry, I have an RFE on my "work" project for one-session logins as well. If I make any progress with that I'll let ya know. Hi Ray Yes, the one concurrent login work is a feature that has come up several times, whereas the AbstractProcessingFilter is more of a code

Re: [Acegisecurity-developer] LDAP PasswordDao

Scott Battaglia wrote: Robert, There's an official JIRA issue in Spring for the LDAP support. Not sure what's going to happen with it though. I'd like to see it in Spring though ;-) We have a duplicate of them in the CAS CVS tree only because they aren't in the Spring CVS tree anywhere and we m

Re: [Acegisecurity-developer] ws-security filter

Mason, Ross wrote: Has anyone written a ws-security filter for acegi? Not that I'm aware of. Ben --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which produ

[Acegisecurity-developer] Digest Authentication (more secure than Basic Auth) is now in CVS

I think the subject line says it all. :-) Best regards Ben --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start rea

Re: [Acegisecurity-developer] Digest Authentication (more secure than Basic Auth) is now in CVS

Ray Krueger wrote: Hey! Where's the HttpInvokerRequestExecutor for it! :P I'm making jokes (and no, I'm not gonna write it ha!) Although I may write the Basic Auth CommonsHttpInvokerRequestExecutor Unfortunately I just ran out of time - the unit tests took as long to write as the actual implem

[Acegisecurity-developer] Anonymous principal support now in CVS

There are unit tests and a section in the reference guide as usual. The new feature enables the ContextHolder to be populated with an AnonymousAuthenticationToken each time. This enables all web URIs to be protected, such as follows: CONVERT_URL_TO_LOWE

Re: [Acegisecurity-developer] Anonymous principal support now in CVS

Matt Raible wrote: Is "ROLE_ANONYMOUS" a special key so that you don't have to add it to your user data store? If it has to be added, do all registered users have to have have this role assigned to them? I'm sure it works how I'd expect it to work, just want to clarify. It would be nice if thi

Re: [Acegisecurity-developer] Turn On Subscribe Request Verification?

On Saturday 26 February 2005 05:49, Seth Ladd wrote: > Hello, > > Ben, is it possible to turn on the Subscribe Request Verification for > this mailing list? It would stop the spam we see to this list. It's a > mailman parameter, I believe. > > Thanks! > Seth I've switched on member_posting_only,

Re: [Acegisecurity-developer] Basic + Form authentication in one webapp

On Friday 25 February 2005 06:34, Gavin Terrill wrote: > Hi there, > > I'm stuck and would like some guidance on where to go next (I am quite new > to Acegi Security, so this may be a naïve question). I am trying to protect > "/secure/*" resources in my web app using form processing, and > "/office

Re: [Acegisecurity-developer] Patch to fix NPE

On Monday 28 February 2005 20:43, Konstantin Shaposhnikov wrote: > Hello all, > > I am not sure where I should send my patch (I havesn't found any > bugtracking system for acegi), so I'll send it to mailing list. > > If you enable DEBUG log level and define f.e. in FilterChainProxy > filterInvocati

[Acegisecurity-developer] Remember-me and releasing 0.8.0

Hi everyone I've just added pluggable remember-me services to CVS. You will also find corresponding tests, reference documentation, JavaDocs and a demonstration in the Contacts sample. I believe we've accumulated sufficient additional features, improvements and fixes to warrant a new release.

[Acegisecurity-developer] Re: Stable LDAP authentication DAO

On Tuesday 01 March 2005 09:36, Baldwin, Richard wrote: > Hello, > > My company's project requires an LDAP connection for access to company > credentials. I'd like to test the alpha version of the DAO, but I'm unable > to cut through our firewall to CVS using pserver. I wonder if there's a > seco

Re: [Acegisecurity-developer] Re: Stable LDAP authentication DAO

Ben Alex wrote: Did you try CVSGrab, as per http://acegisecurity.sourceforge.net/cvs-usage.html? I've put a nightly build up at http://acegisecurity.sourceforge.net/nightly/ Best regards Ben --- SF email is sponsored by - The IT Pr

Re: [Acegisecurity-developer] Re: Stable LDAP authentication DAO

Baldwin, Richard wrote: Tried CVSGrab from behind our company's firewall without success. Tried variations on several CVS interfaces to no avail. Going home, will try from there. Thanks for your help. Gave it a college try. The nightly build you can download from http://acegisecurity.sourcefo

Re: [Acegisecurity-developer] LDAP Dao.

On Wednesday 02 March 2005 10:01, Robert r. Sanders wrote: > To whom it may concern: > Just thought I'd let anyone who is interested know that I checked a > much updated version of the LDAP PasswordDao into the sandbox. Included > are a good number of comments that should help out as to the us

Re: [Acegisecurity-developer] Using Acegi in distributed environment

Andreas Prohaska wrote: I bet that most of us use Acegi in some kind of EJB or servlet tier, but I expect problems when AOP proxied object instances are sent over the wire. Imagine the case that you want to protect your business model objects with a MethodInvocationInterceptor. Another problem seem

[Acegisecurity-developer] Acegi Security - new release 0.8.0 and subproject status

Dear Spring Community I'm pleased to make the following two announcements: * Acegi Security will become a Spring subproject from release 1.0.0. * Acegi Security release 0.8.0 is now available. = OFFICIAL SUBPROJECT STATUS =

Re: AW: [Acegisecurity-developer] Using Acegi in distributed environm ent

On Saturday 05 March 2005 00:47, Andreas Prohaska wrote: > But even without trusting my client, assume that I have the secured > Account instance in the servlet tier. Now imagine a wizard that allows > the current user to edit the Account, perhaps in multiple steps. > Everyone would agree that it's

[Acegisecurity-developer] Re: JAAS support

First of all, can we at least agree on the following: 1. Not everyone uses JAAS, or even wants to use JAAS 2. Numerous alternative OSS security frameworks exist (eg http://www.manageability.org/blog/stuff/single-sign-on-in-java/view) 3. Real-world applications see a huge variety of security approa

[Acegisecurity-developer] Re: JAAS support

Hi David David Nuescheler wrote: 4. Often alternative OSS security frameworks and home-grown approaches cannot easily be made integrate into a JAAS LoginModule with respect to authentication in jackrabbit i am not creative enough to come up with a usecase that cannot easily be wrapped into

Re: [Acegisecurity-developer] Anonymous Authentication: getRemoteUser should return null?

Matt Raible wrote: I've recently upgraded AppFuse from a snapshot of 0.7.0 to 0.8.0 and now I'm using the anonymous authentication stuff. While it seems to work well, I tend to use request.getRemoteUser() as an indicator that a user has logged in successfully. For this reason, and to be more

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Andreas Brenk wrote: You could use a HttpSessionListener to keep the coupling to Acegi Security separate from your controller. See http://forum.springframework.org/viewtopic.php?t=1106 for an earlier discussion. Perhaps this should be mentioned in the upgrade readme. Regards, Andreas Matt Raibl

Re: [Acegisecurity-developer] FilterChainProxy and ContextHolderAwareRequestFilter

Matt Raible wrote: Sorry for all the questions, just want to get all my ducks in a row so AppFuse is using Acegi Security in the recommended fashion. No problemo. Question 1: I've found that putting the ContextHolderAwareRequestFilter in a FilterChainProxy bean does not work - it has to be expl

Re: [Acegisecurity-developer] FilterChainProxy and ContextHolderAwareRequestFilter

Matt Raible wrote: I changed both of the places where fi.getRequest() was called. Changing the first one didn't affect anything, but changing the second seems to have solved the problem. Here's the modified file: Checked into CVS. Cheers Ben --

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Matt Raible wrote: Ben Alex wrote: It seems to work OK for me in Tomcat 5.5 with the Contacts Sample application's logout.jsp. I tried building/deploying the contacts WAR with maven (according to the Building with Maven instructions) - there is no web.xml included in the WAR file. Matt

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Matt Raible wrote: For some reason, calling session.invalidate() (in a filter or in a JSP) doesn't seem to help get rid of any Acegi authentication information. Adding ContextHolder.setContext(null) in a filter that's mapped to logout.jsp seems to be the only thing that works for me. Here's m

Re: [Acegisecurity-developer] Case insensitive User Cache

Stefaan Destoop wrote: Hi, In the class EhCacheBasedUserCache, one gets the user from the cache by cache.get(username). However, as LDAP is case insensitive, the putUserInCache() can put the user in the case with a different key. I would suggest to add a boolean property "caseSensitive", defau

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Matt Raible wrote: Here's a link to AppFuse's applicationContext-security.xml file - the filters are specified in the first bean at the top. http://tinyurl.com/6y4jd Matt, did you get it working in the end? As the Contacts Sample is working, it points to configuration. I checked the URL above a

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Ray Krueger wrote: I was able to reproduce this problem in the Contacts sample application. If logout.jsp *doesn't* do a redirect, the problem occurs and the user stays logged in. If it *does* a redirect, everything works and the user is logged out and prompted to login again. I have now fi

[Acegisecurity-developer] Release 0.8.1?

Hi everyone There's a series of bug fixes now in CVS, plus Luke's new X509 (certificate-based) authentication module. I'd like to propose we finalise documentation and release 0.8.1 within the next day or two. Any comments, test reports etc are welcome. Cheers Ben --

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Matt Raible wrote: I updated from CVS and tried the new JAR on AppFuse and the security chapter's sample application. The behavior continues to happen. I'll try it on the Contacts sample app in few days. Maybe anonymous CVS is not in synch. Perhaps... The latest version of HttpSessionContex

Re: [Acegisecurity-developer] session.invalidate() vs. ContextHolder.setContext(null)

Matt Raible wrote: Unfortunately, I looked at HttpSessionContextIntegrationFilter.java and found that I did use version 1.4 in my tests. Matt, I'm pretty sure it works fine now. I'm using Tomcat 5.5.7 on Win32 with JDK 1.5.0_01. I've edited the standard logout.jsp used in the Contacts Sample to

Re: [Acegisecurity-developer] FilterChainProxy and regexp matchers

Ray Krueger wrote: Shouldn't the AbstractFilterInvocationDefinitionSource getAttributes(...) be using getPathInfo() instead? I believe some people are using query strings, at least based on historical forum questions. As such I'd favour using regular expressions, or Ant paths, to simply ignore

Re: [Acegisecurity-developer] Contacts sample application link is broken

Mike wrote: Apparently the links to download the Contacts sample application are broken. All the links in < http://acegisecurity.sourceforge.net/multiproject/acegi-security-sample-contacts/downloads.html Hi Mike I've added a new page to the CVS repository, which will correct this at the next sy

[Acegisecurity-developer] Acegi Security - new release 0.8.1

Dear Spring Community I'm pleased to announce that Acegi Security release 0.8.1 is now available. This release fixes a number of non-critical bugs, updates JAR dependencies to match Spring 1.1.5, and introduces X509 (certificate-based) authentication support. As per the Apache APR project versi

Re: [Acegisecurity-developer] Acegi Security - new release 0.8.1

Hi Xi Xi Ping Wang wrote: Hi Ben, I found two bugs of contacts sample on current CVS and 0.8.1. 1.wrong class position on clientContext.xml class="net.sf.acegisecurity.ui.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/> should be class="net.sf.acegisecurity.context.httpinvoker.Au

Re: [Acegisecurity-developer] AuthenticationTag setting scoped variable?

Brian Moseley wrote: has there been any discussion of having AuthenticationTag setting a scoped variable rather than writing the principal's username to the output stream? if folks think it's a good idea to offer both usages, and nobody's implemented it somewhere already, i'd be happy to work u

Re: [Acegisecurity-developer] Using MySql database for Contacts Sample

Mike wrote: My questions: - Can we make DataSourcePopulator a generic Populator, in order to support multiple databases for testing ? The goal of Contacts is to give people a non-trivial (in terms of security) and self-contained (ie no external database server required) application. My only co

Re: [Acegisecurity-developer] No setter for AbstractProcessingFilter.credentialsExpiredFailureUrl

Alex Burgel wrote: Hi, in 0.8.1, there's no setter for credentialsExpiredFailureUrl in AbstractProcessingFilter. --Alex Fixed in CVS. Ben --- This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005 Attend MEDC 2005 May 9-12 i

Re: [Acegisecurity-developer] Re: Acegi Security - new release 0.8.1

Rob Moore wrote: I think a bug has been introduced in the 0.8.1 enhancement to User.toString(). Previously, calling SecureContext.getAuthentication().getName() returned the usernname. Now it seems to return the result of User.toString(). Here's an example of what I'm seeing on the getName() cal

Re: [Acegisecurity-developer] Humanity concerns

magarrigue wrote: Hi, I will post some code here soon concerning the acegi/www.jcaptcha.net integration. The whole story is here : http://forum.springframework.org/viewtopic.php?p=17030#17030 Have you some requests concerning the design ? do you agree with the plan

Re: [Acegisecurity-developer] Re: Acegi Security - new release 0.8.1

Rob Moore wrote: I have no problem with it, but how do I get User from SecureContext? ((UserDetails)SecureContextUtils.getSecureContext().getAuthentication().getPrincipal()).getUsername(); --- This SF.net email is sponsored by Microsoft Mobile &

Re: [Acegisecurity-developer] Just starting

Greg Akins wrote: I have this class="net.sf.acegisecurity.util.FilterChainProxy"> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=authenticationProcessingFilter,httpSessionIntegrationFilter,securityEnforcementFilter in my appl

Re: [Acegisecurity-developer] Just starting

Greg Akins wrote: Thanks for responding. I was missing some "parts" of the config files.. I got everything cleared up so my web application starts (Yay!!). Now, the problem is.. I get a infinite redirect on web application. I'd image I screwed something up in the Controller setup (I'm not familiar

Re: [Acegisecurity-developer] AuthorizeTag.java

Shishir K. Singh wrote: Could there be instances where currentUser.getAuthorities() returns null. If so, Arrays.asList(currentUser.getAuthorities()); will throw an exception. Most people use DaoAuthenticationProvider, and the corresponding UserDetails interface mandates getAuthorities() as n

Re: [Acegisecurity-developer] Error building acegi-security

Amad Fida wrote: I am having problem building latest, First it could't download jspapi and servletapi then I downloaded manually. Now i getting following, If you look in target/test-reports, which test is failing? Could you please post the related stack trace. I have been able to run the te

Re: [Acegisecurity-developer] Update RichClient security package with 0.8.1 release?

Amad Fida wrote: Is there any plan to update richclient security package with latest release of acegi-security? I am getting few problems with either classes not there any more as in case of AutoIntegeratorFileter or classes moved (SecurityContext)? Amad I was going to hold off until we release

Re: FW: [Acegisecurity-developer] AuthorizeTag.javaAuthorizeTag.java

Shishir K. Singh wrote: Here you go Ben. Under taglib, I found only one instance of getAuthorities. I am attaching the patched file. I only included if (null == currentUser.getAuthorities() || currentUser.getAuthorities().length < 1) { return Collections.EMPTY_LIST; } before Collect

Re: [Acegisecurity-developer] Error building acegi-security

Amad Fida wrote: Here is the test thats failing, testEnforcementMultipleSessions(net.sf.acegisecurity.providers.ConcurrentSessionControllerImplTests): I just did a CVS update, reproduced the problem, and have fixed it. The fixed version of ConcurrentSessionControllerImpl is 1.5. Current CVS h

Re: [Acegisecurity-developer] Re: AbstractProcessingFilter exception handling

Ray Krueger wrote: I'd be happy to continue this work if everyone thinks it's worthwhile. +1. Go for it. Anything beats the getter/setter approach. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT

Re: [Acegisecurity-developer] page flow?

Greg Akins wrote: 1. I can't seem to find where j_acegi_security_check is mapped to a servlet? Try AuthenticationProcessingFilter. 2. I can't see where the results of a successful login are mapped to a "results" page? It's stored in a HttpSession attribute by SecurityEnforcementFilter. The

Re: [Acegisecurity-developer] Re: AbstractProcessingFilter exception handling

Ray Krueger wrote: I don't see an upgrade file for 0.8 to whatever is next though. Since I don't know what is going to be next, I left it alone. Thanks for making the improvement, Ray. I've added upgrade-080-100.html and a basic overview of the change. Please feel free to modify. Cheers Ben -

<    1   2   3   4   5   6   7   >