Carlos Sanchez wrote:
anyone?
On 7/20/06, Carlos Sanchez [EMAIL PROTECTED] wrote:
I'm just wondering what people think about protected empty constructor
so I can extend that classes instead of write wrappers.
Hi Carlos
I am not a big fan of this idea. It's still compromising the
Hi Pete
Pete Guyatt wrote:
Does anyone have any objections to this suggestion?
None at all. Looks fine at first glance.
Sorry about posting this bug via the mailing list, but I could not see
any way to report this bug via JIRA or the website. For future
reference I would like to
[EMAIL PROTECTED] wrote:
The method
org.acegisecurity. userdetails.User.equals
requires that the GrantedAuthority values on the
two instance be in the same order.
Unless there is some order dependency in the behavior,
does it make sense to require that the order be the
same for
McGovern, James F (HTSC, IT) wrote:
In searching through the archives, I ran across a discussion in 2004 on
combining ACEGI and XAMCL that seemed to have went no where because it was
too difficult. Is the position still the same?
There has been no progress on this issue, because we haven't
[EMAIL PROTECTED] wrote:
I would like to be able to initialize the FilterChainProxy
entirely using Spring XML tags, without relying on the special
syntax parsed by the ACEGI property editors. I have various
reasons for this, one being that the Spring IDE and the XML
parser do not understand
Kimball, Mark W wrote:
In AbstractUserDetailsAuthenticationProvider the authenticate() method
calls the additionalAuthenticationChecks() method in a try block and can
catch an AuthenticationException. The code in the catch block (line 147
for rel 1.0.1) calls the retrieveUser() and
[EMAIL PROTECTED] wrote:
This seems to be working ok, however, this might be slightly
simpler to do if the AuthenticationException had its own
handler interface, like the accessDeniedHandler.
call it the authentcationFailedHandler.
Most people either do it the way you have, or listen for
[EMAIL PROTECTED] wrote:
Most of the components in ACEGI have their own interface, then provide an
implementation.
e.g. AuthenticationEntryPoint
The ExceptionTranslationFilter does not, it is a class that implements Filter.
I am running into some problems with proxying and auto-wiring a
hv @ Fashion Content wrote:
How would you configure a login policy where
1) The last username used is never forgotten(saved in cookie)
You can't do that out of the box. You could investigate plugging into
the remember-me filter, though, which has hooks to send back cookies
after successful
Tom Stroobants wrote:
Suppose that my login form is integrated in an other page and I want to
return to that page that integrated my login page (so the original page)
... How do you do that in ACEGI ?
Couldn't you use AbstractProcessingFilter.defaultTargetUrl = your login
page plus
Brian Pontarelli wrote:
I think the issue is that the login is a component that exists on many
pages and the login/failure should return the user to the page they were
viewing rather than a stock login/home page.
The best bet at this point is probably to subclass APF and just redirect
or
Luke Taylor wrote:
That's good. You'll be an expert on branching with subversion then :-).
I'd like to get the automatic build upgraded to Maven 2 as well (and
running again). There are a couple of issues I've come across so far:
I am a BIG fan of moving to Maven 2 ASAP. Acegi Security is
On Sat, 2006-08-26 at 14:56 -0700, Robert Blumen wrote:
With the event-listening approach,
I see that you could track the number of
failed attempts, but how would that tie
back into preventing additional attempts
after the limit was exceeded? Wouldn't
you have to modify the authentication
On Sun, 2006-08-27 at 10:16 -0500, Hector Suarez Barenca wrote:
Is there an example about how to integrate hessian and acegi?, could you
tell me where i could find examples?
The Contacts sample in its client/clientContext.xml can be changed to
use Hessian. However, as an aside, think carefully
Luke Taylor wrote:
On the branching front, it seems like we could be making more use of
branches with subversion.
I am happy for these changes to be made. Whilst changing to Maven 2 we
should also give consideration to how we distribute source code for IDE
integration. At present we release a
Ray Krueger wrote:
Ben were you suggesting having acegi-version.jar would be just binary,
and acegi-version-sources.jar would be binary with source?
Yes, a traditional .class-only JAR, and a combined .class plus .java
JAR. People like me would use the latter, whereas people concerned about
the
Carlos Sanchez wrote:
Will it be possible to make a 1.0.2 bug release in the next two weeks?
I can go thorugh all the release process, i just would like to know if
people agree in taking what it is curently in svn and tag it as 1.0.2.
Hi Carlos
You want to be release manager? I would
Baz wrote:
if (principal instanceof
org.acegisecurity.userdetails.User) {
User user = (User) principal;
userName = user.getUsername();
} else {
userName =
Scott McCrory wrote:
Ben Alex wrote:
Could other developers please finalize their 1.0.2-related tasks (see
http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa).
Ben, I'd like to get the Siteminder improvements noted in SEC-319 in
with the 1.0.2 release
Hi everyone
23 issues are now resolved, with 3 more still outstanding.
The outstanding issues are SEC-304, SEC-348 and SEC-346, assigned to
Marc Antoine, Scott and Luke respectively.
Would Marc Antoine, Scott and Luke please comment on these tasks, close
them, or assign them to a later release
Peter Kharchenko wrote:
I am writing a custom voter implementation and have a question
regarding how configuration attributes are being fed to the voters.
Hi Peter
Basically the AccessDecisionVoter.supports(ConfigAttribute attribute)
method is structured the way it is because we want
Peter Kharchenko wrote:
So if I wanted to make use of a voter that needs more than one config
attribute at the same time, would you recommend writing an alternate
version of UnanimousBased decision manager, or is there a reason why
Unanimous decision have to be done this way (and therefore
Hi all
1.0.2 is now ready to release. Carlos, were you still able to take care
of it? I can do so, but I won't have time for a few more days. Please
feel free to remove the reference guide and README.TXT sections that
mention JAR signing. I think we've agreed to drop it.
Cheers
Ben
[EMAIL PROTECTED] wrote:
I am trying to build an acegi jar with ntlm support.
Could anyone tell me the maven command for this?
What version of acegi should I check out to build?
Hi Xiaobo
You will need to checkout from SVN. I believe there is a pom.xml in
sandbox/other, so try running mvn
Arturo San Feliciano Martín wrote:
Is there any way to build dinamicaly the asociantions between url pattern and
ROLE (or profile) ?
Could I save in a DataBase these associations(URL pattern-Profile(ROLE))?
could acegi could ask for them?
Hi Arturo
You can write a custom
Twomey, Sean wrote:
Our application has just recently integrated acegi as our security
framework. However we now have a requirement to change the session
identifier (JSESSIONID) after a successful login, since this session id is
issued at/before the login page, and is thus prone to session
Arturo San Feliciano Martín wrote:
Hi,
Is there any way to avoid acegi filter images? When I see the log i find
somethings like:
2006-10-01 12:00:36,010 DEBUG [org.acegisecurity.util.FilterChainProxy] -
/img/menu/setaOff.gif reached end of additional filter chain; proceeding
with
Lucas Opara wrote:
Hello,
I was wondering if there is any support in acegi for retrieving authorities
from a remote web service.
For now, we use straight JDBC connection to an Oracle database to retrieve
the roles and it works great.
What we would like to have is a secured web service
Robert Blumen wrote:
It is not clear to me at this point what is the intended usage of the
SwitchUserProcessingFilter.
Possibly it needs its own failureUrl, something like the
authenticationProcessingFilter has. And to trap the UsernameNotFound
and then redirect to the failure url?
Jose Luis Huertas Fernández wrote:
I was thinking about developing a new module to integrate Acegi with
OpenSSO (https://opensso.dev.java.net/) in a similar way that the
existing CAS integration.
Hi Jose
You'd be very welcome to take this on. It would be good to add another
SSO alternative
Hi Jin
I think there are already plugin points for each of these steps.
Jin Peng wrote:
1. Retrieve SSO token from HTTP request (usually SSO cookie)
Authentication mechanism (usually a filter).
2. Validate SSO token
3. Recreate authentication context from a valid SSO token.
Authentication
Wim Lambrecht wrote:
anyone ?
Wim Lambrecht schreef:
We've encountered a rather annoying bug in the java5 compiler regarding
annotations, see the buglist:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6365854 . So, it does
I know this ain't an acegi bug, but i like to know how
Karl Moore wrote:
Just wondered if there was a road map for the product and where it might be
going. Are there any plans to take advantage of the new Spring 2.0 features?
1.0.3 will be released soon - probably tomorrow before I fly interstate.
Failing that, it will certainly be out on the
Dear Spring Community
I am pleased to advise Acegi Security 1.0.3 is now available.
This release is mostly a bug fix release, although the new domain object
access control list (ACL) feature is now available for preview. I'll be
presenting a session on this new feature at The Spring Experience
Michael Vorburger wrote:
Hello,
I thought some of you on this list may be interested in my
http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html
in the context of propagating Acegi's Security Context in a Spring Web
Service Remoting scenario... kind of like a
Scott McCrory wrote:
I'd vote for disabling formatting of comments. That's one thing that
humans still generally do a better job of managing.
I agree, also with Luke's suggestion re throws formatting.
Cheers
Ben
-
Wojciech Gdela wrote:
Hello,
Where can I find this new ACL stuff (where is the code)? Is there any
documentation about it?
It is in release 1.0.3 and has some reference guide coverage, plus the
Contacts Sample. I'm also giving a talk on it tomorrow at The Spring
Experience, after which
Luke Taylor wrote:
I suggested to Ben that we refactor the contacts sample to make it a
single app, rather than having so many different versions. We could
default to having a standard form login app and leave additional context
files commented out in the web.xml file. That way people could
John Noble wrote:
So. Does anyone know if I can configure Acegi to handle this kind of
situation, or should I just run two separate contexts, one /webapp-backend/
and one /webapp-customer/ for example?
Or should I have a shared table or something.. basic_user that holds
credentials for
Didier LINK wrote:
I've just upgrade acegi in 1.0.3 version (before I've 1.0.1) and my
webapp drive to an annoying error. This is the same as Matt Raible
(01-12-2006 on the list archives) but I've some more details.
This was logged as SEC-404 (and 407). I just fixed it in SVN rev 1773.
[EMAIL PROTECTED] wrote:
I would like to add new resources (web-pages) to the
objectDefinitionSource dynamically.
I don't want to stop the application, change the applicationContext.xml
and then start the application again.
What is the best way to achieve this?
Just write a
[EMAIL PROTECTED] wrote:
The problem here is that the unique key on the ACL_PERMISSION table is
[Object (the ACL_OBJECT_IDENTITY reference column), Recipient]. It
wouldn't seem from the suggested schema for this table that you can
support different collections for the same Recipient based on
Luc Boudreau wrote:
I'd like to propose a patch to the MethodDefinitionMap. With the actual
source code, you can't secure inherited methods. This patch will fix the
problem. It's really simple and straightforward.
I needed it see the inherited methods so I could secure my generic service
Camilo Arango wrote:
Not always. I seems that only exceptions thrown by the called object
are propagated by the client. In my case, the exception is thrown by a
filter, and therefore the call to the Spring remoting proxy never
occurs and I get and ugly 500 response code at the client.
What
Camilo Arango wrote:
One solution I have found is removing both the
exceptionTranslationFilter and filterInvocationInterceptor from the
chain and managing authorization with AOP. That way, the exceptions
are serialized correctly.
This is actually the recommended usage pattern. You use
Krystian Nowak wrote:
Do you think it is possible to include DACS (http://dacs.dss.ca/) as a
authentication adapter (just as it is with Yale's CAS)? There were talks
about the future of authorization in OSS GIS GeoServer
(http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring,
Mark St.Godard wrote:
Ben can chime in as well if he would like to add to this..
Hi everyone
As this is an important question, I've posted a blog on the subject:
http://blog.interface21.com/main/2007/01/24/why-the-name-acegi/
Cheers
Ben
Andrei Sereda wrote:
Hello Team,
One quick question: is it possible to persist different permissions in
current acegi implementation (acls package) ? It seems to me that only
BasePermission is supported out of the box (see BasicLookupStrategy
convertCurrentResultIntoObject() method) . What
hrvoje pejcinovic wrote:
Say I have a simple web app with one login screen and two web pages a,b which
are protected. App also has two different types of users userA and userB. How
do I configure the acegi so that upon successful authentication and
authorisation userA gets re-directed to
Stephane Bailliez wrote:
Hi all,
I'm trying to see whether there is an easy way to implement roles
(authorities) for several applications. Each application having its own
set of authorities (ie: john being registered as ROLE_SUPERVISOR only
for application A, does not apply to
James Carman wrote:
I am thinking about writing a Spring 2.0 style parser for Acegi
configuration.
Hi James
This is very important work for a subsequent release, although I'd like
to ensure that the proposed XSD is conceptually similar with other
Spring XSDs (one big benefit of Spring is once
CJ wrote:
Scenario is: an Administrator disables or deletes a user account, while the
user
is logged in. The user's Authentication should be revoked from that moment on.
What is the recommended approach for this in Acegi?
I'd suggest forcing reauthentication for each secure object request by
Research Information Sheet that explains the research and provides you
with details on how to participate or ask further questions.
Thank you taking the time to read this email, and I hope that you will
consider participating.
Kind regards
Ben Alex
Hi Bear
Please log all bugs in our JIRA instance, so they're appropriately
tracked and reviewed. All bug reports should ideally contain a unit test
which provides an ongoing test that the bug has been fixed and not
reintroduced. Patches with bug reports are particularly welcome and will
be
Hi all
Carlos and Luke, what's the latest status of the Maven 2 build? Does the
reference documentation build successfully with Maven 2 as-is? I see
acegisecurity.org hasn't built and uploaded since 18 December 2006.
Luke, is that running the Maven 2 build?
We're shooting at releasing 1.0.4 in
Luke Taylor wrote:
Hey, I spent ages bringing the errors down a while back :). There are
only 34 at the moment in core and 12 are due to spaces around
brackets. If we can get someone to nail the file down to what we want
the code to look like (e.g. our benevolent dictator, Ben?), then we can
Karl Moore wrote:
Some users have been reporting problems with the examples that are
bundled with 1.0.4. It appears that
acegi-security-sample-tutorial.war, is missing all the files apart
from the jars.
Hi Karl
I've added this to JIRA to investigate for the next release:
and results will be freely available. Participation will also provide a
custom licensing report for your project. To learn more, please visit:
http://licensing-research.newcastle.edu.au
Thanks for reading this email, and I hope you'll consider participating.
Best regards
Ben Alex
(My apologies
Hi everyone
Today Luke Taylor and I restructured the SVN repository on SourceForge.
The restructure had several goals:
* To be usable for the 1.0.5 as well as future 2.x releases
* To rename acegisecurity to spring-security where feasible
* To relocate trunk and tags under spring-security
this new release useful in your projects.
Best regards
Ben Alex
Project Lead, Spring Security
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time
301 - 360 of 360 matches
Mail list logo
