this new release useful in your projects.
Best regards
Ben Alex
Project Lead, Spring Security
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time
Hi everyone
Today Luke Taylor and I restructured the SVN repository on SourceForge.
The restructure had several goals:
* To be usable for the 1.0.5 as well as future 2.x releases
* To rename acegisecurity to spring-security where feasible
* To relocate trunk and tags under spring-security
and results will be freely available. Participation will also provide a
custom licensing report for your project. To learn more, please visit:
http://licensing-research.newcastle.edu.au
Thanks for reading this email, and I hope you'll consider participating.
Best regards
Ben Alex
(My apologies
Karl Moore wrote:
Some users have been reporting problems with the examples that are
bundled with 1.0.4. It appears that
acegi-security-sample-tutorial.war, is missing all the files apart
from the jars.
Hi Karl
I've added this to JIRA to investigate for the next release:
Hi all
Carlos and Luke, what's the latest status of the Maven 2 build? Does the
reference documentation build successfully with Maven 2 as-is? I see
acegisecurity.org hasn't built and uploaded since 18 December 2006.
Luke, is that running the Maven 2 build?
We're shooting at releasing 1.0.4 in
Luke Taylor wrote:
Hey, I spent ages bringing the errors down a while back :). There are
only 34 at the moment in core and 12 are due to spaces around
brackets. If we can get someone to nail the file down to what we want
the code to look like (e.g. our benevolent dictator, Ben?), then we can
Hi Bear
Please log all bugs in our JIRA instance, so they're appropriately
tracked and reviewed. All bug reports should ideally contain a unit test
which provides an ongoing test that the bug has been fixed and not
reintroduced. Patches with bug reports are particularly welcome and will
be
Research Information Sheet that explains the research and provides you
with details on how to participate or ask further questions.
Thank you taking the time to read this email, and I hope that you will
consider participating.
Kind regards
Ben Alex
CJ wrote:
Scenario is: an Administrator disables or deletes a user account, while the
user
is logged in. The user's Authentication should be revoked from that moment on.
What is the recommended approach for this in Acegi?
I'd suggest forcing reauthentication for each secure object request by
Andrei Sereda wrote:
Hello Team,
One quick question: is it possible to persist different permissions in
current acegi implementation (acls package) ? It seems to me that only
BasePermission is supported out of the box (see BasicLookupStrategy
convertCurrentResultIntoObject() method) . What
hrvoje pejcinovic wrote:
Say I have a simple web app with one login screen and two web pages a,b which
are protected. App also has two different types of users userA and userB. How
do I configure the acegi so that upon successful authentication and
authorisation userA gets re-directed to
Stephane Bailliez wrote:
Hi all,
I'm trying to see whether there is an easy way to implement roles
(authorities) for several applications. Each application having its own
set of authorities (ie: john being registered as ROLE_SUPERVISOR only
for application A, does not apply to
James Carman wrote:
I am thinking about writing a Spring 2.0 style parser for Acegi
configuration.
Hi James
This is very important work for a subsequent release, although I'd like
to ensure that the proposed XSD is conceptually similar with other
Spring XSDs (one big benefit of Spring is once
Krystian Nowak wrote:
Do you think it is possible to include DACS (http://dacs.dss.ca/) as a
authentication adapter (just as it is with Yale's CAS)? There were talks
about the future of authorization in OSS GIS GeoServer
(http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring,
Mark St.Godard wrote:
Ben can chime in as well if he would like to add to this..
Hi everyone
As this is an important question, I've posted a blog on the subject:
http://blog.interface21.com/main/2007/01/24/why-the-name-acegi/
Cheers
Ben
Camilo Arango wrote:
One solution I have found is removing both the
exceptionTranslationFilter and filterInvocationInterceptor from the
chain and managing authorization with AOP. That way, the exceptions
are serialized correctly.
This is actually the recommended usage pattern. You use
[EMAIL PROTECTED] wrote:
I would like to add new resources (web-pages) to the
objectDefinitionSource dynamically.
I don't want to stop the application, change the applicationContext.xml
and then start the application again.
What is the best way to achieve this?
Just write a
[EMAIL PROTECTED] wrote:
The problem here is that the unique key on the ACL_PERMISSION table is
[Object (the ACL_OBJECT_IDENTITY reference column), Recipient]. It
wouldn't seem from the suggested schema for this table that you can
support different collections for the same Recipient based on
Luc Boudreau wrote:
I'd like to propose a patch to the MethodDefinitionMap. With the actual
source code, you can't secure inherited methods. This patch will fix the
problem. It's really simple and straightforward.
I needed it see the inherited methods so I could secure my generic service
Camilo Arango wrote:
Not always. I seems that only exceptions thrown by the called object
are propagated by the client. In my case, the exception is thrown by a
filter, and therefore the call to the Spring remoting proxy never
occurs and I get and ugly 500 response code at the client.
What
John Noble wrote:
So. Does anyone know if I can configure Acegi to handle this kind of
situation, or should I just run two separate contexts, one /webapp-backend/
and one /webapp-customer/ for example?
Or should I have a shared table or something.. basic_user that holds
credentials for
Didier LINK wrote:
I've just upgrade acegi in 1.0.3 version (before I've 1.0.1) and my
webapp drive to an annoying error. This is the same as Matt Raible
(01-12-2006 on the list archives) but I've some more details.
This was logged as SEC-404 (and 407). I just fixed it in SVN rev 1773.
Wojciech Gdela wrote:
Hello,
Where can I find this new ACL stuff (where is the code)? Is there any
documentation about it?
It is in release 1.0.3 and has some reference guide coverage, plus the
Contacts Sample. I'm also giving a talk on it tomorrow at The Spring
Experience, after which
Luke Taylor wrote:
I suggested to Ben that we refactor the contacts sample to make it a
single app, rather than having so many different versions. We could
default to having a standard form login app and leave additional context
files commented out in the web.xml file. That way people could
Scott McCrory wrote:
I'd vote for disabling formatting of comments. That's one thing that
humans still generally do a better job of managing.
I agree, also with Luke's suggestion re throws formatting.
Cheers
Ben
-
Michael Vorburger wrote:
Hello,
I thought some of you on this list may be interested in my
http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html
in the context of propagating Acegi's Security Context in a Spring Web
Service Remoting scenario... kind of like a
Dear Spring Community
I am pleased to advise Acegi Security 1.0.3 is now available.
This release is mostly a bug fix release, although the new domain object
access control list (ACL) feature is now available for preview. I'll be
presenting a session on this new feature at The Spring Experience
Karl Moore wrote:
Just wondered if there was a road map for the product and where it might be
going. Are there any plans to take advantage of the new Spring 2.0 features?
1.0.3 will be released soon - probably tomorrow before I fly interstate.
Failing that, it will certainly be out on the
Hi Jin
I think there are already plugin points for each of these steps.
Jin Peng wrote:
1. Retrieve SSO token from HTTP request (usually SSO cookie)
Authentication mechanism (usually a filter).
2. Validate SSO token
3. Recreate authentication context from a valid SSO token.
Authentication
Wim Lambrecht wrote:
anyone ?
Wim Lambrecht schreef:
We've encountered a rather annoying bug in the java5 compiler regarding
annotations, see the buglist:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6365854 . So, it does
I know this ain't an acegi bug, but i like to know how
Jose Luis Huertas Fernández wrote:
I was thinking about developing a new module to integrate Acegi with
OpenSSO (https://opensso.dev.java.net/) in a similar way that the
existing CAS integration.
Hi Jose
You'd be very welcome to take this on. It would be good to add another
SSO alternative
Lucas Opara wrote:
Hello,
I was wondering if there is any support in acegi for retrieving authorities
from a remote web service.
For now, we use straight JDBC connection to an Oracle database to retrieve
the roles and it works great.
What we would like to have is a secured web service
Robert Blumen wrote:
It is not clear to me at this point what is the intended usage of the
SwitchUserProcessingFilter.
Possibly it needs its own failureUrl, something like the
authenticationProcessingFilter has. And to trap the UsernameNotFound
and then redirect to the failure url?
Arturo San Feliciano Martín wrote:
Hi,
Is there any way to avoid acegi filter images? When I see the log i find
somethings like:
2006-10-01 12:00:36,010 DEBUG [org.acegisecurity.util.FilterChainProxy] -
/img/menu/setaOff.gif reached end of additional filter chain; proceeding
with
Twomey, Sean wrote:
Our application has just recently integrated acegi as our security
framework. However we now have a requirement to change the session
identifier (JSESSIONID) after a successful login, since this session id is
issued at/before the login page, and is thus prone to session
[EMAIL PROTECTED] wrote:
I am trying to build an acegi jar with ntlm support.
Could anyone tell me the maven command for this?
What version of acegi should I check out to build?
Hi Xiaobo
You will need to checkout from SVN. I believe there is a pom.xml in
sandbox/other, so try running mvn
Arturo San Feliciano Martín wrote:
Is there any way to build dinamicaly the asociantions between url pattern and
ROLE (or profile) ?
Could I save in a DataBase these associations(URL pattern-Profile(ROLE))?
could acegi could ask for them?
Hi Arturo
You can write a custom
Hi all
1.0.2 is now ready to release. Carlos, were you still able to take care
of it? I can do so, but I won't have time for a few more days. Please
feel free to remove the reference guide and README.TXT sections that
mention JAR signing. I think we've agreed to drop it.
Cheers
Ben
Peter Kharchenko wrote:
I am writing a custom voter implementation and have a question
regarding how configuration attributes are being fed to the voters.
Hi Peter
Basically the AccessDecisionVoter.supports(ConfigAttribute attribute)
method is structured the way it is because we want
Peter Kharchenko wrote:
So if I wanted to make use of a voter that needs more than one config
attribute at the same time, would you recommend writing an alternate
version of UnanimousBased decision manager, or is there a reason why
Unanimous decision have to be done this way (and therefore
Hi everyone
23 issues are now resolved, with 3 more still outstanding.
The outstanding issues are SEC-304, SEC-348 and SEC-346, assigned to
Marc Antoine, Scott and Luke respectively.
Would Marc Antoine, Scott and Luke please comment on these tasks, close
them, or assign them to a later release
Scott McCrory wrote:
Ben Alex wrote:
Could other developers please finalize their 1.0.2-related tasks (see
http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa).
Ben, I'd like to get the Siteminder improvements noted in SEC-319 in
with the 1.0.2 release
Baz wrote:
if (principal instanceof
org.acegisecurity.userdetails.User) {
User user = (User) principal;
userName = user.getUsername();
} else {
userName =
Carlos Sanchez wrote:
Will it be possible to make a 1.0.2 bug release in the next two weeks?
I can go thorugh all the release process, i just would like to know if
people agree in taking what it is curently in svn and tag it as 1.0.2.
Hi Carlos
You want to be release manager? I would
Luke Taylor wrote:
On the branching front, it seems like we could be making more use of
branches with subversion.
I am happy for these changes to be made. Whilst changing to Maven 2 we
should also give consideration to how we distribute source code for IDE
integration. At present we release a
Ray Krueger wrote:
Ben were you suggesting having acegi-version.jar would be just binary,
and acegi-version-sources.jar would be binary with source?
Yes, a traditional .class-only JAR, and a combined .class plus .java
JAR. People like me would use the latter, whereas people concerned about
the
On Sat, 2006-08-26 at 14:56 -0700, Robert Blumen wrote:
With the event-listening approach,
I see that you could track the number of
failed attempts, but how would that tie
back into preventing additional attempts
after the limit was exceeded? Wouldn't
you have to modify the authentication
On Sun, 2006-08-27 at 10:16 -0500, Hector Suarez Barenca wrote:
Is there an example about how to integrate hessian and acegi?, could you
tell me where i could find examples?
The Contacts sample in its client/clientContext.xml can be changed to
use Hessian. However, as an aside, think carefully
Brian Pontarelli wrote:
I think the issue is that the login is a component that exists on many
pages and the login/failure should return the user to the page they were
viewing rather than a stock login/home page.
The best bet at this point is probably to subclass APF and just redirect
or
Luke Taylor wrote:
That's good. You'll be an expert on branching with subversion then :-).
I'd like to get the automatic build upgraded to Maven 2 as well (and
running again). There are a couple of issues I've come across so far:
I am a BIG fan of moving to Maven 2 ASAP. Acegi Security is
[EMAIL PROTECTED] wrote:
The method
org.acegisecurity. userdetails.User.equals
requires that the GrantedAuthority values on the
two instance be in the same order.
Unless there is some order dependency in the behavior,
does it make sense to require that the order be the
same for
McGovern, James F (HTSC, IT) wrote:
In searching through the archives, I ran across a discussion in 2004 on
combining ACEGI and XAMCL that seemed to have went no where because it was
too difficult. Is the position still the same?
There has been no progress on this issue, because we haven't
[EMAIL PROTECTED] wrote:
I would like to be able to initialize the FilterChainProxy
entirely using Spring XML tags, without relying on the special
syntax parsed by the ACEGI property editors. I have various
reasons for this, one being that the Spring IDE and the XML
parser do not understand
Kimball, Mark W wrote:
In AbstractUserDetailsAuthenticationProvider the authenticate() method
calls the additionalAuthenticationChecks() method in a try block and can
catch an AuthenticationException. The code in the catch block (line 147
for rel 1.0.1) calls the retrieveUser() and
[EMAIL PROTECTED] wrote:
This seems to be working ok, however, this might be slightly
simpler to do if the AuthenticationException had its own
handler interface, like the accessDeniedHandler.
call it the authentcationFailedHandler.
Most people either do it the way you have, or listen for
[EMAIL PROTECTED] wrote:
Most of the components in ACEGI have their own interface, then provide an
implementation.
e.g. AuthenticationEntryPoint
The ExceptionTranslationFilter does not, it is a class that implements Filter.
I am running into some problems with proxying and auto-wiring a
hv @ Fashion Content wrote:
How would you configure a login policy where
1) The last username used is never forgotten(saved in cookie)
You can't do that out of the box. You could investigate plugging into
the remember-me filter, though, which has hooks to send back cookies
after successful
Tom Stroobants wrote:
Suppose that my login form is integrated in an other page and I want to
return to that page that integrated my login page (so the original page)
... How do you do that in ACEGI ?
Couldn't you use AbstractProcessingFilter.defaultTargetUrl = your login
page plus
Hi Pete
Pete Guyatt wrote:
Does anyone have any objections to this suggestion?
None at all. Looks fine at first glance.
Sorry about posting this bug via the mailing list, but I could not see
any way to report this bug via JIRA or the website. For future
reference I would like to
Carlos Sanchez wrote:
anyone?
On 7/20/06, Carlos Sanchez [EMAIL PROTECTED] wrote:
I'm just wondering what people think about protected empty constructor
so I can extend that classes instead of write wrappers.
Hi Carlos
I am not a big fan of this idea. It's still compromising the
Kujat, Aaron wrote:
I have downloaded the acegi-security-1.0.1 release from a number of
mirrors now and I have not been able to find a properly signed jar file.
Hi Aaron
The JARs were not signed in 1.0.1 and this is not a problem. You can
read more at
Kirin Eugene wrote:
I want to allow to watch this link not all users with user permission,
but only user with concrete ID. Other words, if user has the user role and
id = 5,
then to show link. Do you know how better it to implement?
The taglib is designed only to work with roles. You'll
Luke Taylor wrote:
I agree that reusability is important but I'm not convinced that these
changes are justified on this basis, or that is just about balancing
reusability and ease of use. The use of constructor arguments is about
guaranteeing that objects can only be created with a specific
[EMAIL PROTECTED] wrote:
Hi All,
In the Docbook, at the end of Chapter 9: Siteminder
Authentication Mechanism, someone added a TODO suggesting that a
dedicated AuthenticationProvider be created instead of users having to
modify their DaoAuthenticationProvider. They don't actually,
Brian Pontarelli wrote:
Hello everyone. I'd like to try one last time to get some backing from
the Acegi developers for a patch to include AJAX login support into
Acegi. I have written all of the code and just need to finish test
cases, but I'd like to commit this back into the main line
Matthew Holt wrote:
1. Read SSO cookie username.
2. Check username against LDAP.
You need to write an authentication mechanism that can setup the
SecurityContextHolder with an Authentication object representing the
username derived from your SSO cookie. Usually this will be
Andrew Perepelytsya wrote:
1. Where is
net.sf.acegisecurity.context.ContextInvalidExceptionContextInvalidException
now? What is the replacement for it?
2. The SecureContext class had the validate() method, but I can't find it in
SecurityContext now, neither does SecurityContextImpl contain
Dear Spring Community
After more than two and a half years of development, I am delighted to
announce that Acegi Security 1.0.0 is now officially released.
In addition to more than 80 improvements and fixes since 1.0.0 RC2, this
new release also includes several changes to help new users. This
Joern Huxhorn wrote:
It's possible that I'm missing something but I think it should be
removed from the jar.
It has already been taken care of. See SEC-240.
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Angelo Luis wrote:
this is not fixed:
http://opensource.atlassian.com/projects/spring/browse/SEC-99
It isn't fixed for the reasons I provided in the comment, being:
I wish there was a simple way of resolving this issue, but whatever we
do would inevitably break backward compatibility and
Hi everyone
I would like to release 1.0.0 final on Friday 26 May. All JIRA issues
assigned to me are now either completed or marked for a future release.
Please note that source code reformatting with Jalopy has been completed
(SEC-97) and the /jalopy.xml file revised. One of the changes
Vikas Sasidharan wrote:
I am not so enthusiastic about setting the flag to true. Could anybody
suggest some other possible alternatives? My last option is to have a
custom MethodSecurityInterceptor that enables separation of
before-invocation and after-invocation interception.
The problem is
Ben Munat wrote:
I'm using RC-2 and I think I'm having trouble with the
IllegalStateException problem as detailed in SEC-211. It appears that
this issue is fixed in CVS, but won't be in a release until 1.0 final.
Wondering if you guys are close on final (like in the next week or
so), or if I
Richard Han wrote:
My question probably is more suitable to user-list, but we don't have one.
Anyway, I am new to acegi, my question is, how do you customize role names,
for instance, if I want to use ROLE_STUDENT, ROLE_PROFESSOR, how would I let
acegi recognize them?
In two places:
1.
Hi everyone
For the sake of consistency and ease of reviewing history logs, would
developers please always format SVN commit messages to begin with the
JIRA issue number, followed by a colon, then a brief description of the
check-in. More detailed messages can be placed in the JIRA task. eg:
Carlos Sanchez wrote:
Looks right, only that
https://svn.sourceforge.net/svnroot/acegisecurity/trunk/CVSROOT should
be deleted
Thanks for the feedback, Carlos.
Re CVSROOT, that's an artifact of the cvs2svn process. Even
automatically migrated SF repositories (eg Spring Rich Client) have
Scott Battaglia wrote:
I'm looking at re-working the CAS (some of it based on the new CAS
client code). Would you prefer I wait until after the Acegi 1.0.0
Final release (i.e. target 1.1) and just focus on the current open CAS
issues?
Hi Scott
I am trying to get 1.0.0 final out within a
Ben Alex wrote:
Last weekend SF had some CVS issues, so I didn't make the switch as
intended.
I'm now going to hold-off doing this until early May, because I'm
largely on the road until then and don't want to change things and be
unavailable if anything goes wrong. Just wanted to let
Hi everyone
Last night I went through all open JIRA tasks. Most are now assigned to
a target release and a specific developer. I would like to release 1.0.0
final in around two weeks, and I have set aside some days to work
exclusively on Acegi Security in this period.
Would developers
Marc-Antoine Garrigue wrote:
I see 3 solutions :
I will refer this one to Scott, as he maintains the CAS integration
these days. Scott, your thoughts?
Cheers
Ben
---
Using Tomcat but need to do more? Need to support web services,
[EMAIL PROTECTED] wrote:
I've managed to authorize my perl scripts now as expected.
Now I need to send some data from my java filters i.e. roles possessed by the
user to the CGI perl script but I don't know how to do this.
Any suggestion?
What exact approach are you using to run your Perl
Konstantin Shaposhnikov wrote:
I think that functionality provided in acegi 0.9.0 was quite useful,
because ant patterns much more flexible then those provided by
servlet-api, so it would be good to restore this behavior - when value
is empty then no filters will be applied to request.
Please
Hi everyone
Just wanted to let you all know that I'll be attending two conference in
Europe this June:
* The Second International Conference on Open Source Systems on 8-10
June in Como, Italy. See http://oss2006.dti.unimi.it/.
* SpringOne on 15-16 June in Antwerp, Belgium. I'll be
Ben Alex wrote:
Does anyone have any concerns with the project migrating from CVS to
SVN? If there aren't any objections, I'll make the change in about a
week.
Last weekend SF had some CVS issues, so I didn't make the switch as
intended.
I'm now going to hold-off doing this until early May
Tim Kettering wrote:
Maybe it'd be useful if those checks found in
DaoAuthenticationProvider be made available as a pluggable component
that other AuthenticationProviders can utilize?
Hi Tim
If you please add it to JIRA, I'll make a static method that accepts a
UserDetails and throws an
[EMAIL PROTECTED] wrote:
Is it possible to secure perl scripts that are invoked as CGI programs?
FilterSecurityInterceptor works at the filter level, so if the filter
will be called, it should be able to authorize based on URI.
Best regards
Ben
Hi everyone
SourceForge have recently modified their offering so we can migrate to
SVN (without losing revision history) - see
http://sourceforge.net/docman/display_doc.php?docid=31070group_id=1#import.
I have also been using SVN recently and had good results. The Subclipse
plugin at Update
Scott Battaglia wrote:
Would it make sense to change the Object getPrincipal() method to
UserDetails getPrincipal() such that users can swap the providers
without having to worry whether the Authentication object from one
provider returns a different Principal from the other Authentication
Carlos Sanchez wrote:
- What is the preferred maven version? I think maven2 is easier to tame
1.0.2 is the one I used a few weeks back to successfully build Acegi
Security 1.0.0 RC2.
- Which repos are to be used?
They are defined in project.properties and you shouldn't need to
Konstantin Shaposhnikov wrote:
I would recommend you to write simple bean with getter method that
returns current logged in user from SecurityContext:
class CurrentUser {
Object getPrincipal() {
SecurityContext ctx = SecurityContextHolder.getContext();
if (ctx == null)
return
Jeoff Wilks wrote:
Ben, can you elaborate a bit on how you structured your DB schema for
ACLs? I'm facing this problem right now (need ACLs at both app level
and database level), and I would appreciate understanding a little
more about the intent of the Acegi design in that respect.
Hao Chen wrote:
I thing I can
think of is to change the GrantedAuthorities
dynamically for every request based on which workspace
the user is trying to access. Will this work?
That will work, but it means you will be using AuthenticationManager
again for every request and you will need to be
Tim Kettering wrote:
I scoured the forums and mailing list and did not find anyone bringing
up this issue. I suspect it's because everyone (?) so far might have
been using the filter based login. Which we are not, so this would
not be a problem for them.
Hi Tim
If you are able to
Scott Battaglia wrote:
If there's interest I can write an AuthenticationHandler that
delegates to an Acegi AuthenticationManager similar to what the
current CAS adapter does.
Hi Scott
I think it would be good to have a 3.x-series compatible
AuthenticationHandler, so that people wanting
Scott Battaglia wrote:
Ben,
I'll work on a CAS3/Acegi AuthenticationHandler this week. It
shouldn't be too difficultlt. Do you think having both the
PasswordHandler and an AuthenticationHandler will cause problems? We
are in RC, so I'm not sure we want to remove the handler.
After reading
Andrey Moiseenko wrote:
Javadoc for org.acegisecurity.context.SecurityContextHolder: Associates a
given SecurityContext with the current execution thread and any new threads
the current execution thread may spawn.
Logged as SEC-188 and fixed in CVS.
Ben
Jeoff Wilks wrote:
It's not immediately obvious to me how you'd do this, since Basic Auth
normally prompts with a 401 response. However, I could require that
machine clients proactively send the basic auth info (not waiting for
a 401), so the server just attempts to process basic auth, and
Dear Spring Community
I'm pleased to announce that Acegi Security release 1.0.0 Release
Candidate 2 is now available. This release includes over 50 improvements
and fixes since 1.0.0 RC1, including comprehensive new LDAP
capabilities. We recommend that users upgrade to 1.0.0 RC2 in order to
[EMAIL PROTECTED] wrote:
How can one set up acegi to accept either one of basic or digest
authentication?
Just add them both to the filter chain, and specify your preferred
default (for unauthenticated requests which attempt to access a secure
resource) as the
Brian Moseley wrote:
i've configured a custom error page for 403 responses in my web.xml. i
want that page to use the authz taglib to render itself differently
depending on whether the authentication for the request is anonymous
or represents a known user of my application.
This is
1 - 100 of 360 matches
Mail list logo