On 18-09-2010 at 18:17, Thomas Menke wrote:
> I am currently trying to implement an authentication system for a small
> web application. The article "Security Interceptor for custom
> authorization" sounds promising to me but unfortunately it says "On how
> to setup security authorization/authen
Nikolaos,
Thank you for the thoughtful summary of the state of things. Since I just
popped up here recently with my opinions, I thought it might be useful to
introduce myself briefly, so people know where I'm coming from.
Starting in 2003, I began working at a startup in the SOAP/SOA world. We
> should be really irrelevent:
> http://cipher-code.de/tmp/security_problem.zip
>
I'm not sure about this, but try removing dispatcherservlet from web.xml
and use dynamicmappingfilter as described in
http://stripes.sourceforge.net/docs/current/javadoc/net/sourceforge/stripes/controller/DynamicMap
On 09/18/2010 09:28 PM, Grzegorz Krugły wrote:
>
>>> I originally did not. I did not even implement the SecurityHandler
>>> interface. I do now, but it did not change anything.
>>> Stripesstuff library is there and both-tags are there es well.
>>>
> If it's not top secret, ZIP your whole project
> > I originally did not. I did not even implement the SecurityHandler
> > interface. I do now, but it did not change anything.
> > Stripesstuff library is there and both -tags are there es well.
> >
If it's not top secret, ZIP your whole project and upload somewhere -
I'll take a look.
On 09/18/2010 09:05 PM, Grzegorz Krugły wrote:
>
>
> W dniu 18.09.2010 20:54, Thomas Menke pisze:
>
>>> I did as you said and I added simply "return false" to hasRole() and
>>> isUserAuthenticated() and I added a @RolesAllowed annotation to a method
>>> of an action bean.
> Did You return new E
Also, you'll have to have stripesstuff.jar packed in your war/ear and
configured in web.xml with:
Extension.Packages
org.stripesstuff.plugin.security
(more extensions can be comma separated in param-value)
---
W dniu 18.09.2010 20:54, Thomas Menke pisze:
> > I did as you said and I added simply "return false" to hasRole() and
> > isUserAuthenticated() and I added a @RolesAllowed annotation to a method
> > of an action bean.
Did You return new ErrorResolution with 401 in
public Resolution handl
On 09/18/2010 06:35 PM, Nikolaos Giannopoulos wrote:
> Thomas,
>
> The way I read the article is that the section you quote applies if you
> want to create *your own* security manager that simply extends the
> Stripes Stuff plug-in interface. Is that what you want to do?
>
> Have you tried obtai
On 09/18/2010 06:31 PM, Grzegorz Krugły wrote:
Hi Grzegorz,
> After having security interceptor in place, just write a class and
> implement those 3 methods:
>
> public class SecurityManager extends J2EESecurityManager implements
> SecurityHandler {
> protected Boolean hasRole(ActionBean
Thank you Nikolaos.
You made an important statement.
I think too that we need a way to let other people get involved.
Those who are holding the keys to Stripes please let us in :)))
Regards
Søren
Den 18/09/2010 kl. 18.09 skrev Nikolaos Giannopoulos :
> Ben,
>
> You have made it clear that yo
Thomas,
The way I read the article is that the section you quote applies if you
want to create *your own* security manager that simply extends the
Stripes Stuff plug-in interface. Is that what you want to do?
Have you tried obtaining the plugin and does it fail to work as per the
examples pro
After having security interceptor in place, just write a class and
implement those 3 methods:
public class SecurityManager extends J2EESecurityManager implements
SecurityHandler {
protected Boolean hasRole(ActionBean bean, Method handler, String
role) {
}
protected Boolean isUserAuthe
Hi @ll,
I am currently trying to implement an authentication system for a small
web application. The article "Security Interceptor for custom
authorization" sounds promising to me but unfortunately it says "On how
to setup security authorization/authentication for
org.stripesstuff.plugin.secur
Ben,
You have made it clear that you needed to get away from the code back in
June after having made a flurry of commits. Everyone understands and
appreciates what you have done for Stripes as you have single handedly
maintained Stripes for quite some time (I assume since its beginnings
with
Barry, I like your idea of having stripes core and all the "shadow" libs In one
repo. This would let the core maintain it's great focus but also allow a great
community to be built around it. Think of what rails has done by allowing
people to easily extend it with it's own plugins. Something aro
16 matches
Mail list logo
