Re: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated

On Wed, 8 Jan 2003 04:00, you wrote: > I think that the code which is never executed should be removed. I > don't think that the Logout Action should call > TurbineSecurity.save(user) though. Just because the user logs out is > no reason to write the entire user object to the persistent store.

DO NOT REPLY [Bug 15745] - Criteria's support for Date type does not work

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

RE: New Security Service [was RE: TurbineUser - Extending it? Maybe you should not have to.]

Hi All, What ever the security mechanism is that is chosen, I think it should be a number #1 priority to fit into Sun's JAAS model (it's in JDK 1.4 now so we can't hide from it). NOw I am no expert on JAAS, but IMHO that will enable people to integrate a bit easier into other Java related technolo

Re: New Security Service [was RE: TurbineUser - Extending it? Maybe you should not have to.]

Would it be able to plug into other systems? ie Tomcat's Realm or Suns JAAS? The discussion surrounding security was quite lively about a year ago (was it really a year ago?) with some good suggestions on improving the current service. Should we perhaps re-waken this discussion and see if we get

RE: New Security Service [was RE: TurbineUser - Extending it? Maybe you should not have to.]

> Speaking of this topic, I had an idea one night about security. After a > couple hours I came up with this: > > http://dan.envoisolutions.com/jasf/ > > It seems to be pretty flexible, but I'm not sure everyone would like > using it. I wanted something where I could authenticate not only >

RE: New Security Service [was RE: TurbineUser - Extending it? Maybe you should not have to.]

> > * There is a security manager interface that provides two methods: > > one to authenticate a user given their credentials (to login), > > and one to determine whether a user is authorized to do something. > > Nothing more, nothing less. > > How would you get the user or user id to ask th

RE: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated

> -Original Message- > From: Henning P. Schmiedehausen [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 07, 2003 10:27 AM > To: [EMAIL PROTECTED] > Subject: Re: Discussion on TTWS30 - Session unbind causes > TURBINE_USER to be updated > > > >This happens on logout (because the anonym

Re: New Security Service [was RE: TurbineUser - Extending it? Maybeyou should not have to.]

Gonzalo Diethelm wrote: Yeah, old issue, big can'o worms. I participated in that old thread months (actually, I think it was more than a year) ago. I still believe we should go this route: * Everything is based on interfaces. * There is a security manager interface that provides two methods:

Re: cvs commit: jakarta-turbine-fulcrum/src/java/org/apache/fulcrum/intake/transform

"a decent IDE" does not write CVS commit messages. People do. If asking for being a little more verbatim than "a couple of fixes I had lying around" is considered indecent these days, well, then we should stop writing any docs at all. Frankly, I don't understand what you wanted to tell me with

Re: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated

"Quinton McCombs" <[EMAIL PROTECTED]> writes: >Please note, that the event that I am talking about is NOT the session >unbind itself. It is when the user object is removed from the session. Ok. As I said, I wasn't sure if I grabbed the point of your argument. >This happens on logout (because th

RE: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated

Please note, that the event that I am talking about is NOT the session unbind itself. It is when the user object is removed from the session. This happens on logout (because the anonymous user replaces the authenticated one on the session) and session timeout. We have the following cases: 1. The

RE: New Security Service [was RE: TurbineUser - Extending it? Maybe you should not have to.]

> Yeah, old issue, big can'o worms. > > I participated in that old thread months (actually, I think it was more > than a year) ago. I still believe we should go this route: > > * Everything is based on interfaces. > * There is a security manager interface that provides two methods: > one to aut

New Security Service [was RE: TurbineUser - Extending it? Maybe you should not have to.]

> Rodney Schneider <[EMAIL PROTECTED]> writes: > > > ... and diving head first into one of the longest standing issues in > > Turbine land -- the notorious Security Service. > > > > The idea of removing most of the methods of the security interfaces has > > been discussed many times on this list.

Re: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated

"Henning P. Schmiedehausen" <[EMAIL PROTECTED]> writes: >redefine the session management (SessionValidator, AccessController >(Trust me, we won't)). To avoid confusion (I'm not a native speaker after all): I meant "Trust me, we don't really want to open that can of worms". The "we won't" was

Re: Turbine Roadmap?!?

Martin Poeschl <[EMAIL PROTECTED]> writes: >It would be good to have a roadmap for Turbine > 2.2 >Turbine 2.3 >- the Services should stay as they are >- Turbine should be able to use avalon components >- Torque should be loaded as an avalon component The Component Service should be able to

Re: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated

"Quinton McCombs" <[EMAIL PROTECTED]> writes: >I have implemented the fix mentioned in the previous message. There is >one small difference... >I ended up saving everything that would be serialized into the >OBJECT_DATA column on session unbind. This could pose a *small* problem >for anyone usi

Re: TurbineUser - Extending it? Maybe you should not have to.

Rodney Schneider <[EMAIL PROTECTED]> writes: >... and diving head first into one of the longest standing issues in >Turbine land -- the notorious Security Service. >> I think that Henning makes some great headway on this issue with his >> version of the security service. With his version of the

Re: RFC: Going to Servlet API 2.3+? [Was: Re: New SessionService....]

Daniel Rall <[EMAIL PROTECTED]> writes: >Hullo Fulcrum. :-) Actually, this would be Fulcrum without the classes in the org.apache.fulcrum package (but in the sub-packages). Regards Henning -- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTE

Re: cvs commit: jakarta-turbine-fulcrum/src/java/org/apache/fulcrum/intake/transform

Dan Diephouse <[EMAIL PROTECTED]> writes: >A decent IDE such as eclipse or IDEA will point out to you that >getLangFromFilename is a static function and therefore should be >accessed through BSFManager, not through a local variable. Not to >mention a decent IDE will fix all these unused import

Turbine Roadmap?!?

It would be good to have a roadmap for Turbine > 2.2 Turbine 2.3 - the Services should stay as they are - Turbine should be able to use avalon components - Torque should be loaded as an avalon component Turbine 2.3+ - The services should be avalon components - fulcrum or plexus?? We should

Re: RFC: Going to Servlet API 2.3+? [Was: Re: New SessionService....]

Was this not the whole idea behind Fulcrum? /c - Original Message - From: "Chris K Chew" <[EMAIL PROTECTED]> To: "Turbine Developers List" <[EMAIL PROTECTED]> Sent: Tuesday, January 07, 2003 1:19 AM Subject: RE: RFC: Going to Servlet API 2.3+? [Was: Re: New SessionService] > It mig