Re: [T5][ANN] - Tapestry+Acegi+Spring+JDBC+Hibernate+JPA+HSQLDB all in one

Tue, 22 Jan 2008 05:24:56 -0800 

a simple idea is to change Login.tml to submit directly to acegi filter :


<form method="POST" action="/j_acegi_security_check">

       <input type="text" name="j_username"  />

       <input type="password" name="j_password" />

       <input type="submit" value="${message:login}"/>
</form>




On Jan 22, 2008 4:43 PM, Baptiste Meurant <[EMAIL PROTECTED]>
wrote:

>
> Hi,
>
>    Thank you for this great work. It will be really useful.
>
>    I still have a question about security T5/acegi integration : the
> "classic" solution that you used to perform strong authentication with
> acegi
> through T5 is creating a T5 LinkImpl object. You give then parameters
> (login
> and password) to this link object to pass the request to acegi.
>
> The problem is that you are the able to see login and password in clear in
> your server (Apache, Tomcat, ...) logs. Indeed, T5 uses a LinkImpl object
> to
> perform a GET (and not a POST) to server.
>
> I am very annoyed with this security hole that I have encountered on my
> own
> implementation of T5/acegi integration. I don't know any correct and
> elegant
> fix to this issue for now.
>
> Did you experiment this issue ? Do you have an idea on it ? Or maybe you
> found yet a solution to fix it ?
>
> Regards,
>
> Baptiste
>
>
>
> dalahoo wrote:
> >
> > Hi all,
> >
> > latest release of my phone book application is available now,
> >
> > In this release i used :
> >
> >    - Tapestry 5.0.7 as a Web MVC framework.
> >    - Acegi 1.0.5 as a Security System.
> >    - Spring 2.5 as a Application framework.
> >    - Spring JDBC for Data Access Layer.
> >    - Hibernate 3.2.4 an alternative for Data Access Layer.
> >    - JPA (Hibernate Implementation) another alternative for Data Access
> >    Layer.
> >    - HSQLDB 1.8.0.7 for application database.
> >
> > read more about application configuration at
> > http://code.google.com/p/shams/wiki/TASJHJ
> >
> > you can download source code for this release and previous releases from
> > http://code.google.com/p/shams/
> >
> >
> > --
> > sincerely yours
> > M. H. Shamsi
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/-T5--ANN----Tapestry%2BAcegi%2BSpring%2BJDBC%2BHibernate%2BJPA%2BHSQLDB-all-in-one-tp15017544p15018441.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
sincerely yours
M. H. Shamsi

Reply via email to