Ben, Thank you very much for the pointers!!~ I'd study on those first.
> There are also other threads on acegisecurity-developer which would help > - try a search. It's really not that difficult to achieve remember me > functionality (as well as anonymous user functionality with a similar > approach). I really should just go and code it myself, given it is a > common request. Anyway, I have a suggestion on this issue: I think the 'remember me' feature is so application-dependent, that it shouldn't be included in the acegi core. I think maybe we can develop a sub-project of acegi, which is intended to give some sort of special features (like 'remember me'). E.g. the current acegi library would be acegi-core, extensions would be acegi-ext, and app-features would be acegi-reference. So that more higher application-level developers can contribute to those subprojects without affecting the core. And more usages/references would be out there. HUE > > > >I am deciding to use acegi as the login system for my webapp, and > >thinking about the customization I need to do in order to handle 2 > >requirements: > > > >1. let user to switch HTTP or HTTPS - It's not related to acegi; but I > >am thinking about the implementation. SO JUST IGNORE THIS... > > > > > The net.sf.acegisecurity.securechannel package contains what you need to > do this. Basically you add a filter to web.xml which calls > ChannelProcessingFilter. This filter stores URI mappings and passes them > to a channel decision manager, which goes and polls a series of channel > decision processors. A channel decision processor will redirect to a > different protocol if needed by the URI mapping. There is an example of > configuration in current CVS in > samples/contacts/src/main/webapp/cas/WEB-INF/applicationContext-acegi-security.xml. > > >2. let user to have a 'remember me' feature when login, aka, login by > >cookie. Implementation would be: when user login succeeds, stores a > >serial number in a cookie and in server db. So that when user is > >requested to login again (on next day, say) , webapp retrieves the > >serial number from cookie and compare it against the value in db. Here > >the problem comes: acegi requires username and password for most of > >the authentication. I want something that takes username, password or > >cookie from client and do authentication based on username/password or > >username/cookie. How can I implement this behaviour? Which interface > >should I implement? Or can I modify 'filter' and > >'DaoAuthenticationProvider' to achieve this? I just want an idea and > >I'd try that all~~ > > > > > > > See this thread for some design ideas: > http://sourceforge.net/mailarchive/forum.php?thread_id=5177499&forum_id=40659. > There are also other threads on acegisecurity-developer which would help > - try a search. It's really not that difficult to achieve remember me > functionality (as well as anonymous user functionality with a similar > approach). I really should just go and code it myself, given it is a > common request. > > Best regards > Ben > > ------------------------------------------------------- > The SF.Net email is sponsored by: Beat the post-holiday blues > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
