OH, also, sorry, I have an RFE on my "work" project for one-session logins as well. If I make any progress with that I'll let ya know.
On Mon, 21 Feb 2005 08:02:57 -0600, Ray Krueger <[EMAIL PROTECTED]> wrote: > I don't have a ton of free time either, but count me in Ben... > Where can I find some more information on the Certificate Integration? > > I'll volunteer for the AbstractProcessingFilter exceptions. > > We're gonna need Jira, or you're gonna go nuts... > > -Ray > > > On Sun, 20 Feb 2005 21:20:18 -0500, Scott Battaglia > <[EMAIL PROTECTED]> wrote: > > Ben, > > > > Just a note that the official source that Olivier posted for LDAP > > support is here: > > http://opensource.atlassian.com/projects/spring/browse/SPR-362 > > > > The one's we're using, which are slightly modified (to include > > LdapDaoSupport) are here: > > http://www.uportal.org/cgi-bin/viewcvs.cgi/cas3/adaptors/ldap/src/main/java/org/springframework/ldap/ > > > > I don't believe there are any Test Cases though which could be an issue. > > > > -Scott > > > > Ben Alex wrote: > > > > > Robert r. Sanders wrote: > > > > > >> While I don't have a huge amount of spare time, I would be glad to > > >> look over any list of tasks you have and see if I could fit any of > > >> them in. I tried to look on the sourceforge site and see if there > > >> were any bug/feature lists but couldn't find any. > > >> > > > Hi Robert > > > > > > Given your recent interest in the LDAP module, and its significant > > > usefulness to the wider community, I think that's good feature to move > > > from sandbox to core. Some things that might need doing in that regard > > > include checking the forums for past LDAP contributions (to check the > > > current LDAP DAO provides equivalent features), a description for the > > > reference guide, and a unit test. Re unit testing, the problem is the > > > difficulty of needing an LDAP server to respond to the requests. I see > > > a few approaches that we could investigate: > > > > > > - Expect an LDAP server to be running. A Win32 port of OpenLDAP is > > > available at http://lucas.bergmans.us/hacks/openldap/. I wouldn't mind > > > if it was a prerequisite that the server was already running, with a > > > base schema and users already in the directory. In this case we might > > > make the LDAP module a separate Maven subproject so that it doesn't > > > interfere with core's unit tests. > > > > > > - Look at Apache Directory Server. Maybe it could be loaded in-memory > > > during the test. I haven't looked into it, but this is attractive > > > being an all-Java solution. http://incubator.apache.org/directory/ > > > > > > - Review Olivier Jolly's LDAP support classes at > > > http://www.uportal.org/cgi-bin/viewcvs.cgi/cas3/adaptors/ldap/src/. I > > > took a look and they seem interesting - probably worth using in our > > > LDAP DAO interface anyway just for completeness. Perhaps we could mock > > > one or two of the key interfaces and not use an LDAP server at all. > > > > > > I'm quite keen on getting this LDAP issue sorted out, so any time you > > > could invest in that would be greatly appreciated. Here is the > > > remainder of my TODO list (not all of which will be done before 0.8.0 > > > or even at all). I am working on the three items marked ***: > > > > > > *** Digest authentication (for WebDAV compliance) > > > http://www.ietf.org/rfc/rfc2069.txt > > > > > > *** Anonymous user provider, so there's no need to exclude web URIs > > > http://forum.springframework.org/viewtopic.php?t=1925 > > > > > > *** Remember me functionality > > > > > > http://sourceforge.net/mailarchive/forum.php?thread_id=5177499&forum_id=40659 > > > > > > > > > http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice > > > > > > > > > Chain AuthenticationDao / AuthenticationProvider > > > (regular forum question) > > > > > > Eliminate hard-coded exceptions in AbstractProcessingFilter > > > (replace with a pluggable resolver that is wired via a property editor) > > > > > > Certificate integration > > > (seems complicated as exchange happens in container-level SSL/TLS > > > handshake) > > > > > > Prevent concurrent logins via a session listener > > > (committed new WebAuthenticationDetails which stores session ID in > > > Authentication) > > > > > > JMX of cache hits/misses, password failures, prevent user logins not > > > holding certain role > > > > > > http://opensource.atlassian.com/confluence/spring/display/DOC/Exposing+your+Beans > > > > > > > > > Tiger annotations > > > (or just wait for Spring to provide guidance on how it will approach > > > this) > > > > > > DB source ObjectDefinitionSource > > > (or just let Spring do it at container level) > > > > > > JOSSO Integration > > > (good marketing benefit for software developers wanting pluggable SSO > > > solutions) > > > > > > SecureID Integration > > > > > > > > > Any help appreciated! > > > > > > Ben > > > > > > > > > ------------------------------------------------------- > > > SF email is sponsored by - The IT Product Guide > > > Read honest & candid reviews on hundreds of IT Products from real users. > > > Discover which products truly live up to the hype. Start reading now. > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > > _______________________________________________ > > > Home: http://acegisecurity.sourceforge.net > > > Acegisecurity-developer mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > Home: http://acegisecurity.sourceforge.net > > Acegisecurity-developer mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
