Hi Ben, Colin,
On Thursday 29 April 2004 14:21, Ben Alex wrote:
> Colin has also been mentioning configuration complexity recently. To what
> extent have users found this to be a problem? How can we fix it?
I'm starting to use/evaluate acegisecurity for some project, and here are my
impressions so far on the cfg complexity.
I'm not sure I understand for what is "Run-As Authentication Replacement", and why I
need it in my cfg.
If not defined it throws:
java.lang.IllegalArgumentException: A RunAsManager is required
at
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:179)
It seems to me that for what I'm trying to do at the moment, I don't need it, so I see
2 options:
1) It's not crucial cfg element, and should not be required.
2) It's something that is necessary no matter how simple authentication/authorization
one is trying to implement.
And so this maybe should be internally set for some default, and if latter one
feels the need to provide some customized version, be able to do so by setting the
adequate property.
This is in my opinion, how things are done in Spring, and one of its major and
unique advantage.
Not exposing non-crucial cfg elements is the answer for keeping cfg complexity at
the lowest possible level.
I took a peek at RunAsManagerImpl.java and the only thing it checks for in
afterPropertiesSet is if the key is filled.
Can't this be checked in some other way, to avoid need of lifecycle handling
(InitializingBean) and so avoid the need to have it defined in the context?
I also agree that having a lot of filters in web.xml is not quite attractive, and
would prefer to have only one.
At this time, I haven't still looked very deeply into the code, so quite probably I
don't understand all issues involved, and how to resolve them.
I'm just reporting you my first impressions.
Hope it will help in some way.
Regards
Fernando Martins
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
