Re: [Acegisecurity-developer] AuthByAdaptors and SecurityContext
Ben Alex wrote: Sean Radford wrote: Hi, If one is authenticating using JAAS to create an AuthByAdaptor Authentication object (e.g. using JBossAcegiLoginModule), how do you then get the SecureContext populated when not using a web-layer - and thus not able to use an IntegrationFilter such as the JbossIntegrationFilter? Or do I have to create my own MethodInterceptor around all my secure method calls to check for the SecureContext, and if not found, try to retrieve it from its 'well-known location'? Hi Sean There is no way included with Acegi Security to populate the ContextHolder from the JBoss JNDI location except via the JbossIntegrationFilter. So you'll have to experiment with an alternative way (sorry about that). Best regards Ben --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer Hi Ben, That's ok - I wrote an interceptor to do just that when I first looked at Acegi in its early days. Now (at last!) I'm going to get some time to look at it all again and so wondered if something had plugged the gap in the meantime. Any code I am able to make public, naturally I will. Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Stand up and be counted
Acegi community, Thank you, Ben, for forwarding my CAS message to the Acegi community. If you're using CAS, you might like to assist Andrew Petro (who maintains CAS itself) This isn't quite correct. Drew Mazurek of Yale University, the next desk over from me, maintains the CAS project. I'm just help out doing things like documentation efforts, answering questions on the CAS discussion list, and writing a couple alpha versions of casclient demonstrating directions in which it might evolve. It would be more correct to say that Drew Mazurek maintains CAS itself. Thanks anyway, though, Ben: CAS is a project with which I am proud to be associated. If you do reply to Andrew, I'd appreciate it if you'd cc: me so I too can see where CAS is being used along with Acegi Security. I would definitely welcome your letting me know that you are using CAS with any of the requested information listed in the email Ben forwarded. I would love to add all CAS using institutions to the directory of CAS users. I must admit I do not understand the Acegi project -- but from quickly perusing your site I get the impression that I should be linking to you from the CAS FAQ. Could someone send me some email with suggestions about what an appropriate entry about Acegi for the CAS FAQ would look like and where it might link? The CAS FAQ lives at: http://www.yale.edu/tp/cas/faq/ We should think about doing something like this for Acegi Security itself I do hope this effort will be something that bears fruit over time, making it easier for organizations solving similar problems to see what has been done elsewhere, exchange stories of CAS adventures, etc. Thanks, Andrew Original Message Subject:Stand up and be counted Date: Tue, 29 Jun 2004 13:01:28 -0400 From: Andrew Petro [EMAIL PROTECTED] Reply-To: Yale CAS mailing list [EMAIL PROTECTED] To: Yale CAS mailing list [EMAIL PROTECTED] CAS community, I'd like to compile a list of institutions using CAS. If you'd like to be on the list, please reply to me directly (no need to hit the list) with as much of the following information as you would like: 1) Name of institution 2) URL of main web presence of institution 3) Name email address of a technical contact who would like to be available to discuss the experience of installing / using CAS 4) CAS Login URL - so we can compare login page look and feel 5) Whether you're using CAS 2.0 Proxy CAS functionality 6) Any additional information - how many users you have, if you churn through some extraordinary number of tickets, what interesting applications you have CASified; interesting fail-over tricks, load balancing, user authorization solutions -- anything you'd like to share. Provide as much or as little information as you would like. What I will then do is post these submissions in answer to the question Who is using CAS? on the CAS FAQ. Thanks, Andrew microcline at gmail.com [EMAIL PROTECTED] --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Acegi Security - support forum
Hi everyone Colin has kindly setup a forum for Acegi Security support at http://forum.springframework.org. Would end users please use this channel for future support. Best regards Ben --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] missing BadCredentials AuthenticationEvents
Karel Miarka wrote: Ben, Another issue connected to logging. In my log file reappears Authentication success record with details: null. I think that for the first time a user logs in the details are filled by IP, but later on when the user expires from user cache and is obtained again from DAO this success event is triggered again with null details. I think that if the above assumption is true we should add a condition details != null when triggering the event or at least to the LoggerListener to avoid writing it to the log. What do you think? Karel Hi Karel Authentication.getDetails() is allowed under the interface contract to be null. So we can't decide for DaoAuthenticationProvider to not publish an event if it is simply null. At present DaoAuthenticationProvider publishes AuthenticationSuccessEvent every time an authentication takes place where the cache was not used. Thanks to the AbstractIntegrationFilter.commitToContainer(ServletRequest, Authentication) method we have the HttpSession contain the final Authentication that exists on the ContextHolder at the end of a request. This is then placed back onto the ContextHolder and re-presented on subsequent requests. The DaoAuthenticationProvider builds a response Authentication token upon successful authentication in its createSuccessAuthentication(Object, Authentication, UserDetails) method. So all we need to do is ensure this latter method returns an Authentication which actually contains the original Authentication.getDetails(). I've just committed a change and unit test for DaoAuthenticationProvider that does the above. Best regards Ben --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer