[Acegisecurity-developer] using ClassPathXmlApplicationContext in web.xml
Is there any way to configure the system so this is possible ? In web.xml context-param param-namecontextConfigLocation/param-name param-valueclasspath:beanRefFactory.xml/param-value /context-param listener listener-classorg.springframework.web.context.ContextLoaderListener/listener-class /listener In beanRefFactory.xml bean id=bean.factory lazy-init=true class=org.springframework.context.support.ClassPathXmlApplicationContext constructor-arg valuewebApplicationContext.xml/value /constructor-arg /bean I've tried it with lazy-init set to true and also to false. It craps out every time as far as I can see it is at the point where it tries to load up my acegi filters. Any ideas appreciated --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Authz taglibs for freemarker
Ben, Is there any work going on to port the authorization taglibs to freemarker tags ? Thanks Shishir --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Authz taglibs for freemarker
Shishir K. Singh wrote: Ben, Is there any work going on to port the authorization taglibs to freemarker tags ? Thanks Shishir Not as far as I know. Besides, doesn't everyone use Velocity these days? ;-) Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] Authz taglibs for freemarker
Yes. Velocity has a bigger following than freemarker. But I find freemarker to be more rich in feature, just my personal opinion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Thursday, September 02, 2004 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] Authz taglibs for freemarker Shishir K. Singh wrote: Ben, Is there any work going on to port the authorization taglibs to freemarker tags ? Thanks Shishir Not as far as I know. Besides, doesn't everyone use Velocity these days? ;-) Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] SecurityEnforcementFilter always executing, even if for login page
Karel Miarka wrote: Ben, You are completely right, but my filter solves one important problem regarding Tapestry: The current SecurityEnforcementFilter doens't allow the login page to be at the same place as the protected pages and because in Tapestry all the pages are accessed using app?service=page/PageName, so it is a problem. My filter is suitable for applications where all the pages should be protected except the login page. That would be nice If the SecurityEnforementFilter could be made to run only once and solve the cyclic problem when the login page is inside the protected area. But because it sends the redirect it is not enough to use the FILTER_APPLIED flag :( (cc: Developer list so there's some history) How about this for an approach We change the AuthenticationEntryPoint.commence argument to also take a FilterChain. ie not just ServletRequest and ServletResponse. Then SecurityEnforcementFilter can be configured to secure all requests (ie *). It will delegate to FilterSecurityInterceptor, which in turn delegates to its superclass, AbstractSecurityInterceptor, which then finds nothing in the ContextHolder and throws AuthenticationCredentialsNotFoundException, which is then caught by SecurityEnforcementFilter (being a subclass of AuthenticationException) and it delegates to the revised AuthenticationEntryPoint. We could then modify AuthenticationProcessingFilterEntryPoint to detect if the request is for itself. Thus it will perform a FilterChain.doFilter rather than redirect again to the login page. This should not only work for Tapestry applications, but also any other situation whereby the user has secured * (including the login page). Do you (or anyone else) see any problems with this approach? Ben --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer