Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
Ray, I committed it to the TRUNK. Anywhere else I should commit it? Such as the 1.0.x branch? I'd like to see it out in the next release (its something we can use in the CAS project since we use Acegi ;-)) Thanks -Scott Ray Krueger wrote: > Number 3 above is generally the pattern followed in Acegi... > > private StatelessTicketCache statelessTicketCache = new > NullStatelessTicketCache(); > > ...with a setter for it defining a custom implementation. > > I don't think that would be a big deal to change, though I'm unsure of > it's role in the CAS stuff. I've never used our CAS support :) > > > On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > >> Ben, >> >> Do you have any objections to removing the fact that a >> StatelessTicketCache is required for the CasAuthenticationProvider? Its >> only needed when a remoting protocol is used and requires every >> application to possibly have an unnecessary dependency on EhCache. >> >> We have three options: >> 1. Just turn off the check for the StatelessTicketCache (and wherever >> its called, also check for null) >> 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy >> the dependency but still require people to configure it >> 3. Create the stub and have it be the default value in the >> CasAuthenticationProvider meaning that no configuration is required. >> >> Thoughts? >> >> Thanks >> -Scott >> >> -- >> Scott Battaglia >> Application Developer, Architecture & Engineering Team >> Enterprise Systems and Services, Rutgers University >> v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] >> >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Home: http://acegisecurity.org >> Acegisecurity-developer mailing list >> Acegisecurity-developer@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >> >> > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
It's also used by the Acl (acls) packages by the EhCacheBackedAclCache. It would be very easy to swap this out with another implementation of the AclCache interface. Ray Krueger wrote: > Yes, it's used in core. It is the default backing for the "UserCache". > > On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > >> The StatelessTicketCache is only used within the CAS support for the >> purpose of simulating sessions for stateless remote access. Normal CAS >> support does not require the StatelessTicketCache (in fact the CAS >> protocol doesn't really recommend you re-use the single use tickets ;-)). >> >> I'm okay with option 3 also. I'll create a JIRA issue and commit the >> code. Would we need to update our pom file? Is EhCache used for >> anything besides the CAS support within Acegi? >> >> Thanks >> -Scott >> >> >> Ray Krueger wrote: >> >>> Number 3 above is generally the pattern followed in Acegi... >>> >>> private StatelessTicketCache statelessTicketCache = new >>> NullStatelessTicketCache(); >>> >>> ...with a setter for it defining a custom implementation. >>> >>> I don't think that would be a big deal to change, though I'm unsure of >>> it's role in the CAS stuff. I've never used our CAS support :) >>> >>> >>> On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: >>> >>> Ben, Do you have any objections to removing the fact that a StatelessTicketCache is required for the CasAuthenticationProvider? Its only needed when a remoting protocol is used and requires every application to possibly have an unnecessary dependency on EhCache. We have three options: 1. Just turn off the check for the StatelessTicketCache (and wherever its called, also check for null) 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy the dependency but still require people to configure it 3. Create the stub and have it be the default value in the CasAuthenticationProvider meaning that no configuration is required. Thoughts? Thanks -Scott -- Scott Battaglia Application Developer, Architecture & Engineering Team Enterprise Systems and Services, Rutgers University v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> ___ >>> Home: http://acegisecurity.org >>> Acegisecurity-developer mailing list >>> Acegisecurity-developer@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >>> >>> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Home: http://acegisecurity.org >> Acegisecurity-developer mailing list >> Acegisecurity-developer@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >> >> > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://
Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
I've created an issue and marked it for 1.0.6: http://opensource.atlassian.com/projects/spring/browse/SEC-592 Ray Krueger wrote: > Number 3 above is generally the pattern followed in Acegi... > > private StatelessTicketCache statelessTicketCache = new > NullStatelessTicketCache(); > > ...with a setter for it defining a custom implementation. > > I don't think that would be a big deal to change, though I'm unsure of > it's role in the CAS stuff. I've never used our CAS support :) > > > On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > >> Ben, >> >> Do you have any objections to removing the fact that a >> StatelessTicketCache is required for the CasAuthenticationProvider? Its >> only needed when a remoting protocol is used and requires every >> application to possibly have an unnecessary dependency on EhCache. >> >> We have three options: >> 1. Just turn off the check for the StatelessTicketCache (and wherever >> its called, also check for null) >> 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy >> the dependency but still require people to configure it >> 3. Create the stub and have it be the default value in the >> CasAuthenticationProvider meaning that no configuration is required. >> >> Thoughts? >> >> Thanks >> -Scott >> >> -- >> Scott Battaglia >> Application Developer, Architecture & Engineering Team >> Enterprise Systems and Services, Rutgers University >> v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] >> >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Home: http://acegisecurity.org >> Acegisecurity-developer mailing list >> Acegisecurity-developer@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >> >> > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
Yes, it's used in core. It is the default backing for the "UserCache". On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > The StatelessTicketCache is only used within the CAS support for the > purpose of simulating sessions for stateless remote access. Normal CAS > support does not require the StatelessTicketCache (in fact the CAS > protocol doesn't really recommend you re-use the single use tickets ;-)). > > I'm okay with option 3 also. I'll create a JIRA issue and commit the > code. Would we need to update our pom file? Is EhCache used for > anything besides the CAS support within Acegi? > > Thanks > -Scott > > > Ray Krueger wrote: > > Number 3 above is generally the pattern followed in Acegi... > > > > private StatelessTicketCache statelessTicketCache = new > > NullStatelessTicketCache(); > > > > ...with a setter for it defining a custom implementation. > > > > I don't think that would be a big deal to change, though I'm unsure of > > it's role in the CAS stuff. I've never used our CAS support :) > > > > > > On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > > > >> Ben, > >> > >> Do you have any objections to removing the fact that a > >> StatelessTicketCache is required for the CasAuthenticationProvider? Its > >> only needed when a remoting protocol is used and requires every > >> application to possibly have an unnecessary dependency on EhCache. > >> > >> We have three options: > >> 1. Just turn off the check for the StatelessTicketCache (and wherever > >> its called, also check for null) > >> 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy > >> the dependency but still require people to configure it > >> 3. Create the stub and have it be the default value in the > >> CasAuthenticationProvider meaning that no configuration is required. > >> > >> Thoughts? > >> > >> Thanks > >> -Scott > >> > >> -- > >> Scott Battaglia > >> Application Developer, Architecture & Engineering Team > >> Enterprise Systems and Services, Rutgers University > >> v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] > >> > >> > >> > >> - > >> This SF.net email is sponsored by: Splunk Inc. > >> Still grepping through log files to find problems? Stop. > >> Now Search log events and configuration files using AJAX and a browser. > >> Download your FREE copy of Splunk now >> http://get.splunk.com/ > >> ___ > >> Home: http://acegisecurity.org > >> Acegisecurity-developer mailing list > >> Acegisecurity-developer@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > >> > >> > > > > - > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > ___ > > Home: http://acegisecurity.org > > Acegisecurity-developer mailing list > > Acegisecurity-developer@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
The StatelessTicketCache is only used within the CAS support for the purpose of simulating sessions for stateless remote access. Normal CAS support does not require the StatelessTicketCache (in fact the CAS protocol doesn't really recommend you re-use the single use tickets ;-)). I'm okay with option 3 also. I'll create a JIRA issue and commit the code. Would we need to update our pom file? Is EhCache used for anything besides the CAS support within Acegi? Thanks -Scott Ray Krueger wrote: > Number 3 above is generally the pattern followed in Acegi... > > private StatelessTicketCache statelessTicketCache = new > NullStatelessTicketCache(); > > ...with a setter for it defining a custom implementation. > > I don't think that would be a big deal to change, though I'm unsure of > it's role in the CAS stuff. I've never used our CAS support :) > > > On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > >> Ben, >> >> Do you have any objections to removing the fact that a >> StatelessTicketCache is required for the CasAuthenticationProvider? Its >> only needed when a remoting protocol is used and requires every >> application to possibly have an unnecessary dependency on EhCache. >> >> We have three options: >> 1. Just turn off the check for the StatelessTicketCache (and wherever >> its called, also check for null) >> 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy >> the dependency but still require people to configure it >> 3. Create the stub and have it be the default value in the >> CasAuthenticationProvider meaning that no configuration is required. >> >> Thoughts? >> >> Thanks >> -Scott >> >> -- >> Scott Battaglia >> Application Developer, Architecture & Engineering Team >> Enterprise Systems and Services, Rutgers University >> v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] >> >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Home: http://acegisecurity.org >> Acegisecurity-developer mailing list >> Acegisecurity-developer@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >> >> > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
Number 3 above is generally the pattern followed in Acegi... private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache(); ...with a setter for it defining a custom implementation. I don't think that would be a big deal to change, though I'm unsure of it's role in the CAS stuff. I've never used our CAS support :) On 11/6/07, Scott Battaglia <[EMAIL PROTECTED]> wrote: > Ben, > > Do you have any objections to removing the fact that a > StatelessTicketCache is required for the CasAuthenticationProvider? Its > only needed when a remoting protocol is used and requires every > application to possibly have an unnecessary dependency on EhCache. > > We have three options: > 1. Just turn off the check for the StatelessTicketCache (and wherever > its called, also check for null) > 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy > the dependency but still require people to configure it > 3. Create the stub and have it be the default value in the > CasAuthenticationProvider meaning that no configuration is required. > > Thoughts? > > Thanks > -Scott > > -- > Scott Battaglia > Application Developer, Architecture & Engineering Team > Enterprise Systems and Services, Rutgers University > v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] > > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Removal of Requirement for StatelessTicketCache on CasAuthenticationProvider
Ben, Do you have any objections to removing the fact that a StatelessTicketCache is required for the CasAuthenticationProvider? Its only needed when a remoting protocol is used and requires every application to possibly have an unnecessary dependency on EhCache. We have three options: 1. Just turn off the check for the StatelessTicketCache (and wherever its called, also check for null) 2. Create a Stub/NoCacheStatelessTicketCache that is a shell to satisfy the dependency but still require people to configure it 3. Create the stub and have it be the default value in the CasAuthenticationProvider meaning that no configuration is required. Thoughts? Thanks -Scott -- Scott Battaglia Application Developer, Architecture & Engineering Team Enterprise Systems and Services, Rutgers University v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer