Ben Alex wrote:
Seth Ladd wrote:
Hello,
Has anyone done any work to propogate the security context across
remote hessian calls? It seems very straight forward, and wanted to
see if previous work had been done.
Thanks very much,
Seth
Hi Seth
No, it's not yet done.
I was hoping we could automate it so that at the time of invocation, the
client proxy would be set the with ContextHolder-obtained username and
password. Thus it adopts the same approach as now being used for
HttpInvoker and RMI-based invocation. This makes it more useful for
run-as replacement as well as generally more user-friendly.
That's pretty much what we had in mind. Our requirement is an audit log
of all method calls, even those at a remote location. The who in the
audit log is the end user that initiated the use case.
Speaking of, our audit log aspect might be a good donation to Acegi.
Accounting is the third 'A' in AAA, after all. :)
If you'd like to contribute something, I'd be pleased to add it.
If we actually go down this road, I'd be happy to donate what we have.
Thanks,
Seth
--
a href=http://www.picklematrix.net/foaf.rdf;Seth Ladd's FOAF/a
a href=http://www.foaf-project.org/;What is FOAF?/a
---
SF email is sponsored by - The IT Product Guide
Read honest candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
___
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer