Paul,I don't extend SiteminderAuthenticationProcessingFilter and
override the requiresAuthentication() method because every one of my protected
action classes first checks to see if the user is authenticated (i.e. has an
security context holder) before processing the request. I do this by calling
Garvey, Paul M (GE Commercial Finance) wrote:
All,
Does anyone know if there is any plan to fix/investigate the
Siteminder/Acegi integration issue I posted a few days ago.
I made any attempt at fixing the issue but would like to know if anyone
looked at it.
http://forum.springframework.org/sho
On 2/9/06, Ben Alex <[EMAIL PROTECTED]> wrote:
> I went about resolving it differently from suggested, in order to
> maintain encapsulation of session management as greatly as possible
> within HttpSessionContextIntegrationFilter. You can view the JIRA issue
> which explains what was changed at
>
On 2/9/06, Ben Alex <[EMAIL PROTECTED]> wrote:
> This is discussed a few times on the forums. Essentially there is
> nothing we can do about it. Some people have modified the
> ExceptionTranslationFilter (RC2 rename of SecuirtyEnforcementFilter)
> method sendAccessDenied(ServletRequest, ServletRes
All,
Does anyone know if there is any plan to fix/investigate the
Siteminder/Acegi integration issue I posted a few days ago.
I made any attempt at fixing the issue but would like to know if anyone
looked at it.
http://forum.springframework.org/showthread.php?t=22068
http://forum.springframework
Brian Moseley wrote:
it would be preferable, i think, if AnonymousProcessingFilter had a
parameter that controlled whether or not sessions can be created.
thoughts?
Thanks for reporting this, Brian.
I went about resolving it differently from suggested, in order to
maintain encapsulation of
On 2/8/06, Ben Alex <[EMAIL PROTECTED]> wrote:
> I've logged it as
> http://opensource2.atlassian.com/projects/spring/browse/SEC-180 and just
> checked the change and tests into CVS.
thanks ben. works beautifully!
---
This SF.net email is spon
Brian Moseley wrote:
i've configured a custom error page for 403 responses in my web.xml. i
want that page to use the authz taglib to render itself differently
depending on whether the authentication for the request is anonymous
or represents a known user of my application.
This is discussed
after upgrading from 0.9.0 to 1.0.0-RC2, i noticed that
AnonymousProcessingFilter has begun creating sessions, specifically
when it constructs a WebAuthenticationDetails.
i'm using anonymous authen for a simple REST-based protocol and don't
ever want sessions to be created, so i've subclassed
Anon
i've configured a custom error page for 403 responses in my web.xml. i
want that page to use the authz taglib to render itself differently
depending on whether the authentication for the request is anonymous
or represents a known user of my application.
however, acegi security doesn't seem to be g
[EMAIL PROTECTED] wrote:
How can one set up acegi to accept either one of basic or digest
authentication?
Just add them both to the filter chain, and specify your preferred
default (for unauthenticated requests which attempt to access a secure
resource) as the ExceptionTranslationFilter.
How can one set up acegi to accept either one of basic or
digest authentication?
Thanks
Dear Spring Community
I'm pleased to announce that Acegi Security release 1.0.0 Release
Candidate 2 is now available. This release includes over 50 improvements
and fixes since 1.0.0 RC1, including comprehensive new LDAP
capabilities. We recommend that users upgrade to 1.0.0 RC2 in order to
t
13 matches
Mail list logo