t release and access the change log.
We hope you find this new release useful in your projects.
Best regards
Ben Alex
Project Lead, Spring Security
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don
eeks we
will be finalizing the documentation, tests, and ACL support as part of
our 2.0.0 final release.
Please visit http://www.springframework.org/download to download the
latest release and access the change log.
We hope you find this new release useful in your projects.
Best regards
Ben Alex
Hi all
Our hosting provider has just fixed it. They'll be moving it to a
SpringSource dedicated server later today, so that should help with
stability.
Cheers
Ben
Farrukh Najmi wrote:
> Ian Brandt wrote:
>
>> Anyone else unable to reach http://acegisecurity.org/?
>>
>>
>>
>>
>
> +1
>
Hi everyone
Today Luke Taylor and I restructured the SVN repository on SourceForge.
The restructure had several goals:
* To be usable for the 1.0.5 as well as future 2.x releases
* To rename "acegisecurity" to "spring-security" where feasible
* To relocate trunk and tags under "spring-security" (
s
and results will be freely available. Participation will also provide a
custom licensing report for your project. To learn more, please visit:
http://licensing-research.newcastle.edu.au
Thanks for reading this email, and I hope you'll consider participating.
Best regards
Ben Alex
(My apo
Karl Moore wrote:
> Some users have been reporting problems with the examples that are
> bundled with 1.0.4. It appears that
> acegi-security-sample-tutorial.war, is missing all the files apart
> from the jars.
>
Hi Karl
I've added this to JIRA to investigate for the next release:
http://open
Dear Spring Community
I am pleased to advise Acegi Security 1.0.4 is now available.
There are over 50 issues addressed in this release. Existing user
can upgrade to release 1.0.4 with a simple JAR drop.
Please visit http://tinyurl.com/2qey2l for a detailed changelog.
The project's web site at h
Luke Taylor wrote:
> Hey, I spent ages bringing the errors down a while back :). There are
> only 34 at the moment in "core" and 12 are due to spaces around
> brackets. If we can get someone to nail the file down to what we want
> the code to look like (e.g. our benevolent dictator, Ben?), then we
Hi all
Carlos and Luke, what's the latest status of the Maven 2 build? Does the
reference documentation build successfully with Maven 2 as-is? I see
acegisecurity.org hasn't built and uploaded since 18 December 2006.
Luke, is that running the Maven 2 build?
We're shooting at releasing 1.0.4 in th
Hi Bear
Please log all bugs in our JIRA instance, so they're appropriately
tracked and reviewed. All bug reports should ideally contain a unit test
which provides an ongoing test that the bug has been fixed and not
reintroduced. Patches with bug reports are particularly welcome and will
be applied
Research Information Sheet that explains the research and provides you
with details on how to participate or ask further questions.
Thank you taking the time to read this email, and I hope that you will
consider participating.
Kind regards
Ben Alex
CJ wrote:
> Scenario is: an Administrator disables or deletes a user account, while the
> user
> is logged in. The user's Authentication should be revoked from that moment on.
> What is the recommended approach for this in Acegi?
I'd suggest forcing reauthentication for each secure object request
James Carman wrote:
> I am thinking about writing a Spring 2.0 style parser for Acegi
> configuration.
Hi James
This is very important work for a subsequent release, although I'd like
to ensure that the proposed XSD is conceptually similar with other
Spring XSDs (one big benefit of Spring is once
Stephane Bailliez wrote:
> Hi all,
>
> I'm trying to see whether there is an easy way to implement roles
> (authorities) for several applications. Each application having its own
> set of authorities (ie: john being registered as ROLE_SUPERVISOR only
> for application A, does not apply to appli
hrvoje pejcinovic wrote:
> Say I have a simple web app with one login screen and two web pages a,b which
> are protected. App also has two different types of users userA and userB. How
> do I configure the acegi so that upon successful authentication and
> authorisation userA gets re-directed t
Andrei Sereda wrote:
> Hello Team,
>
> One quick question: is it possible to persist different permissions in
> current acegi implementation (acls package) ? It seems to me that only
> BasePermission is supported out of the box (see BasicLookupStrategy
> convertCurrentResultIntoObject() method) .
Mark St.Godard wrote:
> Ben can chime in as well if he would like to add to this..
Hi everyone
As this is an important question, I've posted a blog on the subject:
http://blog.interface21.com/main/2007/01/24/why-the-name-acegi/
Cheers
Ben
--
Krystian Nowak wrote:
> Do you think it is possible to include DACS (http://dacs.dss.ca/) as a
> authentication adapter (just as it is with Yale's CAS)? There were talks
> about the future of authorization in OSS GIS GeoServer
> (http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring
[EMAIL PROTECTED] wrote:
> I have to deploy my application for more than one company and in more
> than one application, so I have to change http://company/casclient
> setting different values to "company" and "casclient". Is there a way to
> set just "/j_acegi_cas_security_check" and let some comp
Camilo Arango wrote:
> One solution I have found is removing both the
> exceptionTranslationFilter and filterInvocationInterceptor from the
> chain and managing authorization with AOP. That way, the exceptions
> are serialized correctly.
This is actually the recommended usage pattern. You use
Fil
Camilo Arango wrote:
> Not always. I seems that only exceptions thrown by the called object
> are propagated by the client. In my case, the exception is thrown by a
> filter, and therefore the call to the Spring remoting proxy never
> occurs and I get and ugly 500 response code at the client.
>
>
Luc Boudreau wrote:
> I'd like to propose a patch to the MethodDefinitionMap. With the actual
> source code, you can't secure inherited methods. This patch will fix the
> problem. It's really simple and straightforward.
>
> I needed it see the inherited methods so I could secure my generic service
[EMAIL PROTECTED] wrote:
> The problem here is that the unique key on the ACL_PERMISSION table is
> [Object (the ACL_OBJECT_IDENTITY reference column), Recipient]. It
> wouldn't seem from the suggested schema for this table that you can
> support different collections for the same Recipient based
[EMAIL PROTECTED] wrote:
> I would like to add new resources (web-pages) to the
> objectDefinitionSource dynamically.
> I don't want to stop the application, change the applicationContext.xml
> and then start the application again.
>
> What is the best way to achieve this?
Just write a database
Camilo Arango wrote:
> I am using Acegi fo a 3-tier Eclipse RCP application using HTTP
> remoting. It has come to my attention that when a remote call throws a
> AccessDeniedException, in the client it is translated to a
> RemoteInvocationException. It would be useful to have an
> AccessDeniedExcep
Didier LINK wrote:
> I've just upgrade acegi in 1.0.3 version (before I've 1.0.1) and my
> webapp drive to an annoying error. This is the same as Matt Raible
> (01-12-2006 on the list archives) but I've some more details.
This was logged as SEC-404 (and 407). I just fixed it in SVN rev 1773.
Che
Davide Romanini wrote:
> I'd want to create a simple extension of this provider to work
> also with UsernamePasswordAuthenticationToken, but it doesn't work,
> because it uses username as its principal object (???) and when I use a
> custom domain object as my "principal" I loose the username!
> I
John Noble wrote:
> So. Does anyone know if I can configure Acegi to handle this kind of
> situation, or should I just run two separate contexts, one /webapp-backend/
> and one /webapp-customer/ for example?
> Or should I have a shared table or something.. "basic_user" that holds
> credentials f
Luke Taylor wrote:
> I suggested to Ben that we refactor the contacts sample to make it a
> single app, rather than having so many different versions. We could
> default to having a standard form login app and leave additional context
> files commented out in the web.xml file. That way people could
Wojciech Gdela wrote:
> Hello,
>
> Where can I find this new ACL stuff (where is the code)? Is there any
> documentation about it?
>
>
It is in release 1.0.3 and has some reference guide coverage, plus the
Contacts Sample. I'm also giving a talk on it tomorrow at The Spring
Experience, after whi
Vinubalaji Gopal wrote:
> So far I see that the database layer is not completely separated and I
> am reimplementing most of the persistence related classes (Acl,
> AclService, MutableAcl, etc).
>
>
I've done my best in the new ACL package to allow a choice of
persistence technologies, as all da
Scott McCrory wrote:
> I'd vote for disabling formatting of comments. That's one thing that
> humans still generally do a better job of managing.
>
I agree, also with Luke's suggestion re "throws" formatting.
Cheers
Ben
Michael Vorburger wrote:
> Hello,
>
> I thought some of you on this list may be interested in my
> http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html
> in the context of propagating Acegi's Security Context in a Spring Web
> Service Remoting scenario... kind of like a
Dear Spring Community
I am pleased to advise Acegi Security 1.0.3 is now available.
This release is mostly a bug fix release, although the new domain object
access control list (ACL) feature is now available for preview. I'll be
presenting a session on this new feature at The Spring Experience ne
Karl Moore wrote:
> Just wondered if there was a road map for the product and where it might be
> going. Are there any plans to take advantage of the new Spring 2.0 features?
1.0.3 will be released soon - probably tomorrow before I fly interstate.
Failing that, it will certainly be out on the wee
Wim Lambrecht wrote:
> anyone ?
>
>
> Wim Lambrecht schreef:
>
>> We've encountered a rather annoying bug in the java5 compiler regarding
>> annotations, see the buglist:
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6365854 . So, it does
>>
>> I know this ain't an acegi bug, but i li
Hi Jin
I think there are already plugin points for each of these steps.
Jin Peng wrote:
>
> 1. Retrieve SSO token from HTTP request (usually SSO cookie)
Authentication mechanism (usually a filter).
> 2. Validate SSO token
> 3. Recreate authentication context from a valid SSO token.
Authenticati
Jose Luis Huertas Fernández wrote:
>
> I was thinking about developing a new module to integrate Acegi with
> OpenSSO (https://opensso.dev.java.net/) in a similar way that the
> existing CAS integration.
>
>
Hi Jose
You'd be very welcome to take this on. It would be good to add another
SSO altern
Robert Blumen wrote:
> It is not clear to me at this point what is the intended usage of the
> SwitchUserProcessingFilter.
>
> Possibly it needs its own failureUrl, something like the
> authenticationProcessingFilter has. And to trap the UsernameNotFound
> and then redirect to the failure url
Lucas Opara wrote:
> Hello,
>
> I was wondering if there is any support in acegi for retrieving authorities
> from a remote web service.
>
> For now, we use straight JDBC connection to an Oracle database to retrieve
> the roles and it works great.
> What we would like to have is a secured web ser
[EMAIL PROTECTED] wrote:
> My question is how I can do something similar to prevent the password
> change page?
>
> The password change page is open to role anonymous because when a new
> user is entered in the system; password expired is set to a past date to
> force the user to change the passw
Dear Spring Community
I am pleased to advise Acegi Security 1.0.2 is now available.
This release is mostly a bug fix release. Existing users can upgrade
with a simple JAR drop, although please first review the upgrade note at
http://opensource.atlassian.com/projects/spring/browse/SEC-340.
Some c
Arturo San Feliciano Martín wrote:
>
> Hi,
>
> Is there any way to avoid acegi filter images? When I see the log i find
> somethings like:
>
> 2006-10-01 12:00:36,010 DEBUG [org.acegisecurity.util.FilterChainProxy] -
> with original chain>
>
> But I don´t want that the filter process the
Twomey, Sean wrote:
> Our application has just recently integrated acegi as our security
> framework. However we now have a requirement to change the session
> identifier (JSESSIONID) after a successful login, since this session id is
> issued at/before the login page, and is thus prone to session
Arturo San Feliciano Martín wrote:
>
> Is there any way to build dinamicaly the asociantions between url pattern and
> ROLE (or profile) ?
>
> Could I save in a DataBase these associations(URL pattern-Profile(ROLE))?
> could acegi could ask for them?
Hi Arturo
You can write a custom FilterInv
[EMAIL PROTECTED] wrote:
> I am trying to build an acegi jar with ntlm support.
> Could anyone tell me the maven command for this?
>
> What version of acegi should I check out to build?
Hi Xiaobo
You will need to checkout from SVN. I believe there is a pom.xml in
sandbox/other, so try running
Hi all
1.0.2 is now ready to release. Carlos, were you still able to take care
of it? I can do so, but I won't have time for a few more days. Please
feel free to remove the reference guide and README.TXT sections that
mention JAR signing. I think we've agreed to drop it.
Cheers
Ben
-
Peter Kharchenko wrote:
> So if I wanted to make use of a voter that needs more than one config
> attribute at the same time, would you recommend writing an alternate
> version of UnanimousBased decision manager, or is there a reason why
> Unanimous decision have to be done this way (and theref
Peter Kharchenko wrote:
> I am writing a custom voter implementation and have a question
> regarding how configuration attributes are being fed to the voters.
Hi Peter
Basically the AccessDecisionVoter.supports(ConfigAttribute attribute)
method is structured the way it is because we want
Abstr
marc antoine garrigue wrote:
> Hi everyone,
> I'm still not confident with this bug since it introduces a major change in
> context initialization; my implementation introduces a
> SecurityContextFactory and all ContextHolderStrategy implementation (that
> now use this factory).
> I think there is
Scott Battaglia wrote:
> Ben,
>
> I've been looking at SEC-348
Hi Scott
I read through the issue in more detail and made the following comment.
I have bumped it to 1.0.3 as noted in the comment. We'll see if the
reporter provides a configuration file or more info:
"I suspect there is a misconf
Hi everyone
23 issues are now resolved, with 3 more still outstanding.
The outstanding issues are SEC-304, SEC-348 and SEC-346, assigned to
Marc Antoine, Scott and Luke respectively.
Would Marc Antoine, Scott and Luke please comment on these tasks, close
them, or assign them to a later release (
Scott McCrory wrote:
> Ben Alex wrote:
>> Could other developers please finalize their 1.0.2-related tasks (see
>> http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa).
>>
>
> Ben, I'd like to get the Siteminder improvements noted in SEC-
Hi Nate
Nathan Sarr wrote:
>I was wondering why not do the following in AccessControlEntry interface:
> public Permission[] getPermissions();
> public int getMask();
> public String getPattern()
Permission is an interface, for which BasePermission and
CumulativePermission are both
Carlos Sanchez wrote:
> I've been deploying snapshot in the maven2 repo after changing stuff
> http://acegisecurity.sourceforge.net/repository/snapshots/
Is this an automated process that will continue? If so, we should change
the downloads.html page to point to it and consider removing the
snaps
marc antoine garrigue wrote:
> May I commit the SEC-304 fix code before 1.0.2 release?
This change is in a sensitive area of code. You can commit provided that
it does not change the API or break backward compatibility for existing
1.0.x stream users or unit tests. I'll also take a look before re
Baz wrote:
> if (principal instanceof
> org.acegisecurity.userdetails.User) {
> User user = (User) principal;
> userName = user.getUsername();
> } else {
> userName
Aleksei Valikov wrote:
> Hi.
>
>> There's a LogoutFilter in 1.0+
>>
>> http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/ui/logout/LogoutFilter.html
>
> Of course it is there, but it does not invalidate session on logout per
> default.
> Doing something on logou
Andrew M. Hust wrote:
> I am trying to authenticate users from parameters passed plan text in
> the url. I know it's not the most security minded but the
> functionality is required.
Proxy servers, logs, history lists etc. It is a bad idea putting
passwords and usernames into URL query strings.
Carlos Sanchez wrote:
> Will it be possible to make a 1.0.2 bug release in the next two weeks?
> I can go thorugh all the release process, i just would like to know if
> people agree in taking what it is curently in svn and tag it as 1.0.2.
Hi Carlos
You want to be release manager? I would certai
Nathan Sarr wrote:
> Hello,
>
>Here are a few patches that I hope will help. I also have a few questions
> and was wondering if anyone would mind offering some advice / help.
>
> For the patches -
>
> BasePermissions.java.patch.txt - I added DELETE to the BasePermissions class.
> Permissi
Nathan Sarr wrote:
> Looking at the ACE interface, I was wondering why an ACE only has a single
> Sid and not an array of Sid(s) to allow a group of Sid(s) to be associated
> with the same permission.
This is because an AccessControlEntry applies to a particular Sid. You
can have multiple Acce
Ray Krueger wrote:
> Ben were you suggesting having acegi-version.jar would be just binary,
> and acegi-version-sources.jar would be binary with source?
Yes, a traditional .class-only JAR, and a combined .class plus .java
JAR. People like me would use the latter, whereas people concerned about
th
Carlos Sanchez wrote:
>> Ben, does eclipse automatically recognize the source code when it is
>> distributed inside the compiled Jar?
>
> I don't think so and I don't really like that approach because if you
> provide the sources, why don't provide the javadocs too?
Eclipse DOES automatically re
Luke Taylor wrote:
> On the branching front, it seems like we could be making more use of
> branches with subversion.
I am happy for these changes to be made. Whilst changing to Maven 2 we
should also give consideration to how we distribute source code for IDE
integration. At present we release a
On Sun, 2006-08-27 at 10:16 -0500, Hector Suarez Barenca wrote:
> Is there an example about how to integrate hessian and acegi?, could you
> tell me where i could find examples?
The Contacts sample in its client/clientContext.xml can be changed to
use Hessian. However, as an aside, think carefull
On Sat, 2006-08-26 at 14:56 -0700, Robert Blumen wrote:
> With the event-listening approach,
> I see that you could track the number of
> failed attempts, but how would that tie
> back into preventing additional attempts
> after the limit was exceeded? Wouldn't
> you have to modify the authenticat
Luke Taylor wrote:
> That's good. You'll be an expert on branching with subversion then :-).
>
> I'd like to get the automatic build upgraded to Maven 2 as well (and
> running again). There are a couple of issues I've come across so far:
I am a BIG fan of moving to Maven 2 ASAP. Acegi Security is
Brian Pontarelli wrote:
> I think the issue is that the login is a component that exists on many
> pages and the login/failure should return the user to the page they were
> viewing rather than a stock login/home page.
>
> The best bet at this point is probably to subclass APF and just redirect
Tom Stroobants wrote:
> Suppose that my login form is integrated in an other page and I want to
> return to that page that integrated my login page (so the original page)
> ... How do you do that in ACEGI ?
Couldn't you use AbstractProcessingFilter.defaultTargetUrl = your login
page plus Abstract
hv @ Fashion Content wrote:
> How would you configure a login policy where
> 1) The last username used is never forgotten(saved in cookie)
You can't do that out of the box. You could investigate plugging into
the remember-me filter, though, which has hooks to send back cookies
after successful au
[EMAIL PROTECTED] wrote:
> Most of the components in ACEGI have their own interface, then provide an
> implementation.
> e.g. AuthenticationEntryPoint
>
> The ExceptionTranslationFilter does not, it is a class that implements Filter.
>
> I am running into some problems with proxying and auto-wi
[EMAIL PROTECTED] wrote:
> This seems to be working ok, however, this might be slightly
> simpler to do if the AuthenticationException had its own
> handler interface, like the accessDeniedHandler.
>
> call it the authentcationFailedHandler.
Most people either do it the way you have, or listen f
Luo Shifei wrote:
> Dear All,
>
>When about Acegi 1.0.2 will be released? And When
> about Acegi 1.1 will be released? The New Domain
> Support will be included in Acegi 1.1?
Both will be released over the next three months.
I'd estimate 1.0.2 in about a month, and 1.1.0 in late November, but
Kimball, Mark W wrote:
> In AbstractUserDetailsAuthenticationProvider the authenticate() method
> calls the additionalAuthenticationChecks() method in a try block and can
> catch an AuthenticationException. The code in the catch block (line 147
> for rel 1.0.1) calls the retrieveUser() and
> addit
[EMAIL PROTECTED] wrote:
> The methods shown below in FIgure 1 return an iterator.
>
> I would like to see the methods return the collection rather than
> an iterator for these reasons:
> org.acegisecurity.intercept.ObjectDefinitionSource:
> getConfigAttributeDefinitions
> org.acegisecurity.inte
[EMAIL PROTECTED] wrote:
> I would like to be able to initialize the FilterChainProxy
> entirely using Spring XML tags, without relying on the special
> syntax parsed by the ACEGI property editors. I have various
> reasons for this, one being that the Spring IDE and the XML
> parser do not underst
McGovern, James F (HTSC, IT) wrote:
> In searching through the archives, I ran across a discussion in 2004 on
> combining ACEGI and XAMCL that seemed to have went no where because it was
> too difficult. Is the position still the same?
There has been no progress on this issue, because we haven't
[EMAIL PROTECTED] wrote:
> The method
> org.acegisecurity. userdetails.User.equals
>
> requires that the GrantedAuthority values on the
> two instance be in the same order.
>
> Unless there is some order dependency in the behavior,
> does it make sense to require that the order be the
> same for
Hi Pete
Pete Guyatt wrote:
>
>
>
> Does anyone have any objections to this suggestion?
>
None at all. Looks fine at first glance.
>
>
> Sorry about posting this bug via the mailing list, but I could not see
> any way to report this bug via JIRA or the website. For future
> reference I would
Carlos Sanchez wrote:
> anyone?
>
> On 7/20/06, Carlos Sanchez <[EMAIL PROTECTED]> wrote:
>
>> I'm just wondering what people think about protected empty constructor
>> so I can extend that classes instead of write wrappers.
>>
>>
Hi Carlos
I am not a big fan of this idea. It's still compr
Kujat, Aaron wrote:
> I have downloaded the acegi-security-1.0.1 release from a number of
> mirrors now and I have not been able to find a properly signed jar file.
>
>
Hi Aaron
The JARs were not signed in 1.0.1 and this is not a problem. You can
read more at
http://www.mail-archive.com/acegi
Kirin Eugene wrote:
> I want to allow to watch this link not all users with "user" permission,
> but only user with concrete ID. Other words, if user has the "user" role and
> id = 5,
> then to show link. Do you know how better it to implement?
>
>
>
The taglib is designed only to work with rol
Limanus wrote:
> My acegiApplicationContext is :
>
> acegiApplicationContext.xml
>
> and the users.properties is:
> admin=password,PERAN_BASUKI_PUSAT
>
>
>
Hi David
Please try the user forums at http://forums.springframework.org. Don't
forget to post your debug-level log and XML configuration
Brian Pontarelli wrote:
> Hey Ben and Ray, sorry about not getting back to you on this stuff. The
> SF mailing lists have been a real pain in the butt. I resubscribed to
> the developer list once again and hopefully this time it takes and I
> start receiving emails.
>
> I'll have the patch up in
Luke Taylor wrote:
> I agree that reusability is important but I'm not convinced that these
> changes are justified on this basis, or that is just about balancing
> reusability and ease of use. The use of constructor arguments is about
> guaranteeing that objects can only be created with a specific
Brian Pontarelli wrote:
> Hello everyone. I'd like to try one last time to get some backing from
> the Acegi developers for a patch to include AJAX login support into
> Acegi. I have written all of the code and just need to finish test
> cases, but I'd like to commit this back into the main line
[EMAIL PROTECTED] wrote:
> Hi All,
> In the Docbook, at the end of Chapter 9: "Siteminder
> Authentication Mechanism," someone added a TODO suggesting that a
> dedicated AuthenticationProvider be created instead of users having to
> modify their DaoAuthenticationProvider. They don't actu
Carlos Sanchez wrote:
> I'd like to announce the release of Acegi Security 1.0.1
>
> It won't be available through the normal Sourceforge download page
> (for now), the preferred method is through the Maven repository which
> contains the jars, javadocs and sources, with corresponding
> signatures.
Andrew Perepelytsya wrote:
> 1. Where is
> net.sf.acegisecurity.context.ContextInvalidExceptionContextInvalidException
> now? What is the replacement for it?
> 2. The SecureContext class had the validate() method, but I can't find it in
> SecurityContext now, neither does SecurityContextImpl contai
Matthew Holt wrote:
> 1. Read SSO cookie username.
> 2. Check username against LDAP.
>
>
You need to write an "authentication mechanism" that can setup the
SecurityContextHolder with an Authentication object representing the
username derived from your SSO cookie. Usually this will be i
Mark St.Godard wrote:
> Just a note, Ben I will be updating the contacts-tiger sample project,
> I noticed it was not converted over. I will create an JIRA entry for
> myself and update this tomorow.
>
I just checked and it looked to me like it was built for 1.0.0. What
specifically wasn't con
Dear Spring Community
After more than two and a half years of development, I am delighted to
announce that Acegi Security 1.0.0 is now officially released.
In addition to more than 80 improvements and fixes since 1.0.0 RC2, this
new release also includes several changes to help new users. This
Luke Taylor wrote:
> If not, it may be that the working directory is corrupt.
>
That was the problem. Fixed now.
Cheers
Ben
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https
Luke Taylor wrote:
> I'm not seeing any problems with the latest code... I just rebuilt the
> web site and all the tests seems to be passing.
>
> There's quite a serious overhead in starting up the Ldap server which is
> why I made it a static field. Maven 1 seems to reload the class each
> time
Angelo Luis wrote:
> this is not fixed:
> http://opensource.atlassian.com/projects/spring/browse/SEC-99
It isn't fixed for the reasons I provided in the comment, being:
"I wish there was a simple way of resolving this issue, but whatever we
do would inevitably break backward compatibility and re
Joern Huxhorn wrote:
> It's possible that I'm missing something but I think it should be
> removed from the jar.
>
It has already been taken care of. See SEC-240.
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity
Hi everyone
I would like to release 1.0.0 final on Friday 26 May. All JIRA issues
assigned to me are now either completed or marked for a future release.
Please note that source code reformatting with Jalopy has been completed
(SEC-97) and the /jalopy.xml file revised. One of the changes incl
Richard Han wrote:
My question probably is more suitable to user-list, but we don't have one.
Anyway, I am new to acegi, my question is, how do you customize role names,
for instance, if I want to use ROLE_STUDENT, ROLE_PROFESSOR, how would I let
acegi recognize them?
In two places:
1. Thes
Ben Munat wrote:
I'm using RC-2 and I think I'm having trouble with the
IllegalStateException problem as detailed in SEC-211. It appears that
this issue is fixed in CVS, but won't be in a release until 1.0 final.
Wondering if you guys are close on final (like in the next week or
so), or if I s
1 - 100 of 646 matches
Mail list logo