[Acegisecurity-developer] [ANN] Spring Security 2.0.0 Released

t release and access the change log. We hope you find this new release useful in your projects. Best regards Ben Alex Project Lead, Spring Security - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don

[Acegisecurity-developer] [ANN] Spring Security 2.0.0 RC1 Released

eeks we will be finalizing the documentation, tests, and ACL support as part of our 2.0.0 final release. Please visit http://www.springframework.org/download to download the latest release and access the change log. We hope you find this new release useful in your projects. Best regards Ben Alex

Re: [Acegisecurity-developer] Site down?

Hi all Our hosting provider has just fixed it. They'll be moving it to a SpringSource dedicated server later today, so that should help with stability. Cheers Ben Farrukh Najmi wrote: > Ian Brandt wrote: > >> Anyone else unable to reach http://acegisecurity.org/? >> >> >> >> > > +1 >

[Acegisecurity-developer] SEC-533: Subversion repository restructure

Hi everyone Today Luke Taylor and I restructured the SVN repository on SourceForge. The restructure had several goals: * To be usable for the 1.0.5 as well as future 2.x releases * To rename "acegisecurity" to "spring-security" where feasible * To relocate trunk and tags under "spring-security" (

[Acegisecurity-developer] OT: Invitation to participate in research project

s and results will be freely available. Participation will also provide a custom licensing report for your project. To learn more, please visit: http://licensing-research.newcastle.edu.au Thanks for reading this email, and I hope you'll consider participating. Best regards Ben Alex (My apo

Re: [Acegisecurity-developer] Problems with 1.0.4 examples

Karl Moore wrote: > Some users have been reporting problems with the examples that are > bundled with 1.0.4. It appears that > acegi-security-sample-tutorial.war, is missing all the files apart > from the jars. > Hi Karl I've added this to JIRA to investigate for the next release: http://open

[Acegisecurity-developer] [ANN] Acegi Security 1.0.4 released

Dear Spring Community I am pleased to advise Acegi Security 1.0.4 is now available. There are over 50 issues addressed in this release. Existing user can upgrade to release 1.0.4 with a simple JAR drop. Please visit http://tinyurl.com/2qey2l for a detailed changelog. The project's web site at h

Re: [Acegisecurity-developer] Jalopy?

Luke Taylor wrote: > Hey, I spent ages bringing the errors down a while back :). There are > only 34 at the moment in "core" and 12 are due to spaces around > brackets. If we can get someone to nail the file down to what we want > the code to look like (e.g. our benevolent dictator, Ben?), then we

Re: [Acegisecurity-developer] Our build is a mess...

Hi all Carlos and Luke, what's the latest status of the Maven 2 build? Does the reference documentation build successfully with Maven 2 as-is? I see acegisecurity.org hasn't built and uploaded since 18 December 2006. Luke, is that running the Maven 2 build? We're shooting at releasing 1.0.4 in th

Re: [Acegisecurity-developer] bug in AclAuthorizationStrategyImpl

Hi Bear Please log all bugs in our JIRA instance, so they're appropriately tracked and reviewed. All bug reports should ideally contain a unit test which provides an ongoing test that the bug has been fixed and not reintroduced. Patches with bug reports are particularly welcome and will be applied

[Acegisecurity-developer] Invitation to participate in research project

Research Information Sheet that explains the research and provides you with details on how to participate or ask further questions. Thank you taking the time to read this email, and I hope that you will consider participating. Kind regards Ben Alex

Re: [Acegisecurity-developer] How to invalidate Authentication when a user's account is disabled or deleted?

CJ wrote: > Scenario is: an Administrator disables or deletes a user account, while the > user > is logged in. The user's Authentication should be revoked from that moment on. > What is the recommended approach for this in Acegi? I'd suggest forcing reauthentication for each secure object request

Re: [Acegisecurity-developer] Spring 2.0 XSD/Parsers

James Carman wrote: > I am thinking about writing a Spring 2.0 style parser for Acegi > configuration. Hi James This is very important work for a subsequent release, although I'd like to ensure that the proposed XSD is conceptually similar with other Spring XSDs (one big benefit of Spring is once

Re: [Acegisecurity-developer] Multiple applications and different roles

Stephane Bailliez wrote: > Hi all, > > I'm trying to see whether there is an easy way to implement roles > (authorities) for several applications. Each application having its own > set of authorities (ie: john being registered as ROLE_SUPERVISOR only > for application A, does not apply to appli

Re: [Acegisecurity-developer] newbie question

hrvoje pejcinovic wrote: > Say I have a simple web app with one login screen and two web pages a,b which > are protected. App also has two different types of users userA and userB. How > do I configure the acegi so that upon successful authentication and > authorisation userA gets re-directed t

Re: [Acegisecurity-developer] persisting Permission

Andrei Sereda wrote: > Hello Team, > > One quick question: is it possible to persist different permissions in > current acegi implementation (acls package) ? It seems to me that only > BasePermission is supported out of the box (see BasicLookupStrategy > convertCurrentResultIntoObject() method) .

Re: [Acegisecurity-developer] Acegi Rebranding??

Mark St.Godard wrote: > Ben can chime in as well if he would like to add to this.. Hi everyone As this is an important question, I've posted a blog on the subject: http://blog.interface21.com/main/2007/01/24/why-the-name-acegi/ Cheers Ben --

Re: [Acegisecurity-developer] [Fwd: [Fwd: Re: Authentication and authorization status in OGC-compliant OSS GIS software]]

Krystian Nowak wrote: > Do you think it is possible to include DACS (http://dacs.dss.ca/) as a > authentication adapter (just as it is with Yale's CAS)? There were talks > about the future of authorization in OSS GIS GeoServer > (http://docs.codehaus.org/display/GEOS/Home) which heavily uses Spring

Re: [Acegisecurity-developer] Configuring org.acegisecurity.ui.cas.ServiceProperties

[EMAIL PROTECTED] wrote: > I have to deploy my application for more than one company and in more > than one application, so I have to change http://company/casclient > setting different values to "company" and "casclient". Is there a way to > set just "/j_acegi_cas_security_check" and let some comp

Re: [Acegisecurity-developer] AuthenticationSimpleHttpInvokerRequestExecutor should validate response codes?

Camilo Arango wrote: > One solution I have found is removing both the > exceptionTranslationFilter and filterInvocationInterceptor from the > chain and managing authorization with AOP. That way, the exceptions > are serialized correctly. This is actually the recommended usage pattern. You use Fil

Re: [Acegisecurity-developer] AuthenticationSimpleHttpInvokerRequestExecutor should validate response codes?

Camilo Arango wrote: > Not always. I seems that only exceptions thrown by the called object > are propagated by the client. In my case, the exception is thrown by a > filter, and therefore the call to the Spring remoting proxy never > occurs and I get and ugly 500 response code at the client. > >

Re: [Acegisecurity-developer] MethodDefinitionMap and inherited methods

Luc Boudreau wrote: > I'd like to propose a patch to the MethodDefinitionMap. With the actual > source code, you can't secure inherited methods. This patch will fix the > problem. It's really simple and straightforward. > > I needed it see the inherited methods so I could secure my generic service

Re: [Acegisecurity-developer] using acl_permission and acl_object_identity for complex cases

[EMAIL PROTECTED] wrote: > The problem here is that the unique key on the ACL_PERMISSION table is > [Object (the ACL_OBJECT_IDENTITY reference column), Recipient]. It > wouldn't seem from the suggested schema for this table that you can > support different collections for the same Recipient based

Re: [Acegisecurity-developer] How can the objectDefintionSource be updated dynamically?

[EMAIL PROTECTED] wrote: > I would like to add new resources (web-pages) to the > objectDefinitionSource dynamically. > I don't want to stop the application, change the applicationContext.xml > and then start the application again. > > What is the best way to achieve this? Just write a database

Re: [Acegisecurity-developer] AuthenticationSimpleHttpInvokerRequestExecutor should validate response codes?

Camilo Arango wrote: > I am using Acegi fo a 3-tier Eclipse RCP application using HTTP > remoting. It has come to my attention that when a remote call throws a > AccessDeniedException, in the client it is translated to a > RemoteInvocationException. It would be useful to have an > AccessDeniedExcep

Re: [Acegisecurity-developer] rememberMe problem since SEC-359

Didier LINK wrote: > I've just upgrade acegi in 1.0.3 version (before I've 1.0.1) and my > webapp drive to an annoying error. This is the same as Matt Raible > (01-12-2006 on the list archives) but I've some more details. This was logged as SEC-404 (and 407). I just fixed it in SVN rev 1773. Che

Re: [Acegisecurity-developer] Authentication objects inconsistent

Davide Romanini wrote: > I'd want to create a simple extension of this provider to work > also with UsernamePasswordAuthenticationToken, but it doesn't work, > because it uses username as its principal object (???) and when I use a > custom domain object as my "principal" I loose the username! > I

Re: [Acegisecurity-developer] Fwd: multiple authentication stores in one context?

John Noble wrote: > So. Does anyone know if I can configure Acegi to handle this kind of > situation, or should I just run two separate contexts, one /webapp-backend/ > and one /webapp-customer/ for example? > Or should I have a shared table or something.. "basic_user" that holds > credentials f

Re: [Acegisecurity-developer] Switching completely to Maven 2

Luke Taylor wrote: > I suggested to Ben that we refactor the contacts sample to make it a > single app, rather than having so many different versions. We could > default to having a standard form login app and leave additional context > files commented out in the web.xml file. That way people could

Re: [Acegisecurity-developer] ACL sanfbox status

Wojciech Gdela wrote: > Hello, > > Where can I find this new ACL stuff (where is the code)? Is there any > documentation about it? > > It is in release 1.0.3 and has some reference guide coverage, plus the Contacts Sample. I'm also giving a talk on it tomorrow at The Spring Experience, after whi

Re: [Acegisecurity-developer] ACL sanfbox status

Vinubalaji Gopal wrote: > So far I see that the database layer is not completely separated and I > am reimplementing most of the persistence related classes (Acl, > AclService, MutableAcl, etc). > > I've done my best in the new ACL package to allow a choice of persistence technologies, as all da

Re: [Acegisecurity-developer] Jalopy formatting

Scott McCrory wrote: > I'd vote for disabling formatting of comments. That's one thing that > humans still generally do a better job of managing. > I agree, also with Luke's suggestion re "throws" formatting. Cheers Ben

Re: [Acegisecurity-developer] Propagating Acegi's Security Context in Web Service SOAP Header

Michael Vorburger wrote: > Hello, > > I thought some of you on this list may be interested in my > http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html > in the context of propagating Acegi's Security Context in a Spring Web > Service Remoting scenario... kind of like a

[Acegisecurity-developer] [ANN] Acegi Security 1.0.3 released

Dear Spring Community I am pleased to advise Acegi Security 1.0.3 is now available. This release is mostly a bug fix release, although the new domain object access control list (ACL) feature is now available for preview. I'll be presenting a session on this new feature at The Spring Experience ne

Re: [Acegisecurity-developer] Acegi Roadmap (and preparing for 1.0.3)

Karl Moore wrote: > Just wondered if there was a road map for the product and where it might be > going. Are there any plans to take advantage of the new Spring 2.0 features? 1.0.3 will be released soon - probably tomorrow before I fly interstate. Failing that, it will certainly be out on the wee

Re: [Acegisecurity-developer] java5 compiler bug regarding annotations - annoying

Wim Lambrecht wrote: > anyone ? > > > Wim Lambrecht schreef: > >> We've encountered a rather annoying bug in the java5 compiler regarding >> annotations, see the buglist: >> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6365854 . So, it does >> >> I know this ain't an acegi bug, but i li

Re: [Acegisecurity-developer] OpenSSO integration... what do you think?

Hi Jin I think there are already plugin points for each of these steps. Jin Peng wrote: > > 1. Retrieve SSO token from HTTP request (usually SSO cookie) Authentication mechanism (usually a filter). > 2. Validate SSO token > 3. Recreate authentication context from a valid SSO token. Authenticati

Re: [Acegisecurity-developer] OpenSSO integration... what do you think?

Jose Luis Huertas Fernández wrote: > > I was thinking about developing a new module to integrate Acegi with > OpenSSO (https://opensso.dev.java.net/) in a similar way that the > existing CAS integration. > > Hi Jose You'd be very welcome to take this on. It would be good to add another SSO altern

Re: [Acegisecurity-developer] switch user filter - exception processing

Robert Blumen wrote: > It is not clear to me at this point what is the intended usage of the > SwitchUserProcessingFilter. > > Possibly it needs its own failureUrl, something like the > authenticationProcessingFilter has. And to trap the UsernameNotFound > and then redirect to the failure url

Re: [Acegisecurity-developer] Retrieve Authorities remotely

Lucas Opara wrote: > Hello, > > I was wondering if there is any support in acegi for retrieving authorities > from a remote web service. > > For now, we use straight JDBC connection to an Oracle database to retrieve > the roles and it works great. > What we would like to have is a secured web ser

Re: [Acegisecurity-developer] How to prevent brute force attack

[EMAIL PROTECTED] wrote: > My question is how I can do something similar to prevent the password > change page? > > The password change page is open to role anonymous because when a new > user is entered in the system; password expired is set to a past date to > force the user to change the passw

[Acegisecurity-developer] [ANN] Acegi Security 1.0.2 released

Dear Spring Community I am pleased to advise Acegi Security 1.0.2 is now available. This release is mostly a bug fix release. Existing users can upgrade with a simple JAR drop, although please first review the upgrade note at http://opensource.atlassian.com/projects/spring/browse/SEC-340. Some c

Re: [Acegisecurity-developer] No process filter with images

Arturo San Feliciano Martín wrote: > > Hi, > > Is there any way to avoid acegi filter images? When I see the log i find > somethings like: > > 2006-10-01 12:00:36,010 DEBUG [org.acegisecurity.util.FilterChainProxy] - > with original chain> > > But I don´t want that the filter process the

Re: [Acegisecurity-developer] Changing the session identifier after a successful login

Twomey, Sean wrote: > Our application has just recently integrated acegi as our security > framework. However we now have a requirement to change the session > identifier (JSESSIONID) after a successful login, since this session id is > issued at/before the login page, and is thus prone to session

Re: [Acegisecurity-developer] Dinamic objectDefinitionSource

Arturo San Feliciano Martín wrote: > > Is there any way to build dinamicaly the asociantions between url pattern and > ROLE (or profile) ? > > Could I save in a DataBase these associations(URL pattern-Profile(ROLE))? > could acegi could ask for them? Hi Arturo You can write a custom FilterInv

Re: [Acegisecurity-developer] NTLM support

[EMAIL PROTECTED] wrote: > I am trying to build an acegi jar with ntlm support. > Could anyone tell me the maven command for this? > > What version of acegi should I check out to build? Hi Xiaobo You will need to checkout from SVN. I believe there is a pom.xml in sandbox/other, so try running

[Acegisecurity-developer] Release 1.0.2 ready

Hi all 1.0.2 is now ready to release. Carlos, were you still able to take care of it? I can do so, but I won't have time for a few more days. Please feel free to remove the reference guide and README.TXT sections that mention JAR signing. I think we've agreed to drop it. Cheers Ben -

Re: [Acegisecurity-developer] AccessDecisionVoter interface and multiple configuration attributes

Peter Kharchenko wrote: > So if I wanted to make use of a voter that needs more than one config > attribute at the same time, would you recommend writing an alternate > version of UnanimousBased decision manager, or is there a reason why > Unanimous decision have to be done this way (and theref

Re: [Acegisecurity-developer] AccessDecisionVoter interface and multiple configuration attributes

Peter Kharchenko wrote: > I am writing a custom voter implementation and have a question > regarding how configuration attributes are being fed to the voters. Hi Peter Basically the AccessDecisionVoter.supports(ConfigAttribute attribute) method is structured the way it is because we want Abstr

Re: [Acegisecurity-developer] Releasing 1.0.2

marc antoine garrigue wrote: > Hi everyone, > I'm still not confident with this bug since it introduces a major change in > context initialization; my implementation introduces a > SecurityContextFactory and all ContextHolderStrategy implementation (that > now use this factory). > I think there is

Re: [Acegisecurity-developer] SEC-348

Scott Battaglia wrote: > Ben, > > I've been looking at SEC-348 Hi Scott I read through the issue in more detail and made the following comment. I have bumped it to 1.0.3 as noted in the comment. We'll see if the reporter provides a configuration file or more info: "I suspect there is a misconf

Re: [Acegisecurity-developer] Releasing 1.0.2 - final 3 issues

Hi everyone 23 issues are now resolved, with 3 more still outstanding. The outstanding issues are SEC-304, SEC-348 and SEC-346, assigned to Marc Antoine, Scott and Luke respectively. Would Marc Antoine, Scott and Luke please comment on these tasks, close them, or assign them to a later release (

Re: [Acegisecurity-developer] Releasing 1.0.2

Scott McCrory wrote: > Ben Alex wrote: >> Could other developers please finalize their 1.0.2-related tasks (see >> http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa). >> > > Ben, I'd like to get the Siteminder improvements noted in SEC-

Re: [Acegisecurity-developer] ACL Sandbox Code

Hi Nate Nathan Sarr wrote: >I was wondering why not do the following in AccessControlEntry interface: > public Permission[] getPermissions(); > public int getMask(); > public String getPattern() Permission is an interface, for which BasePermission and CumulativePermission are both

Re: [Acegisecurity-developer] Releasing 1.0.2

Carlos Sanchez wrote: > I've been deploying snapshot in the maven2 repo after changing stuff > http://acegisecurity.sourceforge.net/repository/snapshots/ Is this an automated process that will continue? If so, we should change the downloads.html page to point to it and consider removing the snaps

Re: [Acegisecurity-developer] Releasing 1.0.2

marc antoine garrigue wrote: > May I commit the SEC-304 fix code before 1.0.2 release? This change is in a sensitive area of code. You can commit provided that it does not change the API or break backward compatibility for existing 1.0.x stream users or unit tests. I'll also take a look before re

Re: [Acegisecurity-developer] XACML

Baz wrote: > if (principal instanceof > org.acegisecurity.userdetails.User) { > User user = (User) principal; > userName = user.getUsername(); > } else { > userName

Re: [Acegisecurity-developer] InvalidateSessionLogoutHandler

Aleksei Valikov wrote: > Hi. > >> There's a LogoutFilter in 1.0+ >> >> http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/ui/logout/LogoutFilter.html > > Of course it is there, but it does not invalidate session on logout per > default. > Doing something on logou

Re: [Acegisecurity-developer] Authenticate Thru URL Query

Andrew M. Hust wrote: > I am trying to authenticate users from parameters passed plan text in > the url. I know it's not the most security minded but the > functionality is required. Proxy servers, logs, history lists etc. It is a bad idea putting passwords and usernames into URL query strings.

Re: [Acegisecurity-developer] Releasing 1.0.2

Carlos Sanchez wrote: > Will it be possible to make a 1.0.2 bug release in the next two weeks? > I can go thorugh all the release process, i just would like to know if > people agree in taking what it is curently in svn and tag it as 1.0.2. Hi Carlos You want to be release manager? I would certai

Re: [Acegisecurity-developer] ACLs and sandbox code

Nathan Sarr wrote: > Hello, > >Here are a few patches that I hope will help. I also have a few questions > and was wondering if anyone would mind offering some advice / help. > > For the patches - > > BasePermissions.java.patch.txt - I added DELETE to the BasePermissions class. > Permissi

Re: [Acegisecurity-developer] ACL Sandbox

Nathan Sarr wrote: > Looking at the ACE interface, I was wondering why an ACE only has a single > Sid and not an array of Sid(s) to allow a group of Sid(s) to be associated > with the same permission. This is because an AccessControlEntry applies to a particular Sid. You can have multiple Acce

Re: [Acegisecurity-developer] About The Following Acegi Releases

Ray Krueger wrote: > Ben were you suggesting having acegi-version.jar would be just binary, > and acegi-version-sources.jar would be binary with source? Yes, a traditional .class-only JAR, and a combined .class plus .java JAR. People like me would use the latter, whereas people concerned about th

Re: [Acegisecurity-developer] About The Following Acegi Releases

Carlos Sanchez wrote: >> Ben, does eclipse automatically recognize the source code when it is >> distributed inside the compiled Jar? > > I don't think so and I don't really like that approach because if you > provide the sources, why don't provide the javadocs too? Eclipse DOES automatically re

Re: [Acegisecurity-developer] About The Following Acegi Releases

Luke Taylor wrote: > On the branching front, it seems like we could be making more use of > branches with subversion. I am happy for these changes to be made. Whilst changing to Maven 2 we should also give consideration to how we distribute source code for IDE integration. At present we release a

Re: [Acegisecurity-developer] Acegi and hessian/burlap

On Sun, 2006-08-27 at 10:16 -0500, Hector Suarez Barenca wrote: > Is there an example about how to integrate hessian and acegi?, could you > tell me where i could find examples? The Contacts sample in its client/clientContext.xml can be changed to use Hessian. However, as an aside, think carefull

Re: [Acegisecurity-developer] Limiting number of failed logins

On Sat, 2006-08-26 at 14:56 -0700, Robert Blumen wrote: > With the event-listening approach, > I see that you could track the number of > failed attempts, but how would that tie > back into preventing additional attempts > after the limit was exceeded? Wouldn't > you have to modify the authenticat

Re: [Acegisecurity-developer] About The Following Acegi Releases

Luke Taylor wrote: > That's good. You'll be an expert on branching with subversion then :-). > > I'd like to get the automatic build upgraded to Maven 2 as well (and > running again). There are a couple of issues I've come across so far: I am a BIG fan of moving to Maven 2 ASAP. Acegi Security is

Re: [Acegisecurity-developer] Dynamic defaultTargetUrl

Brian Pontarelli wrote: > I think the issue is that the login is a component that exists on many > pages and the login/failure should return the user to the page they were > viewing rather than a stock login/home page. > > The best bet at this point is probably to subclass APF and just redirect

Re: [Acegisecurity-developer] Dynamic defaultTargetUrl

Tom Stroobants wrote: > Suppose that my login form is integrated in an other page and I want to > return to that page that integrated my login page (so the original page) > ... How do you do that in ACEGI ? Couldn't you use AbstractProcessingFilter.defaultTargetUrl = your login page plus Abstract

Re: [Acegisecurity-developer] amazon like login

hv @ Fashion Content wrote: > How would you configure a login policy where > 1) The last username used is never forgotten(saved in cookie) You can't do that out of the box. You could investigate plugging into the remember-me filter, though, which has hooks to send back cookies after successful au

Re: [Acegisecurity-developer] ExceptionTranslationFilter not an interface

[EMAIL PROTECTED] wrote: > Most of the components in ACEGI have their own interface, then provide an > implementation. > e.g. AuthenticationEntryPoint > > The ExceptionTranslationFilter does not, it is a class that implements Filter. > > I am running into some problems with proxying and auto-wi

Re: [Acegisecurity-developer] Limiting number of failed logins

[EMAIL PROTECTED] wrote: > This seems to be working ok, however, this might be slightly > simpler to do if the AuthenticationException had its own > handler interface, like the accessDeniedHandler. > > call it the authentcationFailedHandler. Most people either do it the way you have, or listen f

Re: [Acegisecurity-developer] About The Following Acegi Releases

Luo Shifei wrote: > Dear All, > >When about Acegi 1.0.2 will be released? And When > about Acegi 1.1 will be released? The New Domain > Support will be included in Acegi 1.1? Both will be released over the next three months. I'd estimate 1.0.2 in about a month, and 1.1.0 in late November, but

Re: [Acegisecurity-developer] Retrieving User after AuthenticationException

Kimball, Mark W wrote: > In AbstractUserDetailsAuthenticationProvider the authenticate() method > calls the additionalAuthenticationChecks() method in a try block and can > catch an AuthenticationException. The code in the catch block (line 147 > for rel 1.0.1) calls the retrieveUser() and > addit

Re: [Acegisecurity-developer] return of Iterator from methods

[EMAIL PROTECTED] wrote: > The methods shown below in FIgure 1 return an iterator. > > I would like to see the methods return the collection rather than > an iterator for these reasons: > org.acegisecurity.intercept.ObjectDefinitionSource: > getConfigAttributeDefinitions > org.acegisecurity.inte

Re: [Acegisecurity-developer] FilterChain proxy initialization and subclass

[EMAIL PROTECTED] wrote: > I would like to be able to initialize the FilterChainProxy > entirely using Spring XML tags, without relying on the special > syntax parsed by the ACEGI property editors. I have various > reasons for this, one being that the Spring IDE and the XML > parser do not underst

Re: [Acegisecurity-developer] XACML

McGovern, James F (HTSC, IT) wrote: > In searching through the archives, I ran across a discussion in 2004 on > combining ACEGI and XAMCL that seemed to have went no where because it was > too difficult. Is the position still the same? There has been no progress on this issue, because we haven't

Re: [Acegisecurity-developer] User.equals method requires same sequence

[EMAIL PROTECTED] wrote: > The method > org.acegisecurity. userdetails.User.equals > > requires that the GrantedAuthority values on the > two instance be in the same order. > > Unless there is some order dependency in the behavior, > does it make sense to require that the order be the > same for

Re: [Acegisecurity-developer] inconsistency in the UserMap imoplementation

Hi Pete Pete Guyatt wrote: > > > > Does anyone have any objections to this suggestion? > None at all. Looks fine at first glance. > > > Sorry about posting this bug via the mailing list, but I could not see > any way to report this bug via JIRA or the website. For future > reference I would

Re: [Acegisecurity-developer] Bean initialization, constructor injection etc.

Carlos Sanchez wrote: > anyone? > > On 7/20/06, Carlos Sanchez <[EMAIL PROTECTED]> wrote: > >> I'm just wondering what people think about protected empty constructor >> so I can extend that classes instead of write wrappers. >> >> Hi Carlos I am not a big fan of this idea. It's still compr

Re: [Acegisecurity-developer] Unsigned ACEGI jars

Kujat, Aaron wrote: > I have downloaded the acegi-security-1.0.1 release from a number of > mirrors now and I have not been able to find a properly signed jar file. > > Hi Aaron The JARs were not signed in 1.0.1 and this is not a problem. You can read more at http://www.mail-archive.com/acegi

Re: [Acegisecurity-developer] advanced feature

Kirin Eugene wrote: > I want to allow to watch this link not all users with "user" permission, > but only user with concrete ID. Other words, if user has the "user" role and > id = 5, > then to show link. Do you know how better it to implement? > > > The taglib is designed only to work with rol

Re: [Acegisecurity-developer] Need help with Authentication

Limanus wrote: > My acegiApplicationContext is : > > acegiApplicationContext.xml > > and the users.properties is: > admin=password,PERAN_BASUKI_PUSAT > > > Hi David Please try the user forums at http://forums.springframework.org. Don't forget to post your debug-level log and XML configuration

Re: [Acegisecurity-developer] Apologies - email list didn't work

Brian Pontarelli wrote: > Hey Ben and Ray, sorry about not getting back to you on this stuff. The > SF mailing lists have been a real pain in the butt. I resubscribed to > the developer list once again and hopefully this time it takes and I > start receiving emails. > > I'll have the patch up in

Re: [Acegisecurity-developer] Bean initialization, constructor injection etc.

Luke Taylor wrote: > I agree that reusability is important but I'm not convinced that these > changes are justified on this basis, or that is just about balancing > reusability and ease of use. The use of constructor arguments is about > guaranteeing that objects can only be created with a specific

Re: [Acegisecurity-developer] AJAX support follow up

Brian Pontarelli wrote: > Hello everyone. I'd like to try one last time to get some backing from > the Acegi developers for a patch to include AJAX login support into > Acegi. I have written all of the code and just need to finish test > cases, but I'd like to commit this back into the main line

Re: [Acegisecurity-developer] Enhancements to Siteminder integration for 1.1.0

[EMAIL PROTECTED] wrote: > Hi All, > In the Docbook, at the end of Chapter 9: "Siteminder > Authentication Mechanism," someone added a TODO suggesting that a > dedicated AuthenticationProvider be created instead of users having to > modify their DaoAuthenticationProvider. They don't actu

Re: [Acegisecurity-developer] [ANN] Acegi Security 1.0.1 released

Carlos Sanchez wrote: > I'd like to announce the release of Acegi Security 1.0.1 > > It won't be available through the normal Sourceforge download page > (for now), the preferred method is through the Maven repository which > contains the jars, javadocs and sources, with corresponding > signatures.

Re: [Acegisecurity-developer] Can't find some class for migration

Andrew Perepelytsya wrote: > 1. Where is > net.sf.acegisecurity.context.ContextInvalidExceptionContextInvalidException > now? What is the replacement for it? > 2. The SecureContext class had the validate() method, but I can't find it in > SecurityContext now, neither does SecurityContextImpl contai

Re: [Acegisecurity-developer] SSO - Cookie, etc

Matthew Holt wrote: > 1. Read SSO cookie username. > 2. Check username against LDAP. > > You need to write an "authentication mechanism" that can setup the SecurityContextHolder with an Authentication object representing the username derived from your SSO cookie. Usually this will be i

Re: [Acegisecurity-developer] Acegi Security 1.0.0 is released!

Mark St.Godard wrote: > Just a note, Ben I will be updating the contacts-tiger sample project, > I noticed it was not converted over. I will create an JIRA entry for > myself and update this tomorow. > I just checked and it looked to me like it was built for 1.0.0. What specifically wasn't con

[Acegisecurity-developer] Acegi Security 1.0.0 is released!

Dear Spring Community After more than two and a half years of development, I am delighted to announce that Acegi Security 1.0.0 is now officially released. In addition to more than 80 improvements and fixes since 1.0.0 RC2, this new release also includes several changes to help new users. This

Re: [Acegisecurity-developer] Junit error with Acegi Security

Luke Taylor wrote: > If not, it may be that the working directory is corrupt. > That was the problem. Fixed now. Cheers Ben ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https

Re: [Acegisecurity-developer] Junit error with Acegi Security

Luke Taylor wrote: > I'm not seeing any problems with the latest code... I just rebuilt the > web site and all the tests seems to be passing. > > There's quite a serious overhead in starting up the Ldap server which is > why I made it a static field. Maven 1 seems to reload the class each > time

Re: [Acegisecurity-developer] Final preparation for 1.0.0 final

Angelo Luis wrote: > this is not fixed: > http://opensource.atlassian.com/projects/spring/browse/SEC-99 It isn't fixed for the reasons I provided in the comment, being: "I wish there was a simple way of resolving this issue, but whatever we do would inevitably break backward compatibility and re

Re: [Acegisecurity-developer] Final preparation for 1.0.0 final

Joern Huxhorn wrote: > It's possible that I'm missing something but I think it should be > removed from the jar. > It has already been taken care of. See SEC-240. ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity

[Acegisecurity-developer] Final preparation for 1.0.0 final

Hi everyone I would like to release 1.0.0 final on Friday 26 May. All JIRA issues assigned to me are now either completed or marked for a future release. Please note that source code reformatting with Jalopy has been completed (SEC-97) and the /jalopy.xml file revised. One of the changes incl

Re: [Acegisecurity-developer] how to customize roles

Richard Han wrote: My question probably is more suitable to user-list, but we don't have one. Anyway, I am new to acegi, my question is, how do you customize role names, for instance, if I want to use ROLE_STUDENT, ROLE_PROFESSOR, how would I let acegi recognize them? In two places: 1. Thes

Re: [Acegisecurity-developer] tentative 1.0 final date

Ben Munat wrote: I'm using RC-2 and I think I'm having trouble with the IllegalStateException problem as detailed in SEC-211. It appears that this issue is fixed in CVS, but won't be in a release until 1.0 final. Wondering if you guys are close on final (like in the next week or so), or if I s

  1   2   3   4   5   6   7   >