Matt Raible wrote:
Is ROLE_ANONYMOUS a special key so that you don't have to add it to
your user data store? If it has to be added, do all registered users
have to have have this role assigned to them? I'm sure it works how
I'd expect it to work, just want to clarify. It would be nice if this
On Saturday 26 February 2005 05:49, Seth Ladd wrote:
Hello,
Ben, is it possible to turn on the Subscribe Request Verification for
this mailing list? It would stop the spam we see to this list. It's a
mailman parameter, I believe.
Thanks!
Seth
I've switched on member_posting_only, which
On Monday 28 February 2005 20:43, Konstantin Shaposhnikov wrote:
Hello all,
I am not sure where I should send my patch (I havesn't found any
bugtracking system for acegi), so I'll send it to mailing list.
If you enable DEBUG log level and define f.e. in FilterChainProxy
Hi everyone
I've just added pluggable remember-me services to CVS. You will also find
corresponding tests, reference documentation, JavaDocs and a demonstration in
the Contacts sample.
I believe we've accumulated sufficient additional features, improvements and
fixes to warrant a new release.
On Tuesday 01 March 2005 09:36, Baldwin, Richard wrote:
Hello,
My company's project requires an LDAP connection for access to company
credentials. I'd like to test the alpha version of the DAO, but I'm unable
to cut through our firewall to CVS using pserver. I wonder if there's a
secondary
Ben Alex wrote:
Did you try CVSGrab, as per
http://acegisecurity.sourceforge.net/cvs-usage.html?
I've put a nightly build up at http://acegisecurity.sourceforge.net/nightly/
Best regards
Ben
---
SF email is sponsored by - The IT Product
On Saturday 05 March 2005 00:47, Andreas Prohaska wrote:
But even without trusting my client, assume that I have the secured
Account instance in the servlet tier. Now imagine a wizard that allows
the current user to edit the Account, perhaps in multiple steps.
Everyone would agree that it's a
Hi David
David Nuescheler wrote:
4. Often alternative OSS security frameworks and
home-grown approaches cannot easily be made integrate
into a JAAS LoginModule
with respect to authentication in jackrabbit i am not
creative enough to come up with a usecase
that cannot easily be wrapped into
Matt Raible wrote:
I changed both of the places where fi.getRequest() was called.
Changing the first one didn't affect anything, but changing the second
seems to have solved the problem. Here's the modified file:
Checked into CVS.
Cheers
Ben
Matt Raible wrote:
Ben Alex wrote:
It seems to work OK for me in Tomcat 5.5 with the Contacts Sample
application's logout.jsp.
I tried building/deploying the contacts WAR with maven (according to
the Building with Maven instructions) - there is no web.xml included
in the WAR file.
Matt
You
Stefaan Destoop wrote:
Hi,
In the class EhCacheBasedUserCache, one gets the user from the cache
by cache.get(username). However, as LDAP is case insensitive, the
putUserInCache() can put the user in the case with a different key. I
would suggest to add a boolean property caseSensitive,
Hi everyone
There's a series of bug fixes now in CVS, plus Luke's new X509
(certificate-based) authentication module. I'd like to propose we
finalise documentation and release 0.8.1 within the next day or two. Any
comments, test reports etc are welcome.
Cheers
Ben
Matt Raible wrote:
I updated from CVS and tried the new JAR on AppFuse and the security
chapter's sample application. The behavior continues to happen. I'll
try it on the Contacts sample app in few days. Maybe anonymous CVS is
not in synch.
Perhaps... The latest version of
Dear Spring Community
I'm pleased to announce that Acegi Security release 0.8.1 is now
available. This release fixes a number of non-critical bugs, updates JAR
dependencies to match Spring 1.1.5, and introduces X509
(certificate-based) authentication support. As per the Apache APR
project
Brian Moseley wrote:
has there been any discussion of having AuthenticationTag setting a
scoped variable rather than writing the principal's username to the
output stream?
if folks think it's a good idea to offer both usages, and nobody's
implemented it somewhere already, i'd be happy to work
Mike wrote:
My questions:
- Can we make DataSourcePopulator a generic Populator, in order to
support multiple databases for testing ?
The goal of Contacts is to give people a non-trivial (in terms of
security) and self-contained (ie no external database server required)
application. My only
Alex Burgel wrote:
Hi,
in 0.8.1, there's no setter for credentialsExpiredFailureUrl in
AbstractProcessingFilter.
--Alex
Fixed in CVS.
Ben
---
This SF.net email is sponsored by Microsoft Mobile Embedded DevCon 2005
Attend MEDC 2005 May 9-12
magarrigue wrote:
Hi,
I will post some code here soon concerning the acegi/www.jcaptcha.net
http://www.jcaptcha.net/ integration.
The whole story is here :
http://forum.springframework.org/viewtopic.php?p=17030#17030
Have you some requests concerning the design ? do you agree with the
plan ?
Greg Akins wrote:
Thanks for responding.
I was missing some parts of the config files.. I got
everything cleared up so my web application starts
(Yay!!).
Now, the problem is.. I get a infinite redirect on web
application.
I'd image I screwed something up in the Controller
setup (I'm not familiar
[EMAIL PROTECTED] wrote:
If you change line 445 (from the 2005-04-13_070009 snapshot) from
String roleName = rolePrefix + ldapRole.toUpperCase() + roleSuffix;
to
String roleName = rolePrefix + ldapRole.toUpperCase().replaceAll([,=
], _) + roleSuffix;
Then that should do it.
Hi Matt
negge wrote:
There is something fishy going on with the RememberMe authentication provider.
When I log in as a certain user, there are two cookies that are dropped: a
RememberMe token cookie, and a JSESSION cookie.
If I delete the JSESSION cookie and try to access an page that requires
Juergen Hoeller wrote:
I've also taken the two convenience methods in Acegi's StringSplitUtils
class and moved them over to Spring's StringUtils. In the course of this,
I've transformed the splitEachArrayElementAndCreateMap method into
splitArrayElementsIntoProperties, essentially returning a
Dear Spring Community
I'm pleased to announce that Acegi Security release 0.8.2 is now
available. This release fixes a number of non-critical bugs, resolves an
incompatibility with Spring 1.2-RC2 refactorings, updates JAR
dependencies to match Spring 1.2-RC2, and refactors
Pursuant to Juergen's recommendation
(http://article.gmane.org/gmane.comp.java.springframework.devel/8290),
Acegi Security CVS has now had its ContextHolder and related classes
removed. This functionality has been replaced by SecurityContext, which
is an InheritableThreadLocal that provides a
Colin Sampaleanu wrote:
As a follow-up, from memory (it's been about a year) I believe I used
a custom SecureContext to also pass along some EJB related security
information (principal name, or the ejb run-as user) between different
layers along with the Acegi specific info. The app in question
I've just updated CVS so the Eclipse project is Java 1.5 compatible.
This was done because the new domain subproject will use 1.5-specific
features. It is also expected a new tiger (or similar) subproject will
be added for Acegi Security's 1.5-specific features (ie annotations).
This will
Greg Akins wrote:
3. I don't know Acegi that well, but would be willing
to add this if some folks can give me a little
handholding (that is, if the to #1 is No.
That would be excellent.
If you had time to make a similar change to the other taglibs and unit
tests (so they maintain some
Wesley Hall wrote:
Hello,
I hope everyone is well.
I wanted to query the ordering of the exceptions thrown by the
DaoAuthenticationProvider class. It seems that the authenticate method
will first check that the user (with the specified username) can be
loaded, next it will check the status of
Brian Moseley wrote:
it seems like the runas facilities might be able to give me what i want.
is there a way to set up acegi security so that the http request itself
is not authenticated but runas is used specifically only for the
repository login?
Hi Brian
Run-as replacement is more often used to
Venkat Sonnathi wrote:
Hi,
I am exploring AcegiSecurity by following the contacts sample
application. I observed that in
AbstractSecurityInterceptor.beforeInvocation method
authenticationManager.authenticate is being called for every request.
Why is it? Can it be optimized to check if
Mansoor, Ghazenfer (EDS) wrote:
How about adding this check at one central place, AuthenticationManager?
I am doing this and I do not see any problem. I set the authenticate to
true after successful authentication, and check for isAuthentication()
before every call.
What sets your
Wesley Hall wrote:
So in conclusion, I am suggesting a change of order to...
username valid?
account locked?
password correct?
account enabled?
account expired?
password expired?
Does this make sense? Am I missing anything else?
I agree, that makes sense. I have made the change in CVS.
Thanks
Ben
Paulo Neves wrote:
My suggestion is, if we optimize time to remove domain objects we
optimize a lot all process.
Hi Paulo
To make it easier to discuss and reproduce scalability related issues
with the ACL packages, I've modified the Contacts sample to
automatically create 1,000 extra Contacts
Paulo Neves wrote:
Hi,
Attachments are being removed by mailing list ?
Hi Paulo
I received the PDF attachment with your last message. For the benefit of
those who might not have seen it, Paulo's changes resulted in
significant optimisation for ACL Collection filtering where the
principal has
Venkat Sonnathi wrote:
I am also a bit puzzled as to why we should reset the flag at the
start of each request? In a typical web app, authentication is done
once per session.
Any pointers to how SecurityContext is propagated for RMI calls?
I agree, it shouldn't be required. The
Brian Moseley wrote:
Brian Moseley wrote:
that sounds right. i don't have any need for access control on this
operation, so it looks like i can simply use anonymous authen and
then have my jackrabbit access manager use an
AuthenticationTrustResolver to see if the Authentication is
anonymous. i
Marco Mistroni wrote:
hello all,
i am trying to run acegi contacts sample with MySQL, and i am getting
errors during initialization due to dataSourcePopulator.
Looks like MySQL 4.1 does not accept the syntax used by populator..
i don't have source files for contacts, so best i can do is to
Marco Mistroni wrote:
hello all,
i want to use acegi security framework in my webapp
in my app, after user has logged in, i am storing it into HttpSession,
since i need the username for other part of my app that insert data
into db.
If i let acegi do the authentication/authorization, how can
Hi Erik
I've tried to subscribe to the mailing list, but sourceforge doesn't like my ISP
for some reason.. I'm looking into it, but in the meantime I thought I would
just e-mail you.
I've subscribed you manually. SF recently changed their spam filtering
rules. Last week I too was unable to
Achmad Arif Rachim wrote:
Hi guys, is there any plan integrating velocity toolbox into
springMacroRequestContext ? like jsp authz tag ? thanx
Hi Achmad
There is no plan to do this, as I use FreeMarker (and JSP when
unavoidable). FreeMarker can use the existing JSP taglibs.
As usual, I
mannobug wrote:
hi all,
i'm manuel from the Tor Vergata University i wish to say hello to everybody in
this list.
I chose Acegi to develop my thesis, it's a web portal (i study computer
science) based on, Spring, Struts and Hibernate framework. For my work i
decide to study and implemet all
Marco Mistroni wrote:
hello all,
i plan to use acegi as security framework for my webapplication...
however i want to have also J2ME clients which will communicate using
SOAP API..
will i have any problems for that?
i want to avoid J2ME client to login all the time
has anyone any idea on how
Tobias Järlund wrote:
You should either have SecurityContext extend Serializable (like
before) or have SecurityContextImpl implement it.
Fixed in CVS. I made the interface extend Serializable, as all
implementations should be serializable into the HttpSession at least.
Best regards
Ben
Venkat Sonnathi wrote:
Would this change be in the next release? I would be glad to help if you want.
Yes, it will be in 0.9.0. I have added it to my TODO list. You're
welcome to email me patches based on current CVS if you would like to.
This is was commented by Mansoor. I agree with
Marco Mistroni wrote:
is there a link between acegi and HttpSession?
Hi Marco
Yes, there is.
Internally Acegi Security uses a ContextHolder (SecurityContextHolder
from 0.9.0 and current CVS) for all of its interactions. It's just a
ThreadLocal. So the various authentication mechanisms
Marco Mistroni wrote:
Hello Ben,
thanx, following those links i was able to see the 'power' of
acegi!! it's simply great!
i have one question though..
in one of sampe sql files, password were encrypted... and i was
wondering how to deal with encryption in acegi
1 - which encryption mechanism
Marco Mistroni wrote:
Hello Ben,
thanks for your reply
so if i don't use saltSource or passwordEncoder then i don't need to
encrypt anything, is that correct?
because i want to be able to add my users programmatically via web
interface, and at the same time i want to encrypt their
mannobug wrote:
hello all,
i kindly wanted to submit you a question. I have to decide if my application
has to make the authentication using the classical method, via jdbc to DBMS,
or, I would be more directed toward the use of an external component, a LDAP
server. Someone of you has used
George Franciscus wrote:
Hmmm. That wasn't too clear. What I'm trying to say is to synch the method
AND check for initialized at the top of doInit().
Thanks for the bug report. It's now fixed in CVS as suggested above.
Cheers
Ben
---
Venkat Sonnathi wrote:
Hi Ben,
Please find attached the patch for AbstractSecurityInterceptor.java,
Basically, it checks to see if the existing authentication is already
autheticated or not and then invoke
authenticationManager.authenticate.
Hi Venkat
I have just committed to CVS various
George Franciscus wrote:
The build is failing because the following dependency versions are not
correct in project.xml. In both cases it needs -20040521 in the
version tag.
dependency
groupIdjspapi/groupId
artifactIdjsp-api/artifactId
version2.0-20040521/version
Patrick Burleson wrote:
Are the JavaDocs shipped with the binary download? I can't seem to
find them. And the JavaDocs on the website are for the .9 release. I
really don't want to have to generate them.
Hi Patrick
I think they're in there. I just downloaded acegi-security-0.8.2.zip
from
Robert r. Sanders wrote:
If you won't mind sending me you changes, I'll try to get them merged
with the LDAP DAO stuff.
Hi Robert and Joseph
How did you end up going with the LDAP changes? What is the present
status of LDAP and the Apache DS unit tests? LDAP is an important
feature for a
Marco Mistroni wrote:
for both contactManagerSecurity and TransactionInterceptor.
I assume they have something to do with autohrization using
MethodInterceptor, but i cannot figure out the meaning, for example,
of
sample.contact.Contact:1 for object_identity column in
acl_object_identity, and
Joseph Dane wrote:
[14:07:22.035] Failed storing persistent session attribute
`ACEGI_SECURITY_LAST_EXCEPTION'. Persistent session values must extend
java.io.Serializable.
[14:07:22.035] java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
my own recommendation, fwiw, would be to just
Victor Tatai wrote:
Hello,
I posted this doubt to the forum but no one answered it:
http://forum.springframework.org/viewtopic.php?t=5915
My solution was to implement a custom FilterSecurityInterceptor, but I
think that perhaps a better solution would be to add this support to
the
Durham David R Jr Ctr 805 CSPTS/SCE wrote:
Am I correct that this will effectively override any property config
that you might have done in Spring?
Yes, it will. Most people tend to change the SQL strings or subclass
JdbcDapImpl, though, as opposed to provide a new
Mark St Godard wrote:
Does it make sense for this to be refactored to have a single
AuthenticationFailureEvent...(class or interface) with the 7 subclasses or
implementors?
i.e.
AuthenticationEvent
AuthenticationSuccessEvent extends AuthenticationEvent
AuthenticationFailureEvent
Curtis Light wrote:
Please let me clarify: the authentication information itself would
never be stored--just the last attempted POST in the event of session
expiration. I'm looking for a mechanism instead that will save a
memento of the content of a regular HTML form if the user takes too
long
Hi everyone
Acegi Security is now listed in Spring's JIRA. It's called Spring
Security in JIRA, and I've added all current known TODO list items.
Please use JIRA for future issue tracking, features etc.
http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040
Marc-Antoine Garrigue wrote:
Ben Alex told me recently that the API is now stabilized and thus we
planned to share our code before two weeks and release it this summer.
What is your opinion about the plan?
Hi George and Marc-Antoine
George, if you post your code against the JIRA task I
Marco Mistroni wrote:
Hello all,
has anyone ever used Struts Menu together wtih Acegi?
Following what's explained in this link
http://struts-menu.sourceforge.net/security.html
i would like to implement my own PermissionAdapter that uses Acegi in
order to load dynamically menu items for my
Kjetil Paulsen wrote:
Thx for the response, I see what you are saying, however, since we
don't have roles in the system today and isUserInRole is based on the
group the user belongs to I'm not sure how to handle this... could it
be a quick fix to add a 'known' role like 'USERS' to all users in
March, Andres wrote:
When using an afterInvocationManager it may not always be necessary or
possible to provide before invocation security, so why require an
ADM? I just use one that is allows everyone and abstentions to pass
but it seems like a bit of overhead when all I really care about
March, Andres wrote:
Thanks to the acegi team, my ACL implementation is relatively simple.
But I have been struggling a little finding the proper extension
points. The basic implementations are great but I have them hard to
extend. In particular, the BasicAclEntryAfterInvocationProvider
marc antoine garrigue wrote:
-I can commit my adapter code, under your license and copyright, as soon as
you give me the access to your VSC.
Hi Marc
I've given you CVS access to the project. Welcome aboard.
Cheers
Ben
---
SF.Net
Marco Mistroni wrote:
Hello all,
i am currently using Acegi for security purposes in my application.
Currently, i have populated database tables via SQL, but i was curious
if Acegi provides APIs for populating database programmatically..
i plan to use Hibernate to do that...i was curious to
Parker Wong wrote:
If there is a property in JdbcDaoImpl can hold a regular expression,
JdbcDaoImpl would able to check the username before inserting it to the
sql template.
Hi Parker
No, there is no property that does this.
Whilst it would be easy to add, I'm not sure the regular
Paulo Neves wrote:
testFileConversion(net.sf.acegisecurity.util.WebXmlToAcegiSecurityConverterTests):
That test case is associated with work Luke's doing on the web.xml
converter tool. Luke, would you please take a look?
Thanks
Ben
marc antoine garrigue wrote:
Hi all,
I have some question regarding the development rules:
-Where to commit my code? In the sand box or directly in the core
-Should I add a new package for captcha related stuff (context, channel,
filter ect..) or should I commit it in the existing packages.
Pascal Gehl wrote:
Hi guys,
Sorry to send to the developper mailing list but I can't get answers from
the spring mailing list.
I have a requirement to have different login pages depending on which
ressource is accessed.
I checked the acegi API and found nothing.
Is there a hidden way to do
Marco Mistroni wrote:
will this be a correct declaration in web.xml?
filter
filter-nameContextHolderAware Filter/filter-name
filter-classnet.sf.acegisecurity.util.FilterToBeanProxy/filter-class
init-param
param-nametargetClass/param-name
March, Andres wrote:
We've used acegi in production now for 6 months and have not experienced
this behavior. AFAIK the filter correctly clears the thread local upon
exit. Filter order could affect this if somehow the filter chain exits
before completion and skips this filter. Are you using
Seth Ladd wrote:
Thanks Ben. How stable is the HEAD? This is a big deal for us, as
we're experiencing users having the wrong credentials. We need to
upgrade ASAP or take out Acegi (which I'd hate to do).
HEAD is stable, I am using it on projects without hesitation. I would
encourage
Seth Ladd wrote:
[junit] Running
net.sf.acegisecurity.util.WebXmlToAcegiSecurityConverterTest
s
[junit] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0.032 sec
[junit] [ERROR] TEST
net.sf.acegisecurity.util.WebXmlToAcegiSecurityConverte
rTests FAILED
Hi Seth
Please try
Joseph Dane wrote:
a somewhat related issue that I'm going to need to address soon is
multiple default targets. that is, say you've got three classes of
users, and you want to provide a different home URL for each. each
might hit the same login page (or not) but after the successful login
we
Scott McCrory wrote:
On Tue, 12 Jul 2005 09:18:33 -0500, Ray Krueger wrote
Yes, unfortunately it does. Acegi 0.8.2 requires Spring 1.2.
-Ray
Ahh, thought so. No joy for those of us still running in JDK 1.3 containers
like Websphere 5.
Just a general statement, but there are a LOT
Scott McCrory wrote:
In short, I'd be just a tiny voice asking for Spring 1.2+ to maintain JDK
1.3 compatability, but is it too late to decouple Acegi from Spring 1.2+?
I'll move this to the Spring Developers mailing list, as it's more
related to Spring than Acegi Security. Juergen posted
Colin Sampaleanu wrote:
Interesting... Good to see this SSO and identity management code will
be available as open source:
http://www.techworld.com/security/news/index.cfm?NewsID=4030Page=1pagePos=11
Very good!
Shame about the timetable. Quoting https://opensso.dev.java.net/:
Complete
Joe Shomphe wrote:
I second that.
On 7/15/05, *Amad Fida* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
I think SiteMinder integeration would be really
beneficial
--- Scott McCrory [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote:
I can provide help with Siteminder
Hi all
Mark St Godard has just joined the development team, initially to work
on switchable user profiles at runtime - a bit like the su command in
Unix, but suitable for webapps
(http://opensource.atlassian.com/projects/spring/browse/SEC-15).
Welcome Mark.
Cheers
Ben
marc antoine garrigue wrote:
Hi,
I've finished to code and test the first version of the acegi captcha
adapter.
It is all under a new captcha package.
I wish to commit it.
Do you have any objection?
Regards
MAG
Hi Marc
Feel free to commit.
Cheers
Ben
mike perham wrote:
Thanks for a great subsystem, guys. The documentation is fantastic,
the build as simple as 1-2-3 and the API well designed. This patch is
against the latest CVS snapshot. Note also that I removed a huge
block of javadoc that doesn't seem to apply - I assume it was a cut
Pascal Gehl wrote:
In our project we don't have easy access to the apache config files
(politics...) and by switching to acegi we have infinite loop because
1. client is accessing a protected ressource
2. acgi tells him to go to login page
3. apache tells him to go to protected ressource
4.
Pascal Gehl wrote:
Hi,
I have spare time right now, I would like to volonteer to develop the
multiple login pages feature.
I'm new to developping in open source world. Can you point me to a
link/text/place where your process is explained ?
thanks
Pascal gehl
Hi Pascal
We always welcome
Maxim Gordienko wrote:
Hello,
why there is no way to define method with argument parameters via
property editor for property
MethodSecurityInterceptor.objectDefinitionSource?
This should be prety simple to parse argument types along with
wildcard (which currently implemented)
Thank you.
Lawrence Blanchette wrote:
I see I could use getRemoteUser on the request to get the login name
and that is what I want.
Principal interface does not seem clear on behavior. Just thought
i'd point this out
Hi Larry
Thanks for the info. Good that you've got a solution.
Cheers
Ben
Pascal Gehl wrote:
Hi,
I have attached the code and the unit tests for the mutiple login
forms entry point to the following jira task :
http://opensource.atlassian.com/projects/spring/browse/SEC-33
I'm about to write the doc on how to use it.
Remarks, improvment hichly welcome.
Hi
Scott McCrory wrote:
On Mon, 25 Jul 2005 12:17:29 +1000, Ben Alex wrote
Hi everyone
Now that we've got 14 developers with CVS rights, and we've recently
introduced JIRA, I wish to propose some project management {...}
These are good and I'd recommend converting it into a new
Pascal Gehl wrote:
Same thing for net.sf.acegisecurity.util.FilterChainProxy.
I really like the net.sf.acegisecurity.util.FilterToBeanProxy, I think it
should be promoted to Spring Web because it can be usefull for all kind of
filters.
I have no problem with Spring Core adopting either
Jared Odulio wrote:
There's no such thing as
SecurityContextHolder.getAuthentication();
Hi Jared
Thanks, fixed in CVS.
Ben
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow
Jared Odulio wrote:
Hi Mark,
Thanks, I've registered already. So while waiting for the activation
email to arrive. I am going to post a few more info. I am using Acegi
Security version 0.9.0 Snapshot that I build myself. I am running the
Contact Sample and my application in Sun Java System
Robert r. Sanders wrote:
After a couple false starts which in retrospect I shouldn't have
checked into the CVS HEAD, I have finally cleaned up the code and
gotten an updated version of the LDAPPasswordAuthenticationDao, along
with a unit test, into the CVS HEAD. I will post a similar message
Mark St.Godard wrote:
The HttpSessionContextIntegrationFilter should be able to set some
sort of indicator that this is the first logon attempt since it
generates a new SecurityContext however this wouldnt work for
remote client authentication?
IMHO we should modify all event-aware
Mark St.Godard wrote:
I did some local testing with the Contacts sample and did some simple tests of
- logging in (i.e. User 1)
- going to /secure/debug.jsp (view User 1 info)
- going to a jsp that handles the switch (i.e. switchUser.jsp)
- submit request to 'su' to another user (i.e. User 2)
Andy Depue wrote:
I wonder, though, if the ACL functionality would be a
better solution for this sort of thing? The Voter we created below was just
a quick hack, really.
The BasicAclVoter is designed to locate the first domain object argument
in a method invocation, and then lookup the
Tim Kettering wrote:
I’m wondering if there was a reason that most of Acegi’s standard ACL
classes use int when dealing with object id values. We usually default
to using ‘long’ instead of ‘int’ – and I believe that other places do
as well, so it seems to me that it might be simpler to use
Jared Odulio wrote:
Hi Ben,
Yes, I managed to fix it. I have taken some notes too:
http://jaredtech.blogspot.com/2005/08/webworkvelocityacegi-config.html
I am if this is case works for others but it worked for me.
Hi Jared
I added your blog entry to our articles page to help others find
Clarence Ho wrote:
java.lang.ClassCastException:
net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
Most ClassCastExceptions are caused because there's an extra
acegi-security-*.jar on your classpath. It should only be inside your
WAR's WEB-INF/lib directory.
Cheers
Ben
Mark St.Godard wrote:
I just wanted to make sure I dont check in code that breaks JDK 1.4
users from building the CVS HEAD examples, etc.
Therefore to sum up:
- can we package the core-tiger classes into the single acegi security dist?
- where should the new samples (for java5) be located?
101 - 200 of 360 matches
Mail list logo
