Search:

That's actually the issue I entered, after the post above in this thread. Can you or one of the other committers take a look at the attached patch & let me know if it looks okay?

I used Spring's...

Ben,

Is there any reason not to implement message string externalization using resource bundles? Performance concerns?

It seems that doing this for the various implementors of...

The best way to avoid having to check for "instance of UserDetails" in your code is to have your User/Principal/Authentication class implement UserDetails. Then the rest of your code can stay...

Subclass User, or write your own principal class that implements UserDetails, and include your collection of league IDs as a property of User. Then you can use something like

Set leagues =...

Matt,

I've seen code in some places in Acegi (the authz taglib & DaoAuthenticationProvider are two) that return:


username = authentication.getPrincipal().toString()

if the Principal is...

I believe each exception has a single message, but exceptions may be nested, in the typical Spring manner:
...

I would model this as a "contains" relationship between permission groups. In other words, store the groups in a "group" table & have a "parent group" attribute that refers to the same "group" table....

I haven't looked at the code to see if they are I18N-capable, but there are also strings returned within the exceptions that can be thrown during authentication: BadCredentialsException,...

This is one of the reasons it's generally recommended that ALL database tables have synthetic primary keys rather than using the unique business key (username in this case) as the primary key.
...

Yes, this is a testament to the flexibility & extensibility of the Acegi design. Good job!



Not just ASPs, but also enterprise-scale applications for internal corporate deployment. I've been...

I agree with the other posters on this thread - in enterprise-scale applications it is extremely common to provide administrative users with an ability to create "roles" or "permission groups" that...

Yes, that would be useful.



This could also be useful. A related requirement I often see is the need to persist to the database the last login date/time & IP address. Displaying this to the...

Do we have a way to perform an invalidate() on the LRU HTTPSession? AFAIK, this is a method on the same interface as getLastAccessedTime(). Is there another way to accomplish the invalidation of the...

Will the current concurrentSessionController implementation work in a clustered environment?

I see that it uses in-memory collections to store lists of sessions & their related principals, so...

It appears that we can get the last access time for a session with HTTPSession.getLastAccessedTime().

So, in ConcurrentSessionControllerImpl.enforceConcurrentLogins, we could have something like:...

This sounds like it should be fairly easy to implement. I'm not sure when I'll have time to investigate more fully, but if we get to this before anyone else posts a solution (or submits a patch),...

I agree that the behavior as described is not what most users will expect, nor what most applications will want to implement. The support desk calls will be horrendous. "I'm sorry sir, you'll have to...

I think my property nesting was incorrect in my previous post.

trustResolver is a property of sessionController, not of authenticationManager:



<bean id="authenticationManager"...

Could someone please provide an example of how to configure the new ConcurrentSessionController feature?

I checked the reference doc & the 0.80 version of the contacts application, but it doesn't...