I've finally filed the Jira issues. SEC-302 and SEC-305.
Type: Posts; User: Rolf Arne Corneliussen; Keyword(s):
I've finally filed the Jira issues. SEC-302 and...
I've finally filed the Jira issues. SEC-302 and SEC-305.
According to the servlet specification, a single...
According to the servlet specification, a single dispatcher element with value REQUEST is equivalent to having none, so the correct configuration is
<dispatcher>ERROR</dispatcher>...
I'm sorry I cannot do that for different reasons....
I'm sorry I cannot do that for different reasons. However, I can create JIRA issues for the two points mentioned here:
* Add a 'rolePrefix' property to the SecurityContextHolderAwareRequestFilter...
Thank you!
Thank you!
Right :)
Would you consider adding getter...
Right :)
Would you consider adding getter methods for the properties of LdapUserDetailsMapper so it is possible to subclass, or preferably factor out the creating of roles as a strategy or...
You can implement the LdapAuthoritiesPopulator....
You can implement the LdapAuthoritiesPopulator. It has one method, which could you start like:
public GrantedAuthority[] getGrantedAuthorities( LdapUserDetails ldapUser )
throws...
Here is my configuration:
Here is my configuration:
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
...
This is exactly what I have done (I had to write...
This is exactly what I have done (I had to write a NullFilter class).
But Acegi supports null values for ConfigAttributeDefinitions in a FilterInvocationDefinitionMap, and it seems impossible in...
FilterInvocationDefinitionSourceEditor does not allow empty attributes (RC2)
I upgraded from RC1 to RC2, and discovered that FilterInvocationDefinitionSourceEditor threw an IllegalArgumentException because I have several entries like
/css/**= in my configuration.
I do...
Have you had a look at 'After Invocation Handler'...
Have you had a look at 'After Invocation Handler' and the BasicAclEntryAfterInvocationCollectionFilteringProvider?
Or do you want generate some SQL constraints that filters out objects that should...
When using servlet specification 2.4, this can...
When using servlet specification 2.4, this can probably be solved by specifying a filter chain with a HttpSessionContextIntegrationFilter and a SecurityContextHolderAwareRequestFilter to handle the...
SecurityContextHolderAwareRequestFilter/Wrapper improvements
I had to rewrite these classes in order to meet two requirements, and I want to know if these are of general interest:
Add a property 'rolePrefix' to SecurityContextHolderAwareRequestFilter....
X509 Authentication question
When you use authentication with username/password you end up with a UsernamePasswordAuthenticationToken with authenticated set to 'true'. On the other hand, if you use X509 Authentication you end up...
You can set clientAuth="false" in the Tomcat...
You can set clientAuth="false" in the Tomcat configuration, and have a web application with <auth-method>CLIENT-CERT</auth-method>. Because Tomcat controls both deployment of web applications and SSL...
X509 Authentication and Servlet Specification
Hi,
I am trying to set up X509 client autentication for an existing web application. Presently I use the standard container managed security with the usual
<login-config>
...