Intermediate JSecurity plugin release
|
View:
New views
12 Messages
—
Rating Filter:
Alert me
|
 |
Intermediate JSecurity plugin release
by Peter Ledbrook
::
Rate this Message:
To all JSecurity plugin users,
I have made an intermediate release of the plugin available that uses a filter rather than an abstract base controller. In other words, your controllers will no longer have to extend JsecAuthBase. To install it, simply run this command: grails install-plugin jsecurity 0.2-SNAPSHOT I have only briefly tested it with Grails HEAD, so I don't know how it behaves with the release candidates. This is definitely "use at your own risk" :) However, you should be start using it with a minimum of fuss: once installed, you only have to recreate the DB realm (if you're using it). Please try it out and raise any issues in the plugin JIRA: http://jira.codehaus.org/browse/GRAILSPLUGINS Thanks, Peter --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Ricardo J. Méndez
::
Rate this Message:
Hello Peter,
Thanks for the update. I have a request: please consider updating the comons-codec library to the latest 1.4 from svn. It's stable on my tests, and it implements the sha256, sha384 and sha512 hashes. I can just replace it manually after install, but this will simplify maintenance. Happy new year, On Dec 30, 2007 11:33 AM, Peter Ledbrook <peter@...> wrote: To all JSecurity plugin users, -- Ricardo J. Méndez http://www.arquetipos.co.cr/ |
|
|
Re: Intermediate JSecurity plugin release
by Vincent Frison
::
Rate this Message:
Le dimanche 2007 décembre 30, Peter Ledbrook a écrit :
> To all JSecurity plugin users, > > I have made an intermediate release of the plugin available that uses > a filter rather than an abstract base controller. In other words, your > controllers will no longer have to extend JsecAuthBase. To install it, > simply run this command: > > grails install-plugin jsecurity 0.2-SNAPSHOT > > I have only briefly tested it with Grails HEAD, so I don't know how it > behaves with the release candidates. This is definitely "use at your > own risk" :) However, you should be start using it with a minimum of > fuss: once installed, you only have to recreate the DB realm (if > you're using it). It's nice to see the new JSecurity library is now included in your plugin. I upgraded to the 0.2-SNAPSHOT release and it works perfectly on my RC3 app. And now the charsetName bug (Jira GRAILSPLUGINS-171) seems to be solved forevermore! Big up to Peter and Lez! > Please try it out and raise any issues in the plugin JIRA: > > http://jira.codehaus.org/browse/GRAILSPLUGINS Not really an issue but I think a redirect to the root url should be still present at the end of the signOut method of AuthController (avoiding the user to create his own signOut view). And it's really cool to use filter instead of the "old" JsecAuthBase controller. But have someone a tip for using the flash object from a filter (which seems to available for controllers and taglib only)? Thanks, Vincent. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Vincent Frison
::
Rate this Message:
Le mercredi 2008 janvier 2, Vincent Frison a écrit :
> And it's really cool to use filter instead of the "old" JsecAuthBase > controller. > > But have someone a tip for using the flash object from a filter (which > seems to available for controllers and taglib only)? > > Thanks, Vincent. In fact there's a bug but not directly from the JSec plugin: sometimes actionName is null from the filter! Off course it breaks the security mechanism.. Darryl Pentz has realdy complained about this: http://www.nabble.com/Logging-in-Filters-td13656347.html#a13657554 Should I post an issue into JIRA? --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Peter Ledbrook
::
Rate this Message:
> Not really an issue but I think a redirect to the root url should be still
> present at the end of the signOut method of AuthController (avoiding the user > to create his own signOut view). Yeah, that makes sense. I'll change that. > And it's really cool to use filter instead of the "old" JsecAuthBase > controller. Absolutely. It also allows you to configure permissions based on values in 'params' - for example, if permissions were dependent on projects you could use something like this: before = { accessControl { permission(new ProjectPermission(params.projectId, 'invoice', 'show') } } This is pretty much impossible under the old way of doing it. > But have someone a tip for using the flash object from a filter (which seems > to available for controllers and taglib only)? This does seem to be an oversight for filters, although there may be a good reason for its exclusion. You could try: import org.springframework.web.context.request.RequestContextHolder as RCH ... def flash = RCH.currentRequestAttributes().flashScope This is all the dynamic property on controllers does. HTH, Peter --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Peter Ledbrook
::
Rate this Message:
> In fact there's a bug but not directly from the JSec plugin: sometimes
> actionName is null from the filter! Off course it breaks the security > mechanism.. > Darryl Pentz has realdy complained about this: > http://www.nabble.com/Logging-in-Filters-td13656347.html#a13657554 > Should I post an issue into JIRA? A JIRA for the null 'actionName' and one for the 'signOut' redirecting to the root URL would be good. Thanks, Peter --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Mark Rambow-2
::
Rate this Message:
Hello Peter,
very good work :) JSecurity is a lot easier to setup than acegi and fit all my needs. Please update the documentation, especially the change to filter should be mentioned, Thanks Cheers Mark >> In fact there's a bug but not directly from the JSec plugin: sometimes >> actionName is null from the filter! Off course it breaks the security >> mechanism.. >> Darryl Pentz has realdy complained about this: >> http://www.nabble.com/Logging-in-Filters-td13656347.html#a13657554 >> Should I post an issue into JIRA? >> > > A JIRA for the null 'actionName' and one for the 'signOut' redirecting > to the root URL would be good. > > Thanks, > > Peter > > --------------------------------------------------------------------- > To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Vincent Frison
::
Rate this Message:
Le jeudi 2008 janvier 3, Peter Ledbrook a écrit :
> > But have someone a tip for using the flash object from a filter (which > > seems to available for controllers and taglib only)? > > This does seem to be an oversight for filters, although there may be a > good reason for its exclusion. You could try: > > import org.springframework.web.context.request.RequestContextHolder as > RCH ... > def flash = RCH.currentRequestAttributes().flashScope Thanks Peter, that's what I was looking for! :) Anyway I'm going to create an issue on JIRA for that because it really looks like an oversight.. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Michael Kimsal
::
Rate this Message:
Hopefully this won't sound too selfish, but can anyone share some sample code or
docs on how this new system is to be used? I've downloaded it, but there's no docs, and I'm having a devil of a time trying to reverse it to figure out exactly how I can best make use of it. Thanks. On Jan 3, 2008 9:18 PM, Vincent Frison <turman@...> wrote: Le jeudi 2008 janvier 3, Peter Ledbrook a écrit: -- Michael Kimsal http://webdevradio.com |
|
|
Re: Intermediate JSecurity plugin release
by Vincent Frison
::
Rate this Message:
If you have already included the 0.1.1 release of JSecurity plugin into your
app, upgrading to the new intermediate release is really trivial: in fact the ony thing you have to do is to stop to extend JsecAuthBase in your controllers. And recreate the DB realm with a "grails create-db-realm". That's all! :) And you can even keep the old system (ie. extending JsecAuthBase) and do.. nothing? Le vendredi 2008 janvier 4, Michael Kimsal a écrit : > Hopefully this won't sound too selfish, but can anyone share some sample > code or > docs on how this new system is to be used? I've downloaded it, but there's > no docs, > and I'm having a devil of a time trying to reverse it to figure out exactly > how I can best > make use of it. > > Thanks. > > On Jan 3, 2008 9:18 PM, Vincent Frison <turman@...> wrote: > > Le jeudi 2008 janvier 3, Peter Ledbrook a écrit: > > > > But have someone a tip for using the flash object from a filter > > > > (which seems to available for controllers and taglib only)? > > > > > > This does seem to be an oversight for filters, although there may be a > > > good reason for its exclusion. You could try: > > > > > > import org.springframework.web.context.request.RequestContextHolder as > > > RCH ... > > > def flash = RCH.currentRequestAttributes().flashScope > > > > Thanks Peter, that's what I was looking for! :) > > > > Anyway I'm going to create an issue on JIRA for that because it really > > looks > > like an oversight.. > > > > > > --------------------------------------------------------------------- > > To unsubscribe from this list please visit: > > > > http://xircles.codehaus.org/manage_email --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
|
|
Re: Intermediate JSecurity plugin release
by Michael Kimsal
::
Rate this Message:
thanks vincent. unfortunately, i've not done anything with jsecurity 0.1.1, so
I'm starting 'fresh' with the 0.2 snapshot. I'm new to all this and would prefer not to mess with the 'old' way of doing things if it's going away. On Jan 3, 2008 9:39 PM, Vincent Frison <turman@...> wrote: If you have already included the 0.1.1 release of JSecurity plugin into your -- Michael Kimsal http://webdevradio.com |
|
|
Re: Intermediate JSecurity plugin release
by Peter Ledbrook
::
Rate this Message:
On 03/01/2008, Michael Kimsal <mgkimsal@...> wrote:
> thanks vincent. unfortunately, i've not done anything with jsecurity 0.1.1, > so > I'm starting 'fresh' with the 0.2 snapshot. I'm new to all this and would > prefer > not to mess with the 'old The current documentation still applies apart from you no longer extend JsecAuthBase. HTH, Peter --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email |
| Free embeddable forum powered by Nabble | Forum Help |
