Thanks for your response.
It is the solution that I decided to use. It is perfectly working but
without using T5 mechanisms. I was wondering if some "full T5" solution was
posible.
Thanks again,
Baptiste.
dalahoo wrote:
>
> a simple idea is to change Login.tml to submit directly to acegi filter :
>
>
> <form method="POST" action="/j_acegi_security_check">
>
> <input type="text" name="j_username" />
>
> <input type="password" name="j_password" />
>
> <input type="submit" value="${message:login}"/>
> </form>
>
>
>
>
> On Jan 22, 2008 4:43 PM, Baptiste Meurant <[EMAIL PROTECTED]>
> wrote:
>
>>
>> Hi,
>>
>> Thank you for this great work. It will be really useful.
>>
>> I still have a question about security T5/acegi integration : the
>> "classic" solution that you used to perform strong authentication with
>> acegi
>> through T5 is creating a T5 LinkImpl object. You give then parameters
>> (login
>> and password) to this link object to pass the request to acegi.
>>
>> The problem is that you are the able to see login and password in clear
>> in
>> your server (Apache, Tomcat, ...) logs. Indeed, T5 uses a LinkImpl object
>> to
>> perform a GET (and not a POST) to server.
>>
>> I am very annoyed with this security hole that I have encountered on my
>> own
>> implementation of T5/acegi integration. I don't know any correct and
>> elegant
>> fix to this issue for now.
>>
>> Did you experiment this issue ? Do you have an idea on it ? Or maybe you
>> found yet a solution to fix it ?
>>
>> Regards,
>>
>> Baptiste
>>
>>
>>
>> dalahoo wrote:
>> >
>> > Hi all,
>> >
>> > latest release of my phone book application is available now,
>> >
>> > In this release i used :
>> >
>> > - Tapestry 5.0.7 as a Web MVC framework.
>> > - Acegi 1.0.5 as a Security System.
>> > - Spring 2.5 as a Application framework.
>> > - Spring JDBC for Data Access Layer.
>> > - Hibernate 3.2.4 an alternative for Data Access Layer.
>> > - JPA (Hibernate Implementation) another alternative for Data Access
>> > Layer.
>> > - HSQLDB 1.8.0.7 for application database.
>> >
>> > read more about application configuration at
>> > http://code.google.com/p/shams/wiki/TASJHJ
>> >
>> > you can download source code for this release and previous releases
>> from
>> > http://code.google.com/p/shams/
>> >
>> >
>> > --
>> > sincerely yours
>> > M. H. Shamsi
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/-T5--ANN----Tapestry%2BAcegi%2BSpring%2BJDBC%2BHibernate%2BJPA%2BHSQLDB-all-in-one-tp15017544p15018441.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> sincerely yours
> M. H. Shamsi
>
>
--
View this message in context:
http://www.nabble.com/-T5--ANN----Tapestry%2BAcegi%2BSpring%2BJDBC%2BHibernate%2BJPA%2BHSQLDB-all-in-one-tp15017544p15019005.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
