roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (ROL-1274) Make it easier to create and maintain custom ACEGI security keys in WEB-INF/security.xml
Date Tue, 24 Jun 2014 02:17:26 GMT

     [ https://issues.apache.org/jira/browse/ROL-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Glen Mazza closed ROL-1274.
---------------------------

    Resolution: Unresolved

Item from 2006 against obsoleted ACEGI security; unsure how relevant this matter is today,
I can't find many (actually any) Spring security.xml files on the 'Net that are using import
in this manner, nor am I sure which keys precisely are being referred to in this item.  Spring
security doesn't appear to explain this approach in its documentation.

If doing advanced configuration like LDAP the default security.xml in the Roller WAR will
need to be altered.  At that stage perhaps the imports can be put in the file, allowing some
configuration to remain outside the WAR.

> Make it easier to create and maintain custom ACEGI security keys in WEB-INF/security.xml
> ----------------------------------------------------------------------------------------
>
>                 Key: ROL-1274
>                 URL: https://issues.apache.org/jira/browse/ROL-1274
>             Project: Apache Roller
>          Issue Type: Improvement
>    Affects Versions: 3.0
>            Reporter: Sean Gilligan
>            Assignee: Roller Unassigned
>         Attachments: ASF.LICENSE.NOT.GRANTED--roller_security_xml.diff, ASF.LICENSE.NOT.GRANTED--security-custom.xml
>
>
> security.xml should use the Spring <import> tag to load the keys from a seperate
file. That way most installations will not have to edit security.xml, but can insead edit
security-custom.xml.   This also simplifies maintaining a custom build since you can change
security-custom.xml and not have to worry about security.xml changing.
> Patch attached.
> (I know that the Spring docs discourages use of <import>, but in this case it is
the right thing to do.)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message