...
[13:16:58 CST(-0600)] <drewwills> oh that's good... can you give an illustrative example?
[13:18:17 CST(-0600)] <drewwills> here's mine (not 100% sure it's correct yet): <entry key="AUTHENTICATION_ATTEMPTED" value="request.nativeRequest.session.getAttribute('up_authenticationAttempted') ?: 'false'" />
[13:18:22 CST(-0600)] <athena> you can actually use them w/ spring security now too
[13:18:22 CST(-0600)] <athena> 
[13:18:25 CST(-0600)] <athena> http://nonrepeatable.blogspot.com/2010/04/spring-security-30-and-spring-el.html
[13:18:36 CST(-0600)] <athena> and now that we have spring security permissions in uportal . . .
[13:18:50 CST(-0600)] <drewwills> yes, it works... not i'm sure
[13:18:54 CST(-0600)] <drewwills> now*
[13:19:09 CST(-0600)] <drewwills> that is insanely cool
[13:19:38 CST(-0600)] <athena> i know!!
[13:19:44 CST(-0600)] <athena> and you can do really cool filtering stuff too
[13:19:55 CST(-0600)] <drewwills> who ever imagined it would work out well not to be able to do session.getAttribute('foo') in a JSP?
[13:19:58 CST(-0600)] <athena> so you could do a post authorize that filters out person results the user doesn't have permissions to see, or something like that
[13:20:33 CST(-0600)] <drewwills> i have to run to lunch now, but glad this issue is in hand
[13:21:38 CST(-0600)] <athena> awesome