AppFuseSecurityMethods

This is version 2. It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

This document is a work in progress, don't count on this actually working yet.

This How To will walk you through the steps of adding Acegi Security role based Method Invocation authorization to your AppFuse project. Since that sentance already makes it sound like we are doing something complicated, let's break that down so we can see what we are doing and why it is useful.

Acegi Security is a security framework that is build using the techniques of the Spring Framework and is made to integrate easily into projects that utilize Spring, such as any application built on AppFuse 1.4 or newer (if your AppFuse app is older than 1.4 there is a tutorial for migrating your app to use the Spring Framework). The first level of Acegi integration into AppFuse is authentication and authorization to access URI's based on user roles, and this tutorial will assume you have already completed the migration from container managed security to use Acegi authentication. The next level is to grant or deny user access to methods of our service classes based on the user's role(s). Once you have completed this you may want to go on to adding Access Control List authorization for a more fine grained control.

Table of Contents

• [0] Prerequisites
• [1] Updating your roles
• [2] Catch the AccessDeniedException
• [3] Configure the MethodSecurityInterceptor

Prerequisites [#0]

You will also have to replace container managed security with the Acegi FilterInvocation Security Interceptor.

Updating your roles [#1]

Catch the AccessDeniedException [#2]

Configure the MethodSecurityInterceptor [#3]