Raible Designs

AppFuse Light 1.8.2 Released

AppFuse Light 1.8.2 is a bug fixes release that includes upgrades for Spring, Spring Security, Hibernate, Wicket, Tapestry and many others. In addition, Spring bean definitions were replaced with annotations (@Repository, @Service and @Controller). See the Release Notes for more information on what's changed since the last release.

AppFuse Light now offers 60 possible combinations for download:

• Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
• Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to [email protected]. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forum/user.

Upgrading to Spring Security 2.0

This evening I spent a few hours and upgraded AppFuse to use Acegi Spring Security 2.0. The upgrade was fairly straightforward:

• %s/org.acegisecurity/org.springframework.security/g
• Upgraded dependencies (exclusions are necessary if you're using Spring 2.5.x and don't want 2.0.x dependencies pulled in):

  <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-core-tiger</artifactId>
      <version>${spring.security.version}</version>
      <exclusions>
          <exclusion>
              <groupId>org.springframework</groupId>
              <artifactId>spring-core</artifactId>
          </exclusion>
          <exclusion>
              <groupId>org.springframework</groupId>
              <artifactId>spring-support</artifactId>
          </exclusion>
      </exclusions>
  </dependency>
  ...
  <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-taglibs</artifactId>
      <version>${spring.security.version}</version>
      <exclusions>
          <exclusion>
              <groupId>org.springframework</groupId>
              <artifactId>spring-web</artifactId>
          </exclusion>
      </exclusions>
  </dependency>
  

• Changed taglib prefix from "authz" to "security" and change the associated taglib declaration to:

  <%@ taglib uri="http://www.springframework.org/security/tags" 
      prefix="security" %>
  

• In web.xml, I changed <filter-class> to org.springframework.web.filter.DelegatingFilterProxy. Since I didn't name my filter springSecurityFilterChain, I also had to add the following <init-param>:

      <init-param>
          <param-name>targetBeanName</param-name>
          <param-value>springSecurityFilterChain</param-value>
      </init-param>
  

• Lastly, I modified security.xml to use the new syntax. AppFuse's security.xml went from 175 lines to 33 with the new security namespace configuration!

It's hard to believe I first looked at Acegi almost 4 years ago. At that time, I said it contained too much XML for my needs. Ben's reaction:

Seriously, the "whole lotta XML" gives you exponentially more power and flexibility than a method such as this could ever hope to provide you.

It's nice to see that Spring Security 2.0 gives you exponentially more power and flexibility without all the XML. Thanks guys!

P.S. You can also view the full changelog for this upgrade.

Update: If you're using <authz:authentication property="fullName"/> in your JSPs, you'll need to change it to <security:authentication property="principal.fullName"/>.

Acegi Security 1.0.6 and Spring Security 2.0-M1

From the Acegi mailing list:

Release 1.0.6 is now available from Sourceforge:

http://sourceforge.net/project/showfiles.php?group_id=104215

This is a minor bugfix and maintenance release - the changelog can be viewed here:

http://jira.springframework.org/secure/ReleaseNote.jspa?version=10671&styleName=Text&projectId=10040

The jar files should also be available from the central maven repository.

Spring Security 2.0-M1
----------------------
This is the first milestone release of Spring Security 2.0. You can download it from:

http://static.springframework.org/downloads/nightly/milestone-download.php?project=SEC

The changelog can be found here:

http://jira.springframework.org/secure/ReleaseNote.jspa?projectId=10040&styleName=Html&version=10451

For maven users, the jars are available from the Spring milestone repository. For details on how to add this to your project, read Ben Hale's article.

I tried this release with AppFuse and all tests pass.

Spring Security 2

It looks like we'll have to wait until next week to get our hands on Spring Security 2 (the next release of Acegi Security). The good news is it looks much simpler. From what I can tell, this new code is available in Acegi's SVN repository. Here's to hoping the Acegi Team writes some sort of migration guide.

Integrate AppFuse with Crowd in 5 Easy Steps

The good folks at Atlassian have written a nice tutorial on Integrating Crowd with AppFuse and Acegi. Crowd is a web-based single sign-on (SSO) tool that simplifies application provisioning and identity management. We use Crowd for the AppFuse project to maintain a single user store for JIRA, Confluence, and Bamboo. It's worked awesome for us.

AppFuse Light 1.8.1 Released: includes upgrades to Spring 2.5 and Wicket 1.3

AppFuse Light 1.8.1 is a bug fixes release that includes an upgrade to Spring 2.5 and Wicket 1.3 RC1. See the Release Notes for more information on what's changed since the last release.

What is AppFuse Light? Click here to find out.

AppFuse Light is a lightweight version of AppFuse. I was inspired to create it while writing Spring Live and looking at the struts-blank and webapp-minimal applications that ship with Struts and Spring, respectively. These "starter" apps were not robust enough for me, and I wanted something like AppFuse, only simpler.

AppFuse Light is designed to show Java Web Developers how to start a bare-bones webapp using a Spring-managed middle-tier backend and Hibernate for persistence. By default, AppFuse Light uses Spring for its MVC framework, but you can change it to JSF/MyFaces, Stripes, Struts 1.x, Struts 2.x, WebWork, Tapestry or Wicket. In addition, there's a number of extras for Spring MVC, including Velocity and FreeMarker versions, Ajax support and Acegi Security support.

This project was formerly named Equinox and has been under development since April 2004.

AppFuse Light now offers 60 possible combinations for download:

• Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
• Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to [email protected]. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forum/user.

If you're a developer of one of the frameworks that AppFuse Light uses - I'd love a code review to make sure I'm "up to snuff" on how to use your framework. I'm also more than willing to give commit rights if you'd like to improve the implementation of your framework.

Live demos are available at:

• Spring · Spring + Ajax · Spring + Acegi
• MyFaces + Facelets
• Stripes
• Struts 1 · Struts 2
• Tapestry
• WebWork
• Wicket

What's on tap for AppFuse Light 2.0? Here's what I'm hoping to do:

1. Drop the seldom-used persistence frameworks: JDBC, JDO and OJB.
2. Drop Struts 1.x and WebWork as web frameworks (replaced by Struts 2).
3. Support the same persistence frameworks as AppFuse: Hibernate, iBATIS and JPA.
4. Re-use appfuse-service, appfuse-hibernate, appfuse-ibatis and appfuse-jpa in AppFuse Light. I'll likely include the core classes (User, Role) since AppFuse Light is more "raw" than AppFuse.
5. Require Java 5.

Let me know if you disagree with any of these items or would like to see other enhancements.

Apache Roller, Acegi Security, LDAP and JA-SIG CAS

Earlier today, I delivered my talk on Apache Roller, Acegi Security and Single Sign-on. As part of this talk, I put together a couple of tutorials you might find useful:

• Roller 4.0 with LDAP and CAS
• Roller 4.0 on Geronimo

NOTE: These tutorials are using Roller's trunk as we found some things to simplify LDAP integration tonight.

You can download a PDF version of my presentation from my publications page.

During the presentation I did a number of demos:

• Installing Roller on Tomcat
• Integrating Roller with Apache Directory Server
• Integration Roller with CAS
• Integrating CAS with LDAP

Rather than saving the demo for the end, I did it as the first part of my presentation. This worked extremely well - especially since I didn't have to worry about running out of time.

If you're using Roller, have you integrated it with LDAP or another SSO solution? If so, is it working well for you?

AppFuse Light 1.8 Released

AppFuse Light 1.8 adds CSS Framework integration, as well as support for Stripes (1.4.2) and Wicket (1.2.6). It also has significant upgrades for JSF and Tapestry; to versions 1.2 and 4.1.3 respectively. See the Release Notes for more information on what's changed since the the beta release of 1.8.

What is AppFuse Light? Click here to find out.

AppFuse Light is a lightweight version of AppFuse. I was inspired to create it while writing Spring Live and looking at the struts-blank and webapp-minimal applications that ship with Struts and Spring, respectively. These "starter" apps were not robust enough for me, and I wanted something like AppFuse, only simpler.

AppFuse Light is designed to show Java Web Developers how to start a bare-bones webapp using a Spring-managed middle-tier backend and Hibernate for persistence. By default, AppFuse Light uses Spring for its MVC framework, but you can change it to JSF/MyFaces, Stripes, Struts 1.x, Struts 2.x, WebWork, Tapestry or Wicket. In addition, there's a number of extras for Spring MVC, including Velocity and FreeMarker versions, Ajax support and Acegi Security support.

This project was formerly named Equinox and has been under development since April 2004.

AppFuse Light now offers 60 possible combinations for download:

• Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
• Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to [email protected]. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forum/user.

If you're a developer of one of the frameworks that AppFuse Light uses - I'd love a code review to make sure I'm "up to snuff" on how to use your framework. I'm also more than willing to give commit rights if you'd like to improve the implementation of your framework.

Live demos are available at:

• Spring · Spring + Ajax · Spring + Acegi
• MyFaces + Facelets
• Stripes
• Struts 1 · Struts 2
• Tapestry
• WebWork
• Wicket

Yes, I realize that 60 combinations is ridiculous. I didn't create the frameworks, I'm just integrating them so you don't have to.

Unfortunately, it's a real pain to create Maven archetypes or they'd all be as easy as mvn archetype:create. Rumor is that the archetype plugin will allow you to create-from-project in the future. When that happens, I'll make sure all the combinations are available as archetypes.

The Security Annotation Framework

Spotted on the Acegi Security mailing list several weeks ago:

A few weeks ago, I started an open source project (Security Annotation Framework) which addresses annotation-based, instance-level access control for Spring applications. It is also based on Spring 2.0's extensible XML authoring features. You can find more info at

http://sourceforge.net/projects/safr and http://safr.sourceforge.net

The framework was created during a project in 2006 and is now available under the Apache 2.0 license. It's a generic framework focused on processing security annotations on Spring beans as well as domain objects (which typically aren't managed by a Spring application context) and can be used to enforce access decisions for domain object instances. It can be used with any authorization provider and is not specific to Acegi. However, I plan to include an example how to use the SAF with Acegi authorization soon. Furthermore, it supports inheritance of annotations from base classes and interfaces.

What do you think about SAF? Are annotations a better way of implementing ACLs on domain objects?

AppFuse Light 1.8 Beta Released

AppFuse Light 1.8 Beta adds CSS Framework integration, as well as support for Stripes (1.4.2) and Wicket (1.2.6). This is a beta release so we can work out some kinks before the final release.

AppFuse Light now offers 60 possible combinations for download:

• Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
• Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to [email protected].java.net. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forums.

If you're a developer of one of the frameworks that AppFuse Light uses - I'd love a code review to make sure I'm "up to snuff" on how to use your framework. I'm also more than willing to give commit rights if you'd like to improve the implementation of your framework.

Live demos are available at:

• Spring · Spring + Ajax · Spring + Acegi
• MyFaces + Facelets
• Stripes
• Struts 1 · Struts 2
• Tapestry
• WebWork
• Wicket

Update: Based on Martin's blog post, I've added the version numbers for Stripes and Wicket (1.4.2 and 1.2.6, respectively). While the Wicket guys recommended I use Wicket 1.3.0, I was already knee deep in 1.2.6 when I read their recommendation. If 1.3.0 really is that much better than 1.2.6, it should be a pleasure to upgrade (and a good learning experience too boot!).