At line 3 changed 1 line. |
The purpose of this page is to describe what I did to integrate Acegi Security into 1.8. Hopefull you can use this to change your pre-1.8 applications to Acegi Security if you like. The nice thing about migrating to Acegi Security is your application becomes more portable and you don't have to worry about configuring your application server. Also, there weren't many code changes involved in the integration process - which proves Acegi Security works very well with all the existing code that talks to the security methods of the Servlet API (i.e. request.isUserInRole(), etc.) |
The purpose of this page is to describe what we did to integrate Acegi Security into 1.8. Hopefully you can use this to change your pre-1.8 applications to Acegi Security if you like. The nice thing about migrating to Acegi Security is your application becomes more portable and you don't have to worry about configuring your application server. Also, there weren't many code changes involved in the integration process - which proves Acegi Security works very well with all the existing code that talks to the security methods of the Servlet API (i.e. request.isUserInRole(), etc.) |
At line 5 changed 1 line. |
<a href="#PartII">Part II</a> of this tutorial shows you how to remove Acegi Security from AppFuse and revert back to Container-Managed Authentication (CMA). However, this might not be a necessary step if you want to use CMA because Acegi Security has a number of [Container Adapters|http://acegisecurity.sourceforge.net/docbook/acegi.html#security-container-adapters] available. |
<a href="#part2">Part II</a> of this tutorial shows you how to remove Acegi Security from AppFuse and revert back to Container-Managed Authentication (CMA). However, this might not be a necessary step if you want to use CMA because Acegi Security has a number of [Container Adapters|http://acegisecurity.sourceforge.net/docbook/acegi.html#security-container-adapters] available. |
At line 7 changed 1 line. |
<div class="note" style="margin: 10px; background-color: #fcc">__WARNING:__ It's likely that AppFuse will use more of Acegi Security features (i.e. Remember Me and Password Encryption) in 1.9+. Therefore, the instructions in Part II only apply to AppFuse 1.8.</div> |
<div class="note" style="background-color: #fcc">__WARNING:__ It's likely that AppFuse will use more of Acegi Security features (i.e. Remember Me and Password Encryption) in 1.9+. Therefore, the instructions in Part II only apply to AppFuse 1.8.</div> |
At line 10 changed 8 lines. |
* [1.1] Add Acegi Security JARs to your project |
* [1.2] Create applicationContext-security.xml |
* [1.3] Configure filter and its filter-mapping |
* [1.4] Remove web-security.xml from metadata/web |
* [1.5] Add an "enabled" variable to the User object (optional) |
* [1.6] Configure logging for Acegi Security |
* [1.7] Remove setting from LoginServlet.java to prevent duplicate logins |
* [1.8] Add code to logout.jsp so logout succeeds |
* [1.1|1] Add Acegi Security JARs to your project |
* [1.2|2] Create applicationContext-security.xml |
* [1.3|3] Configure filter and its filter-mapping |
* [1.4|4] Remove web-security.xml from metadata/web |
* [1.5|5] Add an "enabled" variable to the User object (optional) |
* [1.6|6] Configure logging for Acegi Security |
* [1.7|7] Remove setting from LoginServlet.java to prevent duplicate logins |
* [1.8|8] Add code to logout.jsp so logout succeeds |
At line 19 changed 7 lines. |
!Table of Contents - Part II |
* [2.1] Remove Acegi Security files from your project |
* [2.2] Remove filter and its filter-mapping |
* [2.3] Add web-security.xml to metadata/web |
* [2.4] Add logic to detect disabled users (optional) |
* [2.5] Remove Acegi Security's logging settings (optional) |
* [2.6] Add code to LoginServlet.java to prevent duplicate logins |
<!-- I left steps #9-19 out of the sequence to give room for additional steps --> |
At line 27 changed 1 line. |
!!Add Acegi Security JARs to your project [#1.1] |
!!Add Acegi Security JARs to your project [#1] |
At line 30 changed 2 lines. |
* [acegi-security-0.8.1.jar|https://appfuse.dev.java.net/source/browse/*checkout*/appfuse/lib/spring-1.1.5/acegi-security-0.8.1.jar] |
* [commons-codec.jar|https://appfuse.dev.java.net/source/browse/*checkout*/appfuse/lib/spring-1.1.5/commons-codec.jar] |
* [acegi-security-0.8.2.jar|https://appfuse.dev.java.net/source/browse/*checkout*/appfuse/lib/spring-1.2/acegi-security-0.8.2.jar] |
* [commons-codec.jar|https://appfuse.dev.java.net/source/browse/*checkout*/appfuse/lib/spring-1.2/commons-codec.jar] |
At line 33 changed 1 line. |
!!Create applicationContext-security.xml [#1.2] |
!!Create applicationContext-security.xml [#2] |
At line 42 changed 1 line. |
!!Configure filters and filter-mappings [#1.3] |
!!Configure filters and filter-mappings [#3] |
At line 65 changed 1 line. |
!!Remove web-security.xml from metadata/web [#1.4] |
!!Remove web-security.xml from metadata/web [#4] |
At line 68 changed 1 line. |
!!Add an "enabled" variable to the User object [#1.5] |
!!Add an "enabled" variable to the User object [#5] |
At line 76 added 1 line. |
|
At line 128 changed 1 line. |
!!Configure logging for Acegi Security [#1.6] |
!!Configure logging for Acegi Security [#6] |
At line 128 added 1 line. |
log4j.logger.net.sf.acegisecurity.intercept.event.LoggerListener=WARN |
At line 135 changed 1 line. |
!!Remove setting from LoginServlet.java to prevent duplicate logins [#1.7] |
!!Remove setting from LoginServlet.java to prevent duplicate logins [#7] |
At line 164 added 1 line. |
<p> </p> |
At line 169 removed 1 line. |
!Removing Acegi and reverting to CMA |
At line 171 changed 1 line. |
!!Remove Acegi Security files from your project [#2.1] |
<a name="part2"></a> |
<h2 style="background-color: white; border: 0; margin-left: 0">Part II - Removing Acegi and reverting to CMA</h2> |
|
Use the instructions below to change your AppFuse 1.8 application to use CMA. We don't expect many folks will need to do this, but more documentation is better than less. ;-) |
|
!Table of Contents - Part II |
* [2.1|20] Remove Acegi Security files from your project |
* [2.2|21] Remove filter and its filter-mapping |
* [2.3|22] Add web-security.xml to metadata/web |
* [2.4|23] Add logic to detect disabled users (optional) |
* [2.5|24] Remove Acegi Security's logging settings (optional) |
* [2.6|25] Add code to LoginServlet.java to prevent duplicate logins |
|
!!Remove Acegi Security files from your project [#20] |
At line 174 changed 1 line. |
!!Remove securityFilter and its filter-mapping [#2.2] |
!!Remove securityFilter and its filter-mapping [#21] |
At line 177 changed 1 line. |
!!Add web-security.xml to metadata/web [#2.3] |
!!Add web-security.xml to metadata/web [#23] |
|
At line 180 changed 1 line. |
!!Add logic to detect disabled users (optional) [#2.4] |
!!Add logic to detect disabled users (optional) [#24] |
At line 183 changed 1 line. |
[{Java2HmtlPlugin |
[{Java2HtmlPlugin |
At line 189 changed 1 line. |
response.sendRedirect(request.getContextPath() + "/logout.jsp?error=true"); |
request.getSession().invalidate(); |
response.sendRedirect(request.getContextPath() + "/loginError.jsp"); |
At line 196 changed 1 line. |
!!Remove Acegi Security's logging settings (optional) [#2.5] |
!!Remove Acegi Security's logging settings (optional) [#25] |
At line 204 changed 1 line. |
!!Add code to LoginServlet.java to prevent duplicate logins [#2.6] |
!!Add code to LoginServlet.java to prevent duplicate logins [#26] |
At line 224 changed 2 lines. |
---- |
Issues or problems with these instructions? If so, please send your questions to [users-AT-appfuse.dev.java.net|mailto:[email protected]?subject=AppFuse Authentication Problems]. |
''Issues or problems with these instructions? If so, please send your questions to [users-AT-appfuse.dev.java.net|mailto:[email protected]?subject=AppFuse Authentication Problems].'' |