Raible's Wiki

Raible Designs
Wiki Home
News
Recent Changes

AppFuse

Homepage
  - Korean
  - Chinese
  - Italian
  - Japanese

QuickStart Guide
  - Chinese
  - French
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish
  - Japanese

User Guide
  - Korean
  - Chinese

Tutorials
  - Chinese
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish

FAQ
  - Korean

Latest Downloads

Other Applications

Struts Resume
Security Example
Struts Menu

Set your name in
UserPreferences


Referenced by
...nobody




JSPWiki v2.2.33

[RSS]


Hide Menu

AppFuseSecurity


Difference between version 30 and version 8:

At line 1 changed 1 line.
[AppFuse] has used [Container-Managed Authentication|http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security4.html#67530] since it was first created. However, in version 1.8, this was replaced with the [Acegi Security Framework for Spring|http://acegisecurity.sf.net]. The main reasons for this can be found on [raibledesigns.com|http://raibledesigns.com/page/rd?anchor=re_j2ee_app_server_security].
This page is a starting point for [AppFuse] related security issues, tutorials and how to's. As of 1.8, AppFuse uses [Acegi Security|http://acegisecurity.sourceforge.net] for authentication and authorization. In 1.7 and prior, container-managed authentication (CMA) was used. You can revert to CMA if you prefer.
At line 3 changed 36 lines.
The purpose of this page is to describe what I did to integrate Acegi Security into 1.8. Hopefull you can use this to change your pre-1.8 applications to Acegi Security if you like. The nice thing about migrating to Acegi Security is your application becomes more portable and you don't have to worry about configuring your application server. Also, there weren't many code changes involved in the integration process - which proves Acegi Security works very well with all the existing code that talks to the security methods of the Servlet API (i.e. request.isUserInRole(), etc.)
Part II of this tutorial shows you how to remove Acegi Security from AppFuse and revert back to Container-Managed Authentication.
%%note __NOTE:__ This tutorial is ''in progress'' - please don't use it until this message is gone.%%
!Table of Contents
* [1] Add Acegi Security JARs to your project
* [2] Create applicationContext-security.xml
* [3] Configure filters and filter-mappings
* [4] Remove web-settings.xml from metadata/web
* [5] Add an "enabled" variable to the User object
* [6] Configure logging for Acegi Security
* [7] Remove setting from LoginServlet.java to catch duplicate logins
!!Add Acegi Security JARs to your project [#1]
* acegi-security-0.7-SNAPSHOT.jar
* commons-code.jar
!!Create applicationContext-security.xml [#2]
!!Configure filters and filter-mappings [#3]
!!Remove web-settings.xml from metadata/web [#4]
!!Add an "enabled" variable to the User object [#5]
* Enable user as part of Signup Process
* Add "enabled" column to the sample-data.xml and enable all users
* Add key for enabled label to view and ResourceBundles
!!Configure logging for Acegi Security [#6]
!!Remove setting from LoginServlet.java to catch duplicate logins [#7]
* How to migrate your pre-AppFuse 1.8 application to [use Acegi Security for authentication|AppFuseAuthentication].
* How to use Acegi Security for [securing methods by role|AppFuseSecurityMethods].
* How to use Acegi Security to [control access to objects with ACLs|AppFuseAcegiACL].

Back to AppFuseSecurity, or to the Page History.