AppFuseSecurityMethods |
|
Your trail: |
Difference between
version 14
and
version 12:
At line 3 changed 1 line. |
Acegi Security is a security framework that is build using the techniques of the [Spring Framework|http://springframework.org] and is made to integrate easily into projects that utilize Spring, such as any application built on AppFuse 1.4 or newer (if your AppFuse app is older than 1.4 there is a tutorial for [migrating your app to use the Spring Framework|AppFuseSpringUpgrade]). The first level of Acegi integration into AppFuse is [authentication|AppFuseAuthentication] and authorization to access URI's based on user ''roles'', and this tutorial will assume you have already completed the migration from container managed security to use Acegi authentication. The next level is to grant or deny user access to methods of our service classes based on the user's role(s). Once you have completed this you may want to go on to adding [Access Control List authorization|AppFuseSecurityACL] for a more fine grained control. |
Acegi Security is a security framework that is build using the techniques of the [Spring Framework|http://springframework.org] and is made to integrate easily into projects that utilize Spring, such as any application built on AppFuse 1.4 or newer (if your AppFuse app is older than 1.4 there is a tutorial for [migrating your app to use the Spring Framework|AppFuseSpringUpgrade]). The first level of Acegi integration into AppFuse is [authentication|AppFuseAuthentication] and authorization to access URI's based on user ''roles'', and this tutorial will assume you have already completed the migration from container managed security to use Acegi authentication. The next level is to grant or deny user access to methods of our service classes based on the user's role(s). Once you have completed this you may want to go on to [Part II|AppFuseSecurityMethods2] or add [Access Control List authorization|AppFuseSecurityACL] for a more fine grained control. |
At line 200 changed 3 lines. |
Now that Acegi Method Invocation authorization is in our application and working we will need to make it grant access based on more than what roles a user has been given. For example we need to make sure a user with only the {{tomcat}} role can only use {{UserManager.getUser()}} to retreive his own account information, and {{UserManager.saveUser()}} only to update his profile. So that is our task in Part II of this tutorial. |
|
%%note __NOTE:__ Part II is not yet ready, so you'll just have to stay tuned ;) %% |
Now that Acegi Method Invocation authorization is in our application and working we will need to make it grant access based on more than what roles a user has been given. For example we need to make sure a user with only the {{tomcat}} role can only use {{UserManager.getUser()}} to retreive his own account information, and {{UserManager.saveUser()}} only to update his profile. So that is our task in [Part II|AppFuseSecurityMethods2] of this tutorial. |
Back to AppFuseSecurityMethods,
or to the Page History.
|