« new design
Java Black Belt »

Acegi, Spring & JSF

Published by peter January 29th, 2006 in java.

Last week I spend some time on the basics for securing the myfaces/spring/ibatis application I’m working on. Since the default j2ee container managed security isn’t particulary flexible I decided to have a look at Acegi.


Acegi has a couple of nice features:

  • Various authentication backends: We include the ability to retrieve your user and granted authority definitions from either an XML file or JDBC datasource. Alternatively, you can implement the single-method DAO interface and obtain authentication details from anywhere you like.
  • Advanced password encoding: Of course, passwords in your authentication repository need not be in plain text. We support both SHA and MD5 encoding, and also pluggable “salt” providers to maximise password security.
  • Thorough documentation: All APIs are fully documented using JavaDoc, with a 40+ page Reference Guide providing an easy-to-follow introduction. More documentation is provided on this web site, as shown in the left hand navigation sidebar.
  • Full (but optional) container integration: The credential collection and authorization capabilities of your Servlet or EJB container can be fully utilised via included “container adapters”. We currently support Catalina (Tomcat), Jetty, JBoss and Resin, with additional containers easily added.

(more to be found on the acegi website)

Setting up Acegi to do the job was a breeze, after refactoring the example application context I managed to get the following configuration working in half an hour:

security spring beans

as you can see in the Graph the configuration is quite complete, and the nice part of Acegi is that every aspect of the framework if fully configurable!

The current implementation, based on a in-memory user store will be replaced by an LDAP provider next week (I’ll keep you posted).

Acegi provides a couple of filters for authentication, which work out of the box. Integration with myfaces is possible, but felt a bit ‘nasty’. And since we would also like to retrieve custom data after authentication (which should typically be triggered from the myfaces tier) I googled around and found a simple solution:

http://jroller.com/page/fairTrade?entry=integrating_acegi_and_jsf_revisited

good stuff!

0 Responses to “Acegi, Spring & JSF”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply


« new design
Java Black Belt »

About

Welcome to the weblog of Peter Maas. Here you'll find various posts related to stuff I like (like my kids and espresso) and stuff I do (like developing software).

JavaOne 2008 Pictures

koe golden_gate_warning_sign IMG_6130 sfeervolverlichte boot IMG_4684.JPG breun raadhuis_hilversum Danielle op de bruggen van Beeld en Geluid IMG_4705.JPG _MG_8016 starbucks zed shaw IMG_4590 kikker (frog) bridge mga dashboard Golden Gate bee on yellow flower Sjoerd op zonnig bospad Rudie
View more photos >

Categories


Meld u aan voor PayPal en begin direct met het accepteren van creditcardbetalingen.