Acegi Implementation in existing project
This is a short description of how I implemented security in my application using Acegi. (Wont make much sense if not knowing how acegi works though). But here are some links to get started:
Various articles:
http://acegisecurity.org/articles.html
Acegi/Spring forum:
http://forum.springframework.org/forumdisplay.php?f=33
Lets get started
My application already had an User model mapped to the database having username and password.
Implementing Acegi was done in two major steps
1. Preparing the application (Acegi UserDetails, Role model)
2. Configure filters (acegiApplicationContext.xml)
First step (prepare application)
Add acegi details to the existing User
1. Implement Acegi UserDetails interface to existing user class.
2. Make properties and Hibernate mapping to the new properties in the class. Make sure to do setters to the implemented properties from UserDetails.
3. Create a Role and map it to the user. One user can have many roles (Set of roles).
4. Make a JUnit test and create a User, a Role, and give the User a this role, delete the user.
Second Step (Add and configure filters)
1. Start in web.xml and add the FilterToBeanProxy, this will secure filter invocations. It delegates to filterChainProxy that is the next step.
<filter>
<filter-name>Acegi Filter Chain Proxy
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
<init-param>
<param-name>targetBean
<param-value>filterChainProxy
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy
<url-pattern>/*
2. Create an acegiApplicationContext.xml file and add:
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
The FilterChainProxy is used to create and start up the filters. All filters are chained together by the FilterChainProxy and started in the specified order.
3. Lets have a look at the filters we have choosen to use in the filterChainProxy bean.
<!-- Automatically receives AuthenticationEvent messages -->
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context" value="org.acegisecurity.context.SecurityContextImpl">
1. Find the hook where your application add Spring, could be in applicationContext.xml or a plugin in struts-config.xml.
2. Add a acegiApplicationContext.xml, e.g. in struts-config.xml. Better of is to add the acegiApplicationContext.xml in your spring application context file.
<plug-in classname="org.springframework.web.struts.ContextLoaderPlugIn">
<set-property property="contextConfigLocation" value="/WEB-INF/applicationContext.xml,/WEB-INF/acegiApplicationContext.xml">
Note that it is not necessary to make a seperate context file for acegi security. All acegi configuration could easily be done in your spring application context file. But it is good to keep things seperated.
3. Create the acegiApplicationContext.xml and start setting up the needed filters for Authentication, Authorization.
1 comment:
Post a Comment