|
|
@@ -0,0 +1,103 @@
|
|
|
+ --------------------------------
|
|
|
+ Acegi Security Suggested Steps
|
|
|
+ --------------------------------
|
|
|
+
|
|
|
+Suggested Steps
|
|
|
+
|
|
|
+ Presented below are the steps we encourage you to take in order to gain the most
|
|
|
+ out of Acegi Security in a realistic timeframe.
|
|
|
+
|
|
|
+
|
|
|
+ [[1]] First of all, deploy the "Tutorial Sample", which is included in the main distribution
|
|
|
+ ZIP file. The sample doesn't do a great deal, but it does give you a template that can
|
|
|
+ be quickly and easily used to integrate into your own project.
|
|
|
+
|
|
|
+ Estimated time: 30 minutes.
|
|
|
+
|
|
|
+
|
|
|
+ [[2]] Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which
|
|
|
+ covers how to add Acegi Security to the commonly-used Petclinic sample application
|
|
|
+ that ships with Spring. This will give you a hands-on approach to integrating
|
|
|
+ Acegi Security into your own application.
|
|
|
+
|
|
|
+ Estimated time: 1 hour.
|
|
|
+
|
|
|
+ [[3]] Next, review the {{{reference.html}Reference Guide}}, and in particular
|
|
|
+ Part I. It has been designed to give you a solid overview. Go through the beans
|
|
|
+ defined in the "Tutorial Sample" and understand their main purpose within the overall
|
|
|
+ framework. Once you understand this, you'll have no difficulty moving on to more
|
|
|
+ complex examples. You can also experiment in the Petclinic tutorial that you
|
|
|
+ implemented in the last step.
|
|
|
+
|
|
|
+ Estimated time: 1 day.
|
|
|
+
|
|
|
+ [[4]] If you have relatively simple security needs, you can probably start to integrate
|
|
|
+ Acegi Security into your application at this point. Just use the "Tutorial Sample"
|
|
|
+ as your basis (now that you understand how it works). Those with more complicated
|
|
|
+ requirements should review the "Contacts Sample" application.
|
|
|
+ This will probably involve deploying <<<acegi-security-sample-contacts-filter.war>>>,
|
|
|
+ which is also included in the release ZIP file.
|
|
|
+
|
|
|
+ The purpose of understanding the "Contacts Sample" is to get a better feel for how method
|
|
|
+ security is implemented, particularly with domain object access control lists. This will
|
|
|
+ really round-out the rest of the framework for you.
|
|
|
+
|
|
|
+ The actual java (TODO: link) code
|
|
|
+ is a completely standard Spring application, except <<<ContactManagerBackend>>>
|
|
|
+ which shows how we create and delete ACL permissions. The rest of the Java code has no
|
|
|
+ security awareness, with all security services being declared in the XML files
|
|
|
+ (don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container
|
|
|
+ declarations or the stock-standard <<<web.xml>>>). The main
|
|
|
+ XML files to review are
|
|
|
+
|
|
|
+ TODO: SVN Links:
|
|
|
+
|
|
|
+~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp),
|
|
|
+~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>,
|
|
|
+~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <<<contactManagerSecurity>>> to the services layer target bean), and
|
|
|
+~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp).
|
|
|
+
|
|
|
+ The XML definitions are comprehensively discussed in the
|
|
|
+ {{{reference.html}Reference Guide}}.
|
|
|
+
|
|
|
+
|
|
|
+ Please note the release ZIP files do not include the sample application Java source code. You
|
|
|
+ will need to download from SVN if you would like to access the Java sources.
|
|
|
+
|
|
|
+ Estimated time: 1-2 days.
|
|
|
+
|
|
|
+
|
|
|
+ [[5]]By now you will have a good grasp on how Acegi Security works, and all that is left to
|
|
|
+ do is design your own application's implementation.
|
|
|
+
|
|
|
+
|
|
|
+ We strongly recommend that you start your actual integration with the "Tutorial Sample".
|
|
|
+ Don't start by integrating with the "Contacts Sample", even if you have complex needs.
|
|
|
+ Most people reporting problems on the forums do so because of a configuration problem,
|
|
|
+ as they're trying to make far too many changes at once without really knowing what
|
|
|
+ they're doing. Instead, make changes one at a time, starting from the bare bones configuration
|
|
|
+ provided by the "Tutorial Sample".
|
|
|
+
|
|
|
+ If you've followed the steps above, and refer back to the
|
|
|
+ {{{reference.html}Reference Guide}},
|
|
|
+ {{{http://www.springframework.org}forums}}, and
|
|
|
+ {{{faq.html}FAQ}}
|
|
|
+ for help, you'll find it pretty easy to implement Acegi Security in your application.
|
|
|
+ Most importantly, you'll be using a security framework that offers you complete container
|
|
|
+ portability, flexibility, and community support - without needing to write and maintain your
|
|
|
+ own code.
|
|
|
+
|
|
|
+ Estimated time: 1-5 days.
|
|
|
+
|
|
|
+
|
|
|
+ Please note the time estimates are just that: estimates. They will vary considerably depending
|
|
|
+ on how much experience you have, particularly with Java and Spring. They will also vary depending
|
|
|
+ on how complex your intended security-enabled application will be. Some people need to push the domain
|
|
|
+ object instance access control list capabilities to the maximum, whilst others don't even need anything
|
|
|
+ beyond web request security. The good thing is Acegi Security will either directly support your future
|
|
|
+ needs, or provide a clearly-defined extension point for addressing them.
|
|
|
+
|
|
|
+
|
|
|
+ We welcome your feedback about how long it has actually taken you to complete each step, so we
|
|
|
+ can update this page and help new users better assess their project timetables in the future.
|
|
|
+ Any other tips on what you found helpful in learning Acegi Security are also very welcome.
|
Luke Taylor