To complete this tutorial, you will require a servlet container (such as Tomcat) and a general understanding of using Spring without Acegi Security. The Petclinic sample itself is part of Spring and should help you learn Spring. We suggest you only try to learn one thing at a time, and start with Spring/Petclinic before Acegi Security.
Unzip both files. After unzipping Acegi Security, you'll need to unzip the acegi-security-sample-tutorial.war file, because we need some files that are included within it. In the code below, we'll refer to the respective unzipped locations as %spring% and %acegi% (with the latter variable referring to the unzipped WAR, not the original ZIP). There is no need to setup any environment variables to complete the tutorial.
Start the Hypersonic server (this is just normal Petclinic configuration):
cd %spring%\samples\petclinic\db\hsqldb server
Insert some data (again, normal Petclinic configuration):
cd %spring%\samples\petclinic build setupDB
Edit %spring%\samples\petclinic\war\WEB-INF\web.xml and insert the following block of code.
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Next, locate the "contextConfigLocation" parameter, and add a new line into the existing param-value.
The resulting block will look like this:
<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext-jdbc.xml /WEB-INF/applicationContext-acegi-security.xml </param-value> </context-param>
We now need to put some extra files into Petclinic. The following commands should work:
copy %acegi%\acegilogin.jsp %spring%\samples\petclinic\war copy %acegi%\WEB-INF\users.properties %spring%\samples\petclinic\war\WEB-INF copy %acegi%\WEB-INF\applicationContext-acegi-security.xml %spring%\samples\petclinic\war\WEB-INF copy %acegi%\WEB-INF\lib\acegi-security-1.0.0.jar %spring%\samples\petclinic\war\WEB-INF\lib copy %acegi%\WEB-INF\lib\oro-2.0.8.jar %spring%\samples\petclinic\war\WEB-INF\lib copy %acegi%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WEB-INF\lib
To make it easier to experiment with the application, let's edit %spring%\samples\petclinic\war\WEB-INF\jsp\footer.jsp. Add a new "logout" link, as shown:
<table style="width:100%"><tr> <td><A href="<c:url value="/welcome.htm"/>">Home</A></td> <td><A href="<c:url value="/j_acegi_logout"/>">Logout</A></td> <td style="text-align:right;color:silver">PetClinic :: a Spring Framework demonstration</td> </tr></table>
Our last step is to specify which URLs require authorization and which do not. Let's edit %spring%\samples\petclinic\war\WEB-INF\applicationContext-acegi-security.xml. Scroll to the bottom and locate the bean definition for FilterSecurityInterceptor. Edit its objectDefinitionSource property so that it reflects the following:
<property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY /**=IS_AUTHENTICATED_REMEMBERED </value> </property>
Use the Ant build and deploy to your servlet container:
cd %spring%\samples\petclinic build warfile copy dist\petclinic.war %TOMCAT_HOME%\webapps
Finally, start your container and try to visit the home page. Your request should be intercepted and you will be forced to login.
These steps can be applied to your own application. Although we do suggest that you visit http://acegisecurity.org and in particular review the "Suggested Steps" for getting started with Acegi Security.