| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- ===============================================================================
- QUICK-START SAMPLE
- ===============================================================================
- Acegi Security's flexibility can be a bit daunting. Because projects only have
- so much budget, and people only have so much time, often the complexity of
- getting started can seem too high a price to pay. The quick-start sample is
- designed to provide you the basic building blocks needed to be added to your
- existing application.
- Quick-start is not executable or deployable. It's just a convenient, simple
- place where you can see what needs to be added to your web application's
- existing files and directories.
- What you _will_ need to change in the quick-start configuration:
- - It protects a /secure directory from HTTP requests. The /secure directory
- is included (along with a debug.jsp you might find useful), but can be
- deleted as soon as you are up and running. You'll need to setup your own
- URLs to protect in the applicationContext.xml. Search for the
- FilterInvocationInterceptor bean.
- What you _may_ need to change in the quick-start configuration:
- - It uses an in-memory list of users as your authentication repository. This
- means you edit the XML file to add users, change their roles etc. If you'd
- prefer to use a database, remove the InMemoryDaoImpl from the
- applicationContext.xml, and add in a JdbcDaoImpl bean. For an example of
- using the JdbcDaoImpl, search the reference guide.
- What does this buy you? Not a great deal more than using the Servlet spec
- (although we do support regular expressions and Ant paths for URL matching)!
- Seriously, you can use the Servlet spec to protect URLs, so why bother?
- The quick-start sample provides you the BASE security building blocks for
- your application. Whilst there's nothing wrong with using it instead of the
- Servlet spec security just for the better path support or avoiding the
- multitude of container authentication configurations, most people will use it
- because this foundation allows you to simply tweak configuration if you wish
- to:
- - Protect your business beans (search for MethodSecurityInterceptor in docs)
- - Use enterprise-wide single sign on (see CAS section in docs)
- - Use custom authorization voters (see Authorization section in docs)
- - Deploy custom authentication providers (see Authentication section in docs)
- - Perform BASIC authentication (search for BasicProcessingFilter in docs)
- - Automate HTTPS redirection (see Channel Security section in docs)
- Good luck! Don't forget we're happy to help. See the end of the docs for
- contact details.
- $Id$
|
