spring-security/doc/xdocs/suggested.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<document><properties><title>Acegi Security Suggested Steps</title></properties><body><section name="Suggested Steps"><p>Presented below are the steps we encourage you to take in order to gain the most
  out of Acegi Security in a realistic timeframe.
  <ol>
    <li>
    First of all, deploy the "Tutorial Sample", which is included in the main distribution
    ZIP file. The sample doesn't do a great deal, but it does give you a template that can
    be quickly and easily used to integrate into your own project.<br></br><br></br>

	Estimated time: 30 minutes.<br></br><br></br>
	</li>
	
    <li>
    Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which
    covers how to add Acegi Security to the commonly-used Petclinic sample application
    that ships with Spring. This will give you a hands-on approach to integrating
    Acegi Security into your own application.<br></br><br></br>

	Estimated time: 1 hour.<br></br><br></br>
	</li>
	
	<li>
	Next, review the <a href="reference.html">Reference Guide</a>, and in particular
	Part I. It has been designed to give you a solid overview. Go through the beans
	defined in the "Tutorial Sample" and understand their main purpose within the overall
	framework. Once you understand this, you'll have no difficulty moving on to more
	complex examples. You can also experiment in the Petclinic tutorial that you
	implemented in the last step.<br></br><br></br>

	Estimated time: 1 day.<br></br><br></br>
	</li>
	
	<li>
	If you have relatively simple security needs, you can probably start to integrate
	Acegi Security into your application at this point. Just use the "Tutorial Sample"
	as your basis (now that you understand how it works). Those with more complicated
	requirements should review the "Contacts Sample" application.
	This will probably involve deploying <code>acegi-security-sample-contacts-filter.war</code>,
	which is also included in the release ZIP file.<br></br><br></br>
	
	The purpose of understanding the "Contacts Sample" is to get a better feel for how method
	security is implemented, particularly with domain object access control lists. This will
	really round-out the rest of the framework for you.<br></br><br></br>
	
	The actual <a target="_blank" class="newWindow" href="multiproject/acegi-security-sample-contacts/xref/index.html">java code</a>
	is a completely standard Spring application, except <code>ContactManagerBackend</code>
	which shows how we create and delete ACL permissions. The rest of the Java code has no
	security awareness, with all security services being declared in the XML files
	(don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container
	declarations or the stock-standard <code>web.xml</code>). The main
	XML files to review are
	<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp),
	<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>,
	<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <code>contactManagerSecurity</code> to the services layer target bean), and
	<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp).
	The XML definitions are comprehensively discussed in the
	<a href="reference.html">Reference Guide</a>.
	<br></br><br></br>
		
	Please note the release ZIP files do not include the sample application Java source code. You
	will need to download from SVN if you would like to access the Java sources.<br></br><br></br>
	
	Estimated time: 1-2 days.<br></br><br></br>
	</li>
	
	<li>By now you will have a good grasp on how Acegi Security works, and all that is left to
	do is design your own application's implementation.
	<br></br><br></br>
		
	We strongly recommend that you start your actual integration with the "Tutorial Sample".
	Don't start by integrating with the "Contacts Sample", even if you have complex needs.
	Most people reporting problems on the forums do so because of a configuration problem,
	as they're trying to make far too many changes at once without really knowing what
	they're doing. Instead, make changes one at a time, starting from the bare bones configuration
	provided by the "Tutorial Sample".<br></br><br></br>
	
	If you've followed the steps above, and refer back to the 
	<a href="reference.html">Reference Guide</a>, 
	<a href="http://www.springframework.org">forums</a>, and 
	<a href="faq.html">FAQ</a>
	for help, you'll find it pretty easy to implement Acegi Security in your application.
	Most importantly, you'll be using a security framework that offers you complete container
	portability, flexibility, and community support - without needing to write and maintain your
	own code.<br></br><br></br>
	
	Estimated time: 1-5 days.<br></br><br></br>
	
	</li>
	
  </ol>
  
  </p><p>Please note the time estimates are just that: estimates. They will vary considerably depending
  on how much experience you have, particularly with Java and Spring. They will also vary depending
  on how complex your intended security-enabled application will be. Some people need to push the domain
  object instance access control list capabilities to the maximum, whilst others don't even need anything
  beyond web request security. The good thing is Acegi Security will either directly support your future
  needs, or provide a clearly-defined extension point for addressing them.
  
  </p><p>
  We welcome your feedback about how long it has actually taken you to complete each step, so we
  can update this page and help new users better assess their project timetables in the future.
  Any other tips on what you found helpful in learning Acegi Security are also very welcome.


</p></section></body></document>