Popular @
Forum Controls
Spotlight Features
The Rich Engineering Heritage Behind Dependency Injection
Andrew McVeigh takes us on a tour of the rich heritage behind dependency injection, what it represents, and tells us why its here to stay.
NetBeans 6: Matisse Updates
NetBeans 6 delivers great updates to the Matisse GUI builder. Spend a few minutes with Roman Strobl and get an expert briefing on what's new and what has changed. (sponsored)
Introduction to Groovy Part 3
In this, the third and final installation of Andres' Introduction to Groovy series, you learn about how Groovy handles variable numbers of arguments, named parameters, currying, and more about Groovy operators. Including, some new operators.
Easier Custom Components with Swing Fuse
Swing Fuse (actually just Fuse), is a framework designed to make it easier to create your own custom desktop components. In this article, Daniel Spiewak shows you how to get started and provides sample source code you can download.
Benchmark Analysis: Guice vs Spring
Willam Louth shows how he uses JXInsight Probes to investigate probable performance issues with code bases that he is not familiar with. He also highlights possible pitfalls in creating a benchmark, as well as in the analysis of results.
Securing Your Java Application - Acegi Security Style
At 5:17 PM on Nov 18, 2004, Matthew Schmidt wrote:
Fresh Jobs for Developers Post a job opportunity
Read the full article here!
16 replies so far (
Post your own)
Re: Securing Your Java Application - Acegi Security Style
Is it possible to get a printable version of the article?Thanks,
Francois
Good read - (with a typo to correct)
Good article, cannot wait for the rest. Just a small typo in the applicationContext.xml examplewebappp should have two p's not three.
Regards,
William
Re: Good read - (with a typo to correct)
Thanks William, I'll correct this.bestuff.com - the best stuff in the world
Re: Securing Your Java Application - Acegi Security Style
Hi Matthew,well, after reading your article I've started using Acegi and found it quite good for securing calls to my Spring remoted web services... so, thanks for the tip
Unfortunately now I'm banging my head against ACL's without much success... do you have some tips to share? In particular, what I'm finding difficult to grasp is not ACL usage for securing access, but the ACL entry creation, management along with how to use ACL permissions such as CREATE and ADMINISTRATION (contained in the SimpleAclEntry class). I've googled around on the net but found no "ACL howto" whatsoever, it seems that everybody does it a different way and details are not exposed.
Do you have any to share?
Re: Good read - (with a typo to correct)
Another typo/secure/.* =ROLE_USER,ROLE_SUPERVISOR
should be
/secure/**=ROLE_USER,ROLE_SUPERVISOR
Re: Securing Your Java Application - Acegi Security Style
Hi Matt,Your article is really valuable but I'm looking forward to the second part of this article.
I'm really having a big problem with ACL. I don't know how to start or what to do and the sample application that's available on sourceforge is not clear.
If you could provide me with help in ACL, I'll be so grateful.
Thanks in Advance.
Sherihan.
Re: Securing Your Java Application - Acegi Security Style
Many of the articles and examples show how nice it is when performing authentication via a web client and using some login page, but I would really love to see a nice example of how to do this via a thick/rich client using the HTTP invoker.How does one send the credentials?
Does the Authentication object then get passed automagically on subsequent remote calls over HTTP?
How does the server side service then get access to this information.
I think it should be simple to do, but I have been having a hard time to get a simple example of it running.
Regards,
Mark
Re: Securing Your Java Application - Acegi Security Style
Thanks for the great article, after testing though I have just one clarification. I may be wrong as I am new to both Spring and Acegi, but when declaring the ROLE's allowed to access a particular path pattern e.g./secure/**=ROLE_USER,ROLE_SUPERVISOR
Behaviour is dependant on the Access Decision Manager used. In your example you use the UnanimousBased decision manager. This means that the user must have ROLE_USER and ROLE_SUPERVISOR permissions for access. However the AffirmativeBased decision manager means if the user has ROLE_USER or ROLE_SUPERVISOR permissions they wil l be allowed access.
Re: Securing Your Java Application - Acegi Security Style
Thanks.The writing about Acegi is good.I have a question about variabe name in login.jsp file.
Username
Password
When I change "j_username" and "j_password" with new names .Then application doesn't run. Can you show me where variable name is defined? Or inherit from Acegi.I found everywhere in application.
Re: Securing Your Java Application - Acegi Security Style
Thanks for this helpful information.I have a follow-up question. I'm architecting an SOA solution and need to protect session EJB methods in the service layer. How can I enforce security through Acegi when a client accesses my service bean through, say, JMS or a web service?
Re: Securing Your Java Application - Acegi Security Style
I looking into usage of acegi security system for my app. which involves users associate to groups and based on the association will get privilage to certain directory/file that the group they belong to on that file system.Is this possible using Spring and acegi security system?
Can you share some guide lines along such thought?
Re: Securing Your Java Application - Acegi Security Style
Hi Mark,Do you have some code to share ?
Thanks
Re: Securing Your Java Application - Acegi Security Style
Hi Matthew Could you plz help me in Securing our application. We are using MySql database where the User Name and Passwords are stored. Even the roles of the users are stored there. As I am new to Spring and Acegi, Plz help me how the above example can be modified so that the user info is brought from the database. I would be obligied for your reply. My mail id is s.anandmohan@gmail.comRe: Securing Your Java Application - Acegi Security Style
Hi Matthew Could you plz help me in Securing our application. We are using MySql database where the User Name and Passwords are stored. Even the roles of the users are stored there. As I am new to Spring and Acegi, Plz help me how the above example can be modified so that the user info is brought from the database. I would be obligied for your reply.