Luke Taylor
19 years ago
2 changed files with 103 additions and 4 deletions
@ -0,0 +1,103 @@
@@ -0,0 +1,103 @@
|
||||
-------------------------------- |
||||
Acegi Security Suggested Steps |
||||
-------------------------------- |
||||
|
||||
Suggested Steps |
||||
|
||||
Presented below are the steps we encourage you to take in order to gain the most |
||||
out of Acegi Security in a realistic timeframe. |
||||
|
||||
|
||||
[[1]] First of all, deploy the "Tutorial Sample", which is included in the main distribution |
||||
ZIP file. The sample doesn't do a great deal, but it does give you a template that can |
||||
be quickly and easily used to integrate into your own project. |
||||
|
||||
Estimated time: 30 minutes. |
||||
|
||||
|
||||
[[2]] Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which |
||||
covers how to add Acegi Security to the commonly-used Petclinic sample application |
||||
that ships with Spring. This will give you a hands-on approach to integrating |
||||
Acegi Security into your own application. |
||||
|
||||
Estimated time: 1 hour. |
||||
|
||||
[[3]] Next, review the {{{reference.html}Reference Guide}}, and in particular |
||||
Part I. It has been designed to give you a solid overview. Go through the beans |
||||
defined in the "Tutorial Sample" and understand their main purpose within the overall |
||||
framework. Once you understand this, you'll have no difficulty moving on to more |
||||
complex examples. You can also experiment in the Petclinic tutorial that you |
||||
implemented in the last step. |
||||
|
||||
Estimated time: 1 day. |
||||
|
||||
[[4]] If you have relatively simple security needs, you can probably start to integrate |
||||
Acegi Security into your application at this point. Just use the "Tutorial Sample" |
||||
as your basis (now that you understand how it works). Those with more complicated |
||||
requirements should review the "Contacts Sample" application. |
||||
This will probably involve deploying <<<acegi-security-sample-contacts-filter.war>>>, |
||||
which is also included in the release ZIP file. |
||||
|
||||
The purpose of understanding the "Contacts Sample" is to get a better feel for how method |
||||
security is implemented, particularly with domain object access control lists. This will |
||||
really round-out the rest of the framework for you. |
||||
|
||||
The actual java (TODO: link) code |
||||
is a completely standard Spring application, except <<<ContactManagerBackend>>> |
||||
which shows how we create and delete ACL permissions. The rest of the Java code has no |
||||
security awareness, with all security services being declared in the XML files |
||||
(don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container |
||||
declarations or the stock-standard <<<web.xml>>>). The main |
||||
XML files to review are |
||||
|
||||
TODO: SVN Links: |
||||
|
||||
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp), |
||||
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>, |
||||
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <<<contactManagerSecurity>>> to the services layer target bean), and |
||||
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp). |
||||
|
||||
The XML definitions are comprehensively discussed in the |
||||
{{{reference.html}Reference Guide}}. |
||||
|
||||
|
||||
Please note the release ZIP files do not include the sample application Java source code. You |
||||
will need to download from SVN if you would like to access the Java sources. |
||||
|
||||
Estimated time: 1-2 days. |
||||
|
||||
|
||||
[[5]]By now you will have a good grasp on how Acegi Security works, and all that is left to |
||||
do is design your own application's implementation. |
||||
|
||||
|
||||
We strongly recommend that you start your actual integration with the "Tutorial Sample". |
||||
Don't start by integrating with the "Contacts Sample", even if you have complex needs. |
||||
Most people reporting problems on the forums do so because of a configuration problem, |
||||
as they're trying to make far too many changes at once without really knowing what |
||||
they're doing. Instead, make changes one at a time, starting from the bare bones configuration |
||||
provided by the "Tutorial Sample". |
||||
|
||||
If you've followed the steps above, and refer back to the |
||||
{{{reference.html}Reference Guide}}, |
||||
{{{http://www.springframework.org}forums}}, and |
||||
{{{faq.html}FAQ}} |
||||
for help, you'll find it pretty easy to implement Acegi Security in your application. |
||||
Most importantly, you'll be using a security framework that offers you complete container |
||||
portability, flexibility, and community support - without needing to write and maintain your |
||||
own code. |
||||
|
||||
Estimated time: 1-5 days. |
||||
|
||||
|
||||
Please note the time estimates are just that: estimates. They will vary considerably depending |
||||
on how much experience you have, particularly with Java and Spring. They will also vary depending |
||||
on how complex your intended security-enabled application will be. Some people need to push the domain |
||||
object instance access control list capabilities to the maximum, whilst others don't even need anything |
||||
beyond web request security. The good thing is Acegi Security will either directly support your future |
||||
needs, or provide a clearly-defined extension point for addressing them. |
||||
|
||||
|
||||
We welcome your feedback about how long it has actually taken you to complete each step, so we |
||||
can update this page and help new users better assess their project timetables in the future. |
||||
Any other tips on what you found helpful in learning Acegi Security are also very welcome. |
||||
Loading…
Reference in new issue