GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Spring Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1632 Commits
0 Branches
331 Tags
122 MiB
 
 
 
 
Tree: 0f517cb8e2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f517cb8e2'
${ noResults }
spring-security/doc/xdocs/suggested.html

133 lines
7.1 KiB
Raw Blame History

<!--
* ========================================================================
*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Acegi Security Suggested Steps</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Suggested Steps</h1>
<p>Presented below are the steps we encourage you to take in order to gain the most
out of Acegi Security in a realistic timeframe.
<ol>
<li>
First of all, deploy the "Tutorial Sample", which is included in the main distribution
ZIP file. The sample doesn't do a great deal, but it does give you a template that can
be quickly and easily used to integrate into your own project.<br><br>
Estimated time: 30 minutes.<br><br>
</li>
<li>
Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which
covers how to add Acegi Security to the commonly-used Petclinic sample application
that ships with Spring. This will give you a hands-on approach to integrating
Acegi Security into your own application.<br><br>
Estimated time: 1 hour.<br><br>
</li>
<li>
Next, review the <a href="reference.html">Reference Guide</a>, and in particular
Part I. It has been designed to give you a solid overview. Go through the beans
defined in the "Tutorial Sample" and understand their main purpose within the overall
framework. Once you understand this, you'll have no difficulty moving on to more
complex examples. You can also experiment in the Petclinic tutorial that you
implemented in the last step.<br><br>
Estimated time: 1 day.<br><br>
</li>
<li>
If you have relatively simple security needs, you can probably start to integrate
Acegi Security into your application at this point. Just use the "Tutorial Sample"
as your basis (now that you understand how it works). Those with more complicated
requirements should review the "Contacts Sample" application.
This will probably involve deploying <code>acegi-security-sample-contacts-filter.war</code>,
which is also included in the release ZIP file.<br><br>
The purpose of understanding the "Contacts Sample" is to get a better feel for how method
security is implemented, particularly with domain object access control lists. This will
really round-out the rest of the framework for you.<br><br>
The actual <a target="_blank" class="newWindow" href="multiproject/acegi-security-sample-contacts/xref/index.html">java code</a>
is a completely standard Spring application, except <code>ContactManagerBackend</code>
which shows how we create and delete ACL permissions. The rest of the Java code has no
security awareness, with all security services being declared in the XML files
(don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container
declarations or the stock-standard <code>web.xml</code>). The main
XML files to review are
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp),
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>,
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <code>contactManagerSecurity</code> to the services layer target bean), and
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp).
The XML definitions are comprehensively discussed in the
<a href="reference.html">Reference Guide</a>.
<br><br>
Please note the release ZIP files do not include the sample application Java source code. You
will need to download from SVN if you would like to access the Java sources.<br><br>
Estimated time: 1-2 days.<br><br>
</li>
<li>By now you will have a good grasp on how Acegi Security works, and all that is left to
do is design your own application's implementation.
<br><br>
We strongly recommend that you start your actual integration with the "Tutorial Sample".
Don't start by integrating with the "Contacts Sample", even if you have complex needs.
Most people reporting problems on the forums do so because of a configuration problem,
as they're trying to make far too many changes at once without really knowing what
they're doing. Instead, make changes one at a time, starting from the bare bones configuration
provided by the "Tutorial Sample".<br><br>
If you've followed the steps above, and refer back to the
<a href="reference.html">Reference Guide</a>,
<a href="http://www.springframework.org">forums</a>, and
<a href="faq.html">FAQ</a>
for help, you'll find it pretty easy to implement Acegi Security in your application.
Most importantly, you'll be using a security framework that offers you complete container
portability, flexibility, and community support - without needing to write and maintain your
own code.<br><br>
Estimated time: 1-5 days.<br><br>
</br>
</li>
</ol>
<p>Please note the time estimates are just that: estimates. They will vary considerably depending
on how much experience you have, particularly with Java and Spring. They will also vary depending
on how complex your intended security-enabled application will be. Some people need to push the domain
object instance access control list capabilities to the maximum, whilst others don't even need anything
beyond web request security. The good thing is Acegi Security will either directly support your future
needs, or provide a clearly-defined extension point for addressing them.
<p>
We welcome your feedback about how long it has actually taken you to complete each step, so we
can update this page and help new users better assess their project timetables in the future.
Any other tips on what you found helpful in learning Acegi Security are also very welcome.
</body>
</html>