Securing Application Servlets
Declarative transactions are the most popular declarative services in Spring, but not the only ones. Spring also allows declarative remoting and declarative security. In this example, you'll use a declarative security service called ACEGI.
Why do I care?
Since ACEGI is a declarative service, you can use it to secure any method on any bean in the context, without writing extra supportive code. ACEGI also has advanced features that are well beyond most EJB implementations, including the following:
A robust sign on implementation, based on Yale University's open source Central Authentication Services (CAS)
An instance based security model
Pluggable authentication implementations
HTTP authentication
You can access many of ACEGI's features declaratively. Your POJOs will not be overwhelmed with security code.
How do I do that?
First, you'll use
the servlet-based
implementation of ACEGI. This approach uses servlet filters.
You'll configure it through a combination of
additions to the Spring and web.xml
configurations. To get going with ACEGI, download the latest version
from their web site (http://acegisecurity.sourceforge.net/downloads.html).
We used Version 0.6.1. From the /dist folder, copy
acegi-security-catalina-server.jar into the
/server/lib folder of your Tomcat install. You
will also need available to your web application
aopalliance.jar, spring.jar,
and acegi-security-catalina-common.jar, and
acegi-security.jar.
Your first implementation will used forms-based ...
Get Spring: A Developer's Notebook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
