Announcement Announcement Module
No announcement yet.
Acegi in portlets Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Thanks for the feedback. It will be good to add this capability to Acegi Security - I look forward to your comments when 1.3 is out.


    • #17
      Acegi JSR-168 Portlet Integration

      I've evolved my initial effort in JSR-168 Portlet support for Acegi into something that I think is close to ready for inclusion into the overall framework.

      I've reimplemented it all as a separate provider with its own implementation of AbstractAuthenticationToken, AuthenticationProvider, UserCache, etc. I've also provided a PortletSessionContextIntegrationInterceptor and PortletProcessingInterceptor.

      One of the unique challenges of portlet development in this space is that filters are not applied to portlet requests, so none of the existing filter-based can be used with the portlets. But with the two interceptors above I think it covers the basics and allows for use of MethodSecurityInterceptor and for the taglib in JSP content.

      The main thing that is missing at this point is an equivalent of the URL-based security mechanisms such as FilterSecurityInterceptor. Since portlet requests don't include tradition URLs, this is difficult to translate. I think the best thing here will be to implement something parallel to the HandlerMapping classes that allows security to be applied in the same way.

      I've posted the classes and some example application context entries on the Spring Portlet Wiki site. You can download the file here:

      I'm very interested in your feedback. When you get a chance to take a look at it all, let me know what you think.

      John Lewis


      • #18
        First let me say that you have done an excellent job at implementing the portlet
        security integration with Acegi. I downloaded the bundle and I will try to figure out how to incorporate it in my portal. It would be really cool if you spoil us by including a readme.txt file that explained step-by-step what we need to do to incorporate your files into our portal, more epecifically JBoss portal . Again, you have done us a service, thanks.


        • #19
          Current status?

          What is the current status of the JSR-168 Portlet support in Acegi Security?
          Is there an update of John's code, or even an integration into the main code base?



          • #20
            I'm also interested in any news about ACEGI & JSR-168 integration.Any progress ?


            • #21
              I'm also interested in any news about Acegi & JSR-168 integration.
              For using Acegi with JBoss Portal...


              • #22
                By the way, for those interested in jboss portal integration, there is now this wiki.
                I will add some comment on how to configure the applicationContext-acegi-security.xml, when I have finished integration of all this...


                • #23
                  what about eXo Portal?

                  Hi all
                  I want to use acegi in eXo Portal
                  has someone tested it?


                  • #24
                    no one tryied this integration?

                    is there documentation anywhere?

                    thanks to all
                    best regards


                    • #25
                      Any help on how to integrate ACEGI security into portlet running on Liferay?

                      Thanks a lot in advance.


                      • #26
                        Acegi Portlet Integration

                        Hi all,

                        I have recently intagrated Acegi Security Framework with Liferay and JBoss portals. My solution allows us to use all of Acegi's authorization features within individual portlets.

                        The solution is applicaple for all other JSR-168 compliant portals, though I have currently applied it to only Liferay 4.2.2 and JBoss 2.6.1.

                        I have put the solution together with sample web applications into acegi-ext open source project. You can access it from this URL:

                        There is also another sub component called acegi-acl-management under acegi-ext,which helps us ACL management of domain objects decleratively.

                        You can also see documentation in which I explain the solution and use of Acegi Security features inside portals. Documenation url:

                        Kind Regards

                        Kenan Sevindik


                        • #27
                          Thanks a lot,
                          I will surely look at it as soon as I come back to my work on Acegi.
                          I put a post in jboss forum to indicate this post...


                          • #28
                            Thanks a lot Kenan!!!...
                            I'm sure your help will be much appreciated!!..
                            I'll definitely look at it.

                            Thanks once again.


                            • #29
                              There is a portlet support module in the 2.0 source tree




                              • #30
                                Problem in Integrating Acegi Security into Liferay portal

                                Hi Kenan,

                                I tried to integrate the Acegi into Liferay portal followed by the document given by you (AcegiSecurityPortletIntegration-0.1). I tried to implement the first part of the solution (Delegating Liferay Authentication to Acegi Security Framework). I added the listener and filter to /liferay-portal/portal-web/docroot/WEB-INF/web.xml. When I am deploying the ear file I got the following errors.

                                <Oct 31, 2007 4:48:36 PM IST> <Warning> <HTTP> <BEA-101162> <User defined listener org.springframework.web.context.ContextLoaderListe ner failed: java.lang.IllegalStateException: Cannot initialize context because there is already a root application context present - check whether you have multiple ContextLoader* definitions in your web.xml!.
                                java.lang.IllegalStateException: Cannot initialize context because there is already a root application context present - check whether you have multiple ContextLoader* definitions in your web.xml!
                                at org.springframework.web.context.ContextLoader.init WebApplicationConte
                                at org.springframework.web.context.ContextLoaderListe ner.contextInitiali
                                at weblogic.servlet.internal.EventsManager$FireContex
                                at t.doAs(Authenticate
                                Truncated. see log file for complete stacktrace
                                <Oct 31, 2007 4:48:36 PM IST> <Error> <HTTP> <BEA-101165> <Could not load user d
                                efined filter in web.xml: org.acegisecurity.util.FilterToBeanProxy.
                                java.lang.IllegalStateException: BeanFactory not initialized or already closed -
                                call 'refresh' before accessing beans via the ApplicationContext
                                at hableApplicationCon
                                at ationContext.contai
                                at org.acegisecurity.util.FilterToBeanProxy.doInit(Fi lterToBeanProxy.jav
                                a:123) ......

                                Any help on how to resolve the above issue.

                                Thanks a lot in advance.