This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
I've evolved my initial effort in JSR-168 Portlet support for Acegi into something that I think is close to ready for inclusion into the overall framework.
I've reimplemented it all as a separate provider with its own implementation of AbstractAuthenticationToken, AuthenticationProvider, UserCache, etc. I've also provided a PortletSessionContextIntegrationInterceptor and PortletProcessingInterceptor.
One of the unique challenges of portlet development in this space is that filters are not applied to portlet requests, so none of the existing filter-based can be used with the portlets. But with the two interceptors above I think it covers the basics and allows for use of MethodSecurityInterceptor and for the taglib in JSP content.
The main thing that is missing at this point is an equivalent of the URL-based security mechanisms such as FilterSecurityInterceptor. Since portlet requests don't include tradition URLs, this is difficult to translate. I think the best thing here will be to implement something parallel to the HandlerMapping classes that allows security to be applied in the same way.
I've posted the classes and some example application context entries on the Spring Portlet Wiki site. You can download the file here:
First let me say that you have done an excellent job at implementing the portlet
security integration with Acegi. I downloaded the bundle and I will try to figure out how to incorporate it in my portal. It would be really cool if you spoil us by including a readme.txt file that explained step-by-step what we need to do to incorporate your files into our portal, more epecifically JBoss portal . Again, you have done us a service, thanks.
By the way, for those interested in jboss portal integration, there is now this wiki. http://wiki.jboss.org/wiki/Wiki.jsp?...Authentication
I will add some comment on how to configure the applicationContext-acegi-security.xml, when I have finished integration of all this...
Problem in Integrating Acegi Security into Liferay portal
I tried to integrate the Acegi into Liferay portal followed by the document given by you (AcegiSecurityPortletIntegration-0.1). I tried to implement the first part of the solution (Delegating Liferay Authentication to Acegi Security Framework). I added the listener and filter to /liferay-portal/portal-web/docroot/WEB-INF/web.xml. When I am deploying the ear file I got the following errors.
<Oct 31, 2007 4:48:36 PM IST> <Warning> <HTTP> <BEA-101162> <User defined listener org.springframework.web.context.ContextLoaderListe ner failed: java.lang.IllegalStateException: Cannot initialize context because there is already a root application context present - check whether you have multiple ContextLoader* definitions in your web.xml!.
java.lang.IllegalStateException: Cannot initialize context because there is already a root application context present - check whether you have multiple ContextLoader* definitions in your web.xml!
at org.springframework.web.context.ContextLoader.init WebApplicationConte
at org.springframework.web.context.ContextLoaderListe ner.contextInitiali
at weblogic.servlet.internal.EventsManager$FireContex tListenerAction.run
at weblogic.security.acl.internal.AuthenticatedSubjec t.doAs(Authenticate
at weblogic.security.service.SecurityManager.runAs(Se curityManager.java:
Truncated. see log file for complete stacktrace
<Oct 31, 2007 4:48:36 PM IST> <Error> <HTTP> <BEA-101165> <Could not load user d
efined filter in web.xml: org.acegisecurity.util.FilterToBeanProxy.
java.lang.IllegalStateException: BeanFactory not initialized or already closed -
call 'refresh' before accessing beans via the ApplicationContext
at org.springframework.context.support.AbstractRefres hableApplicationCon
at org.springframework.context.support.AbstractApplic ationContext.contai
at org.acegisecurity.util.FilterToBeanProxy.doInit(Fi lterToBeanProxy.jav