Announcement Announcement Module
No announcement yet.
Integrating Acegi and custom Authorisation module Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Integrating Acegi and custom Authorisation module

    Hi all,

    I have a working instance of Acegi with authorisation taking place against details stored in the application context file. This was to get a proof of concept.

    As a next step, I built a java library of code to handle authorisation (java code + db code). By itself it works fine and provides functionality like create user, login, logout, disable account after 3 unsuccesful attempts, etc.

    I now need to merge the two systems. I was looking for advice on how to start. Do I need to write a custom Authentication Manager?

    My security system used Subject and Principle objects from JAAS because they are already in the jdk. I believe Acegi uses Authentication objects. The reason I went for Subject/Principle objects is that my code may be used in non-Spring/non-Acegi projects so I wanted to keep it generic.

    Any advice appreciated. Here's the API to my class library for authorisation:

    public class SecurityService {
        public SecurityService(DataSource dataSource) {...}
        public Subject logon(String username, char[] password, String ipaddress)
            throws InvalidLogonException, AccountDisabledException, 
                ChangePasswordException, AlreadyLoggedOnException {...}
        public String encrypt(char[] stringToEncrypt) {...}
        public Subject changePassword(String username, char[] oldpassword,
            char[] newpassword, String ipaddress) throws ChangePasswordException {...}
        public int getSessionTimeout() {...}
        public String getSecuritySetting(String parameter)
            throws UnsupportedSecuritySettingException {...}
        public void createUser(String username, String password)
            throws ChangePasswordException, InvalidUsernameException, 
                CreateUsernameException {...}


  • #2
    If you need JAAS compliance, why not use the Acegi Security JaasAuthenticationProvider? It will save you reinventing the wheel and still offer standards compliance in terms of authentication.