Announcement Announcement Module
Collapse
No announcement yet.
Acegi newbie and Struts integration Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi newbie and Struts integration

    I'm new to this spring-acegi movement so sorry if I'm asking obvious questions but I'm having some problems in migrating. I used to specify roles that can execute struts action in struts config, can I still use this feature?
    I used to do the login in the LoginAction and it's ActionForm where I'd invoke a business delegate through which I'd authenticate the user, take the UserDTO from my app's model and I'd add it to the session. Does this continues to be a good practice?
    Also as I don't use the j_acegi_security_check but my action on the form leads to LoginAction.do, how do I map it in the applicationContext-acegi-security.xml file?
    Do I still need the security constraints and roles defined in the web.xml once I start using acegi or are they needed for struts?
    If a role was named S does it become ROLE_S in acegi?
    Thanks

  • #2
    I used to specify roles that can execute struts action in struts config, can I still use this feature?
    Yes of course, just add the
    Code:
    requestWrapper
    in your filter chain and
    Code:
    <bean id="requestWrapper" class="net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter"/>
    in your security context.xml file.
    Struts request processor will be able to call request.isUserInRole().

    Do I still need the security constraints and roles defined in the web.xml once I start using acegi or are they needed for struts?
    No you don't need those anymore because you won't have to use a REALM.
    Simply declare your security constraint in the acegi spring config file.

    If a role was named S does it become ROLE_S in acegi?
    No you are not forced to use ROLE_ prefix.
    In the bean that defines the
    Code:
    net.sf.acegisecurity.vote.RoleVoter
    simply define the property
    Code:
    <property name="rolePrefix"><value>null</value></property>
    (I'm not completly sure of the syntax because I find the ROLE_ prefix quite handy).
    Also as I don't use the j_acegi_security_check but my action on the form leads to LoginAction.do, how do I map it in the applicationContext-acegi-security.xml file?
    I guess I advice you to use acegi authentication mechanisms.
    Nothing prevents you to load your user profile the way you did before but in a servlet filter instead. Simply trigger your filter if the user is authenticated but your application user profile is null in the session.

    Hope it helps.
    I have written a very simple entry in my blog on migrating from a REALM to ACEGI

    Comment

    Working...
    X