From 1849597775bbdc8883651815f9964c7836dbe249 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Tue, 30 May 2006 14:54:08 +0000
Subject: [PATCH] Add new Petclinic tutorial.

---
 doc/xdocs/navigation.xml          |   1 +
 doc/xdocs/petclinic-tutorial.html | 149 ++++++++++++++++++++++++++++++
 doc/xdocs/suggested.html          |  14 ++-
 3 files changed, 162 insertions(+), 2 deletions(-)
 create mode 100644 doc/xdocs/petclinic-tutorial.html

diff --git a/doc/xdocs/navigation.xml b/doc/xdocs/navigation.xml
index c29823d38c..b8dd57c905 100644
--- a/doc/xdocs/navigation.xml
+++ b/doc/xdocs/navigation.xml
@@ -38,6 +38,7 @@
       <item name="Reference Guide" href="reference.html"/>
       <item name="Sample SQL Schema" href="dbinit.txt"/>
       <item name="FAQ" href="faq.html"/>
+      <item name="Petclinic Tutorial" href="petclinic-tutorial.html"/>
       <item name="External Web Articles" href="articles.html"/>
       <item name="Products using Acegi" href="powering.html"/>
       <item name="Use without Spring" href="standalone.html"/>
diff --git a/doc/xdocs/petclinic-tutorial.html b/doc/xdocs/petclinic-tutorial.html
new file mode 100644
index 0000000000..4554d342dc
--- /dev/null
+++ b/doc/xdocs/petclinic-tutorial.html
@@ -0,0 +1,149 @@
+<html>
+<head>
+<title>Tutorial: Adding Security to Spring Petclinic</title>
+</head>
+
+<body>
+<h1>Tutorial: Adding Security to Spring Petclinic</h1>
+<h2>Background requirements</h2>
+
+<p>To complete this tutorial, you will require a servlet container (such as Tomcat)
+and a general understanding of using Spring without Acegi Security. The Petclinic
+sample itself is part of Spring and should help you learn Spring. We suggest you
+only try to learn one thing at a time, and start with Spring/Petclinic before
+Acegi Security.
+</p>
+
+<h2>Download</h2>
+<ul>
+<li>Spring 2.0 M4 with dependencies ZIP file</li>
+<li>Acegi Security 1.0.0</li>
+</ul>
+
+<p>
+Unzip both files. After unzipping Acegi Security, you'll need to unzip the
+acegi-security-sample-tutorial.war file, because we need some files that are
+included within it. In the code below, we'll refer to the respective unzipped
+locations as %spring% and %acegi% (with the latter variable referring to the
+unzipped WAR, not the original ZIP). There is no need to setup any environment
+variables to complete the tutorial.
+</p>
+
+<h2>Setup database</h2>
+
+<p>Start the Hypersonic server (this is just normal Petclinic configuration):
+<pre>
+cd %spring%\samples\petclinic\db\hsqldb
+server
+</pre>
+</p>
+
+<p>
+Insert some data (again, normal Petclinic configuration):
+<pre>
+cd %spring%\samples\petclinic
+build setupDB
+</pre>
+</p>
+
+<h2>Setup Petclinic's web.xml</h2>
+
+<p>Edit %spring%\samples\petclinic\war\WEB-INF\web.xml and insert the following block of code.
+<pre>
+    &lt;filter&gt;
+        &lt;filter-name&gt;Acegi Filter Chain Proxy&lt;/filter-name&gt;
+        &lt;filter-class&gt;org.acegisecurity.util.FilterToBeanProxy&lt;/filter-class&gt;
+        &lt;init-param&gt;
+            &lt;param-name&gt;targetClass&lt;/param-name&gt;
+            &lt;param-value&gt;org.acegisecurity.util.FilterChainProxy&lt;/param-value&gt;
+        &lt;/init-param&gt;
+    &lt;/filter&gt;
+
+    &lt;filter-mapping&gt;
+      &lt;filter-name&gt;Acegi Filter Chain Proxy&lt;/filter-name&gt;
+      &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+    &lt;/filter-mapping&gt;
+</pre>
+Next, locate the "contextConfigLocation" parameter, and add a new line into the existing param-value.
+The resulting block will look like this:
+<pre>
+&lt;context-param&gt;
+	&lt;param-name&gt;contextConfigLocation&lt;/param-name&gt;
+	&lt;param-value&gt;
+		/WEB-INF/applicationContext-jdbc.xml
+		/WEB-INF/applicationContext-acegi-security.xml
+	&lt;/param-value&gt;
+&lt;/context-param&gt;
+</pre>
+</p>
+
+<h2>Add the necessary files</h2>
+
+<p>
+We now need to put some extra files into Petclinic. The following commands should work:
+<pre>
+copy %acegi%\acegilogin.jsp %spring%\samples\petclinic\war
+copy %acegi%\WEB-INF\users.properties %spring%\samples\petclinic\war\WEB-INF
+copy %acegi%\WEB-INF\applicationContext-acegi-security.xml %spring%\samples\petclinic\war\WEB-INF
+copy %acegi%\WEB-INF\lib\acegi-security-1.0.0.jar %spring%\samples\petclinic\war\WEB-INF\lib
+copy %acegi%\WEB-INF\lib\oro-2.0.8.jar %spring%\samples\petclinic\war\WEB-INF\lib
+copy %acegi%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WEB-INF\lib
+</pre>
+</p>
+
+<p>
+To make it easier to experiment with the application, let's edit
+%spring%\samples\petclinic\war\WEB-INF\jsp\footer.jsp. Add a new "logout" link, as shown:
+<pre>
+	&lt;table style="width:100%"&gt;&lt;tr&gt;
+		&lt;td&gt;&lt;A href="&lt;c:url value="/welcome.htm"/&gt;"&gt;Home&lt;/A&gt;&lt;/td&gt;
+		&lt;td&gt;&lt;A href="&lt;c:url value="/j_acegi_logout"/&gt;"&gt;Logout&lt;/A&gt;&lt;/td&gt;
+		&lt;td style="text-align:right;color:silver"&gt;PetClinic :: a Spring Framework demonstration&lt;/td&gt;
+	&lt;/tr&gt;&lt;/table&gt;
+
+</pre>
+
+</p>
+
+<h2>Modify the allowed URLs</h2>
+
+<p>
+Our last step is to specify which URLs require authorization and which do not. Let's
+edit %spring%\samples\petclinic\war\WEB-INF\applicationContext-acegi-security.xml.
+Scroll to the bottom and locate the bean definition for FilterSecurityInterceptor.
+Edit its objectDefinitionSource property so that it reflects the following:
+<pre>
+		&lt;property name="objectDefinitionSource"&gt;
+			&lt;value&gt;
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
+				/**=IS_AUTHENTICATED_REMEMBERED
+			&lt;/value&gt;
+		&lt;/property&gt;
+</pre>
+</p>
+
+<h2>Build and deploy the Petclinic WAR file</h2>
+
+<p>
+Use the Ant build and deploy to your servlet container:
+<pre>
+cd %spring%\samples\petclinic
+build warfile
+copy dist\petclinic.war %TOMCAT_HOME%\webapps
+</pre>
+</p>
+
+<p>Finally, start your container and try to visit the home page.
+Your request should be intercepted and you will be forced to login.</p>
+
+<h2>What now?</h2>
+<p>
+These steps can be applied to your own application. Although we do suggest
+that you visit <a href="http://acegisecurity.org">http://acegisecurity.org</a>
+and in particular review the "Suggested Steps" for getting started with Acegi
+Security.</p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/doc/xdocs/suggested.html b/doc/xdocs/suggested.html
index e75c134ff1..4fd9f2aa9d 100644
--- a/doc/xdocs/suggested.html
+++ b/doc/xdocs/suggested.html
@@ -36,7 +36,16 @@
     ZIP file. The sample doesn't do a great deal, but it does give you a template that can
     be quickly and easily used to integrate into your own project.<br><br>
 
-	Estimated time: 30 minutes - 2 hours.<br><br>
+	Estimated time: 30 minutes.<br><br>
+	</li>
+	
+    <li>
+    Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which
+    covers how to add Acegi Security to the commonly-used Petclinic sample application
+    that ships with Spring. This will give you a hands-on approach to integrating
+    Acegi Security into your own application.<br><br>
+
+	Estimated time: 1 hour.<br><br>
 	</li>
 	
 	<li>
@@ -44,7 +53,8 @@
 	Part I. It has been designed to give you a solid overview. Go through the beans
 	defined in the "Tutorial Sample" and understand their main purpose within the overall
 	framework. Once you understand this, you'll have no difficulty moving on to more
-	complex examples.<br><br>
+	complex examples. You can also experiment in the Petclinic tutorial that you
+	implemented in the last step.<br><br>
 
 	Estimated time: 1 day.<br><br>
 	</li>