Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

removed html versions of files converted to apt

This commit is contained in:
Luke Taylor 2006-10-29 20:11:09 +00:00
parent 6445be9532
commit 7969510d95
5 changed files with 0 additions and 599 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
src/site/resources/building.html
View File

@ -1,120 +0,0 @@
<!--
* ========================================================================
*
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Building</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Building Acegi Security System</h1>
<h2>Checking Out from Subversion (SVN)</h2>
<p>This project uses <a href="http://maven.apache.org">Maven</a> as project manager
and build tool. We recommend you to install Maven 1.0.2 or greater before trying
the following. <b>Note there are workarounds at the bottom of this page.</b></p>
<p>To checkout Acegi Security from SVN, see our
<a href="cvs-usage.html">CVS Usage</a> page.</p>
<h2>Quick Build</h2>
<p>Often people reading this document just want to see if Acegi Security will work
for their projects. They want to deploy a sample application, and that's about it
(after all, all the reference documentation can be read online at
<a href="http://acegisecurity.sourceforge.net">http://acegisecurity.sourceforge.net</a>).
In this case, execute:</p>
<ol>
<pre>cd $ACEGI_SECURITY/core (or cd %ACEGI_SECURITY%/core on Windows)</pre>
<pre>maven jar:install</pre>
<pre>cd $ACEGI_SECURITY/samples/contacts</pre>
<pre>maven multiwar:multiwar</pre>
<pre>copy $ACEGI_SECURITY/samples/contacts/target/acegi-security-sample-contacts-filter.war $YOUR_CONTAINER/webapps</pre>
</ol>
<p>Then load up your web container and visit
<a href="http://localhost:8080/acegi-security-sample-contacts-filter/">http://localhost:8080/acegi-security-sample-contacts-filter/</a>
(or whatever location is appropriate for your web container).</p>
<h2>Installing commons-attributes-plugin</h2>
<p>To properly integrate Commons Attributes with Maven (as required by
the <a href="/multiproject/acegi-security-sample-attributes/index.html">Attributes Sample</a>),
you need to install an additional plugin.</b></p>
<p>To install the <code>commons-attributes-plugin</code>, execute the following commands:</p>
<ol>
<pre>cd $ACEGI_SECURITY/doc</pre>
<pre>maven plugin:download
-DgroupId=commons-attributes
-DartifactId=commons-attributes-plugin
-Dversion=2.1</pre>
</ol>
<p>The second (final) command should be executed on a single line.</p>
<h2>Building All JARs</h2>
<p>Sometimes people are already using Acegi Security, and they just want to build the
latest code from CVS. To build all artifacts (JARs) and install them into
your local Maven repository, simply perform a CVS checkout and install the
<code>commons-attributes-plugin</code> (as detailed above), and then
execute:</p>
<ol>
<pre>cd $ACEGI_SECURITY/doc</pre>
<pre>maven multiproject:install</pre>
</ol>
<p>You can then check your <code>$HOME/.maven/repository/acegisecurity</code>
directory and it should contain all of the latest Acegi Security JARs.</p>
<h2>Building The Site</h2>
<p>By "site" we mean the web site you can browse at
<a href="http://acegisecurity.sourceforge.net">http://acegisecurity.sourceforge.net</a>,
which includes the reference documentation and all of the Maven reports.
If you'd like a local copy, simply execute:
<ol>
<pre>cd $ACEGI_SECURITY/doc</pre>
<pre>maven -Dpassword= changelog:create-cvspass</pre>
<pre>maven multiproject:clean multiproject:site
-Dmaven.jar.override=on
-Dmaven.jar.clover-ant=1.3.3_01
</pre>
</ol>
<p>As per the
<a href="http://maven.apache.org/reference/plugins/changelog/">Maven Changelog Plugin Documentation</a>,
you must tell the plugin the "anonymous CVS pserver" password is blank. This is
why there is the "create-cvspass" command shown above. You should only need to
do this once.</p>
<h2>Memory and Clover Workarounds</h2>
<p>If you get an <code>OutOfMemoryError</code>, simply execute the following before
calling Maven:</p>
<ol>
<pre>set MAVEN_OPTS=-Xmx1024m -XX:MaxPermSize=512m</pre>
</ol>
<p>If you get an <code>[ERROR] Invalid license: Invalid license file [E1202]</code>,
this is because the <code>maven-clover-plugin</code> is using an old version of
<code>clover-ant-xxx.jar</code>. Whilst Acegi Security's <code>project.properties</code>
specifies a newer version, subprojects have an inheritence problem and don't pick
this up (as of the time of writing). To workaround this issue, you need to
specify those override properties on the command line. For example, to execute the
Clover reports for the core subproject, you would do the following:</p>
<ol>
<pre>cd $ACEGI_SECURITY/core</pre>
<pre>maven clover:html-report -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01</pre>
</ol>
</body>
</html>

53
src/site/resources/cvs-usage.html
View File

@ -1,53 +0,0 @@
<!--
* ========================================================================
*
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>CVS usage</title>
<h1>CVS instructions for all modules</h1>
<p>This instructions are general, check the module documentation if you need concrete instructions. </p>
<p><em>modulename</em> can be for example:</p>
<ul>
<li>acegisecurity <em>(this will check out all modules) </em></li>
<li>acegisecurity/core/</li>
<li>acegisecurity/adapters/cas</li>
</ul>
<h2>Web Access</h2>
<p>
<a href="http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/">http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/</a>
</p><h2>Anonymous Access with Maven</h2>
<p> This project's CVS repository can be checked out through anonymous (pserver) CVS with the following instruction on a single line. </p>
<pre>maven scm:checkout-project
-Dmaven.scm.method=svn
-Dmaven.scm.svn.module=modulename
-Dmaven.scm.svn.root=scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity
-Dmaven.scm.checkout.dir=acegisecurity</pre>
<h2>Anonymous SVN Access</h2>
<p>
This project's SVN repository can be checked out through anonymous
SVN with the following instruction set.
</p><p>
svn co https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</p>
<h2>Nightly Snapshots</h2>
<p>If you'd prefer not to use SVN directly, please see our <a href="downloads.html">downloads page</a> for nightly snapshots.</p>
</html>

71
src/site/resources/downloads.html
View File

@ -1,71 +0,0 @@
<!--
* ========================================================================
*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Acegi Security Downloads</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Acegi Security Downloads</h1>
<p>If you wish to try out this project, you are probably looking for the
<strong>acegi-security-xx.zip</strong> file, which contains all of the officially
released JARs, a copy of all documentation, and two WAR artifacts. The two WAR artifacts
are from the Contacts Sample and the Tutorial Sample application. The Tutorial Sample
consists of a "bare bones" configuration that will get you up and running quickly, whereas
the Contacts Sample illustrates more advanced features.</p>
<p>Please note that in order to reduce download size, we only include in the
release ZIP one of the WAR artifacts produced by the Contacts Sample application.
The WAR artifact we include is suitable for standalone deployment (specifically, it
does not require a CAS server, container adapter, X509 or LDAP setup). The official release ZIP
therefore probably contains what you need, especially if you're initially
evaluating the project. If you wish to deploy the other WAR artifacts produced by
the Contacts Sample application (ie those that target CAS, container adapters, X509 or LDAP usage),
you will need to build Acegi Security from source.
<p>The acegi-security-xx-src.zip is intended for use with IDEs. It does not contain the
files needed to compile Acegi Security. It also does not contain the sources to the
sample applications. If you need any of these files, please download from SVN.</p>
<h2>Official Releases</h2>
<p>The official release ZIP files are available from the
<a href="http://sourceforge.net/project/showfiles.php?group_id=104215">Sourceforge File Release System</a>.</p>
<h2>Maven Dependencies</h2>
<p>The Acegi Security JARs are also available via the
<a href="http://www.ibiblio.org/maven/acegisecurity">iBiblio Maven Repository</a>.</p>
<h2>Building From Source</h2>
<p>Detailed instructions on downloading from CVS and building from source
are provided on the <a href="building.html">Building with Maven</a>
page.</p>
<h2>SVN Snapshots and Daily Builds</h2>
<p>
If you don't wish to access SVN directly, we provide
<a href="http://acegisecurity.sourceforge.net/nightly/">nightly SVN exports</a> for your convenience.
There is also an automated build which uploads bundle of Acegi Security jar files to the same location.
Both binary and source archives have the date of the build and the SVN revision number appended to the filename,
so you can match them up easily.
</p>
</body>
</html>

222
src/site/resources/petclinic-tutorial.html
View File

@ -1,222 +0,0 @@
<html>
<head>
<title>Tutorial: Adding Security to Spring Petclinic</title>
</head>
<body>
<h1>Tutorial: Adding Security to Spring Petclinic</h1>
<h2>Preparation</h2>
<p>To complete this tutorial, you will require a servlet container (such as Tomcat)
and a general understanding of using Spring without Acegi Security. The Petclinic
sample itself is part of Spring and should help you learn Spring. We suggest you
only try to learn one thing at a time, and start with Spring/Petclinic before
Acegi Security.
</p>
<p>
You will also need to download:
<ul>
<li>Spring 2.0 M4 with dependencies ZIP file</li>
<li>Acegi Security 1.0.0</li>
</ul>
</p>
<p>
Unzip both files. After unzipping Acegi Security, you'll need to unzip the
acegi-security-sample-tutorial.war file, because we need some files that are
included within it. In the code below, we'll refer to the respective unzipped
locations as %spring% and %acegi% (with the latter variable referring to the
unzipped WAR, not the original ZIP). There is no need to setup any environment
variables to complete the tutorial.
</p>
<h2>Add required Acegi Security files to Petclinic</h2>
<p>
We now need to put some extra files into Petclinic. The following commands should work:
<pre>
mkdir %spring%\samples\petclinic\war\WEB-INF\lib
copy %acegi%\acegilogin.jsp %spring%\samples\petclinic\war
copy %acegi%\accessDenied.jsp %spring%\samples\petclinic\war
copy %acegi%\WEB-INF\users.properties %spring%\samples\petclinic\war\WEB-INF
copy %acegi%\WEB-INF\applicationContext-acegi-security.xml %spring%\samples\petclinic\war\WEB-INF
copy %acegi%\WEB-INF\lib\acegi-security-1.0.0.jar %spring%\samples\petclinic\war\WEB-INF\lib
copy %acegi%\WEB-INF\lib\oro-2.0.8.jar %spring%\samples\petclinic\war\WEB-INF\lib
copy %acegi%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WEB-INF\lib
</pre>
</p>
<h2>Configure Petclinic's files</h2>
<p>Edit %spring%\samples\petclinic\war\WEB-INF\web.xml and insert the following block of code.
<pre>
&lt;filter&gt;
&lt;filter-name&gt;Acegi Filter Chain Proxy&lt;/filter-name&gt;
&lt;filter-class&gt;org.acegisecurity.util.FilterToBeanProxy&lt;/filter-class&gt;
&lt;init-param&gt;
&lt;param-name&gt;targetClass&lt;/param-name&gt;
&lt;param-value&gt;org.acegisecurity.util.FilterChainProxy&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;/filter&gt;
&lt;filter-mapping&gt;
&lt;filter-name&gt;Acegi Filter Chain Proxy&lt;/filter-name&gt;
&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;
</pre>
Next, locate the "contextConfigLocation" parameter, and add a new line into the existing param-value.
The resulting block will look like this:
<pre>
&lt;context-param&gt;
&lt;param-name&gt;contextConfigLocation&lt;/param-name&gt;
&lt;param-value&gt;
/WEB-INF/applicationContext-jdbc.xml
/WEB-INF/applicationContext-acegi-security.xml
&lt;/param-value&gt;
&lt;/context-param&gt;
</pre>
</p>
<p>
To make it easier to experiment with the application, now edit
%spring%\samples\petclinic\war\WEB-INF\jsp\footer.jsp. Add a new "logout" link, as shown:
<pre>
&lt;table style="width:100%"&gt;&lt;tr&gt;
&lt;td&gt;&lt;A href="&lt;c:url value="/welcome.htm"/&gt;"&gt;Home&lt;/A&gt;&lt;/td&gt;
&lt;td&gt;&lt;A href="&lt;c:url value="/j_acegi_logout"/&gt;"&gt;Logout&lt;/A&gt;&lt;/td&gt;
&lt;td style="text-align:right;color:silver"&gt;PetClinic :: a Spring Framework demonstration&lt;/td&gt;
&lt;/tr&gt;&lt;/table&gt;
</pre>
</p>
<p>
Our last step is to specify which URLs require authorization and which do not. Let's
edit %spring%\samples\petclinic\war\WEB-INF\applicationContext-acegi-security.xml.
Locate the bean definition for FilterSecurityInterceptor. Edit its objectDefinitionSource
property so that it reflects the following:
<pre>
&lt;property name="objectDefinitionSource"&gt;
&lt;value&gt;
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
/**=IS_AUTHENTICATED_REMEMBERED
&lt;/value&gt;
&lt;/property&gt;
</pre>
</p>
<h2>Start Petclinic's database</h2>
<p>Start the Hypersonic server (this is just normal Petclinic configuration):
<pre>
cd %spring%\samples\petclinic\db\hsqldb
server
</pre>
</p>
<p>
Insert some data (again, normal Petclinic configuration):
<pre>
cd %spring%\samples\petclinic
build setupDB
</pre>
</p>
<h2>Build and deploy the Petclinic WAR file</h2>
<p>
Use Petclinic's Ant build script and deploy to your servlet container:
<pre>
cd %spring%\samples\petclinic
build warfile
copy dist\petclinic.war %TOMCAT_HOME%\webapps
</pre>
</p>
<p>Finally, start your container and try to visit the home page.
Your request should be intercepted and you will be forced to login.</p>
<h2>Optional Bonus: Securing the Middle Tier</h2>
<p>
Whilst you've now secured your web requests, you might want to stop users
from being able to add clinic visits unless authorized. We'll make it so
you need to hold ROLE_SUPERVISOR to add a clinic visit.
</p>
<p>
In %spring%\samples\petclinic\war\WEB-INF\applicationContext-jdbc.xml, locate
the TransactionProxyFactoryBean definition. Add an additional property after
the existing "preInterceptors" property:
<pre>
&lt;property name="postInterceptors" ref="methodSecurityInterceptor"/&gt;
</pre>
</p>
<p>
Finally, we need to add in the referred-to "methodSecurityInterceptor" bean definition.
So pop an extra bean definition in, as shown below:
<pre>
&lt;bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"&gt;
&lt;property name="authenticationManager"&gt;&lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
&lt;property name="accessDecisionManager"&gt;
&lt;bean class="org.acegisecurity.vote.AffirmativeBased"&gt;
&lt;property name="allowIfAllAbstainDecisions" value="false"/&gt;
&lt;property name="decisionVoters"&gt;
&lt;list&gt;
&lt;bean class="org.acegisecurity.vote.RoleVoter"/&gt;
&lt;bean class="org.acegisecurity.vote.AuthenticatedVoter"/&gt;
&lt;/list&gt;
&lt;/property&gt;
&lt;/bean&gt;
&lt;/property&gt;
&lt;property name="objectDefinitionSource"&gt;
&lt;value&gt;
org.springframework.samples.petclinic.Clinic.*=IS_AUTHENTICATED_REMEMBERED
org.springframework.samples.petclinic.Clinic.storeVisit=ROLE_SUPERVISOR
&lt;/value&gt;
&lt;/property&gt;
&lt;/bean&gt;
</pre>
</p>
<p>
Redeploy your web application. Use the earlier process to do that. Be careful to
ensure that the old Petclinic WAR is replaced by the new Petclinic WAR in your
servlet container. Login as "marissa", who has ROLE_SUPERVISOR. You will be able to
then view a customer and add a visit. Logout, then login as anyone other than Marissa.
You will receive an access denied error when you attempt to add a visit.
</p>
<p>
To clean things up a bit, you might want to wrap up by hiding the "add visit" link
unless you are authorized to use it. Acegi Security provides a tag library to help
you do that. Edit %spring%\samples\petclinic\war\WEB-INF\jsp\owner.jsp. Add
the following line to the top of the file:
<pre>
&lt;%@ taglib prefix="authz" uri="http://acegisecurity.org/authz" %&gt;
</pre>
Next, scroll down and find the link to "add visit". Modify it as follows:
<pre>
&lt;authz:authorize ifAllGranted="ROLE_SUPERVISOR"&gt;
&lt;FORM method=GET action="&lt;c:url value="/addVisit.htm"/&gt;" name="formVisitPet&lt;c:out value="${pet.id}"/&gt;"&gt;
&lt;INPUT type="hidden" name="petId" value="&lt;c:out value="${pet.id}"/&gt;"/&gt;
&lt;INPUT type="submit" value="Add Visit"/&gt;
&lt;/FORM&gt;
&lt;/authz:authorize&gt;
</pre>
</p>
<h2>What now?</h2>
<p>
These steps can be applied to your own application. Although we do suggest
that you visit <a href="http://acegisecurity.org">http://acegisecurity.org</a>
and in particular review the "Suggested Steps" for getting started with Acegi
Security. The suggested steps are optimized for learning Acegi Security quickly
and applying it to your own projects. It also includes realistic time estimates
for each step so you can plan your integration activities.</p>
</body>
</html>

133
src/site/resources/suggested.html
View File

@ -1,133 +0,0 @@
<!--
* ========================================================================
*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Acegi Security Suggested Steps</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Suggested Steps</h1>
<p>Presented below are the steps we encourage you to take in order to gain the most
out of Acegi Security in a realistic timeframe.
<ol>
<li>
First of all, deploy the "Tutorial Sample", which is included in the main distribution
ZIP file. The sample doesn't do a great deal, but it does give you a template that can
be quickly and easily used to integrate into your own project.<br><br>
Estimated time: 30 minutes.<br><br>
</li>
<li>
Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which
covers how to add Acegi Security to the commonly-used Petclinic sample application
that ships with Spring. This will give you a hands-on approach to integrating
Acegi Security into your own application.<br><br>
Estimated time: 1 hour.<br><br>
</li>
<li>
Next, review the <a href="reference.html">Reference Guide</a>, and in particular
Part I. It has been designed to give you a solid overview. Go through the beans
defined in the "Tutorial Sample" and understand their main purpose within the overall
framework. Once you understand this, you'll have no difficulty moving on to more
complex examples. You can also experiment in the Petclinic tutorial that you
implemented in the last step.<br><br>
Estimated time: 1 day.<br><br>
</li>
<li>
If you have relatively simple security needs, you can probably start to integrate
Acegi Security into your application at this point. Just use the "Tutorial Sample"
as your basis (now that you understand how it works). Those with more complicated
requirements should review the "Contacts Sample" application.
This will probably involve deploying <code>acegi-security-sample-contacts-filter.war</code>,
which is also included in the release ZIP file.<br><br>
The purpose of understanding the "Contacts Sample" is to get a better feel for how method
security is implemented, particularly with domain object access control lists. This will
really round-out the rest of the framework for you.<br><br>
The actual <a target="_blank" class="newWindow" href="multiproject/acegi-security-sample-contacts/xref/index.html">java code</a>
is a completely standard Spring application, except <code>ContactManagerBackend</code>
which shows how we create and delete ACL permissions. The rest of the Java code has no
security awareness, with all security services being declared in the XML files
(don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container
declarations or the stock-standard <code>web.xml</code>). The main
XML files to review are
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp),
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>,
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <code>contactManagerSecurity</code> to the services layer target bean), and
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp).
The XML definitions are comprehensively discussed in the
<a href="reference.html">Reference Guide</a>.
<br><br>
Please note the release ZIP files do not include the sample application Java source code. You
will need to download from SVN if you would like to access the Java sources.<br><br>
Estimated time: 1-2 days.<br><br>
</li>
<li>By now you will have a good grasp on how Acegi Security works, and all that is left to
do is design your own application's implementation.
<br><br>
We strongly recommend that you start your actual integration with the "Tutorial Sample".
Don't start by integrating with the "Contacts Sample", even if you have complex needs.
Most people reporting problems on the forums do so because of a configuration problem,
as they're trying to make far too many changes at once without really knowing what
they're doing. Instead, make changes one at a time, starting from the bare bones configuration
provided by the "Tutorial Sample".<br><br>
If you've followed the steps above, and refer back to the
<a href="reference.html">Reference Guide</a>,
<a href="http://www.springframework.org">forums</a>, and
<a href="faq.html">FAQ</a>
for help, you'll find it pretty easy to implement Acegi Security in your application.
Most importantly, you'll be using a security framework that offers you complete container
portability, flexibility, and community support - without needing to write and maintain your
own code.<br><br>
Estimated time: 1-5 days.<br><br>
</br>
</li>
</ol>
<p>Please note the time estimates are just that: estimates. They will vary considerably depending
on how much experience you have, particularly with Java and Spring. They will also vary depending
on how complex your intended security-enabled application will be. Some people need to push the domain
object instance access control list capabilities to the maximum, whilst others don't even need anything
beyond web request security. The good thing is Acegi Security will either directly support your future
needs, or provide a clearly-defined extension point for addressing them.
<p>
We welcome your feedback about how long it has actually taken you to complete each step, so we
can update this page and help new users better assess their project timetables in the future.
Any other tips on what you found helpful in learning Acegi Security are also very welcome.
</body>
</html>