From 7969510d95da589cb9892a1efa9b4b6a018f52b3 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sun, 29 Oct 2006 20:11:09 +0000 Subject: [PATCH] removed html versions of files converted to apt --- src/site/resources/building.html | 120 ----------- src/site/resources/cvs-usage.html | 53 ----- src/site/resources/downloads.html | 71 ------- src/site/resources/petclinic-tutorial.html | 222 --------------------- src/site/resources/suggested.html | 133 ------------ 5 files changed, 599 deletions(-) delete mode 100644 src/site/resources/building.html delete mode 100644 src/site/resources/cvs-usage.html delete mode 100644 src/site/resources/downloads.html delete mode 100644 src/site/resources/petclinic-tutorial.html delete mode 100644 src/site/resources/suggested.html diff --git a/src/site/resources/building.html b/src/site/resources/building.html deleted file mode 100644 index fe213c1aed..0000000000 --- a/src/site/resources/building.html +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - -Building - - - - -

Building Acegi Security System

-

Checking Out from Subversion (SVN)

-

This project uses Maven as project manager - and build tool. We recommend you to install Maven 1.0.2 or greater before trying - the following. Note there are workarounds at the bottom of this page.

-

To checkout Acegi Security from SVN, see our - CVS Usage page.

- -

Quick Build

-

Often people reading this document just want to see if Acegi Security will work - for their projects. They want to deploy a sample application, and that's about it - (after all, all the reference documentation can be read online at - http://acegisecurity.sourceforge.net). - In this case, execute:

-
    - 
    cd $ACEGI_SECURITY/core (or cd %ACEGI_SECURITY%/core on Windows)
    - 
    maven jar:install
    - 
    cd $ACEGI_SECURITY/samples/contacts
    - 
    maven multiwar:multiwar
    - 
    copy $ACEGI_SECURITY/samples/contacts/target/acegi-security-sample-contacts-filter.war $YOUR_CONTAINER/webapps
    -
-

Then load up your web container and visit - http://localhost:8080/acegi-security-sample-contacts-filter/ - (or whatever location is appropriate for your web container).

- -

Installing commons-attributes-plugin

-

To properly integrate Commons Attributes with Maven (as required by - the Attributes Sample), - you need to install an additional plugin.

-

To install the commons-attributes-plugin, execute the following commands:

-
    - 
    cd $ACEGI_SECURITY/doc
    - 
    maven plugin:download
-    -DgroupId=commons-attributes
-    -DartifactId=commons-attributes-plugin
-    -Dversion=2.1
    -
-

The second (final) command should be executed on a single line.

- -

Building All JARs

-

Sometimes people are already using Acegi Security, and they just want to build the - latest code from CVS. To build all artifacts (JARs) and install them into - your local Maven repository, simply perform a CVS checkout and install the - commons-attributes-plugin (as detailed above), and then - execute:

-
    - 
    cd $ACEGI_SECURITY/doc
    - 
    maven multiproject:install
    -
-

You can then check your $HOME/.maven/repository/acegisecurity - directory and it should contain all of the latest Acegi Security JARs.

- -

Building The Site

-

By "site" we mean the web site you can browse at - http://acegisecurity.sourceforge.net, - which includes the reference documentation and all of the Maven reports. - If you'd like a local copy, simply execute: -

    - 
    cd $ACEGI_SECURITY/doc
    - 
    maven -Dpassword= changelog:create-cvspass
    - 
    maven    multiproject:clean multiproject:site
-	-Dmaven.jar.override=on 
-	-Dmaven.jar.clover-ant=1.3.3_01 
-
    -
-

As per the - Maven Changelog Plugin Documentation, - you must tell the plugin the "anonymous CVS pserver" password is blank. This is - why there is the "create-cvspass" command shown above. You should only need to - do this once.

- -

Memory and Clover Workarounds

-

If you get an OutOfMemoryError, simply execute the following before - calling Maven:

-
    - 
    set MAVEN_OPTS=-Xmx1024m -XX:MaxPermSize=512m
    -
-

If you get an [ERROR] Invalid license: Invalid license file [E1202], - this is because the maven-clover-plugin is using an old version of - clover-ant-xxx.jar. Whilst Acegi Security's project.properties - specifies a newer version, subprojects have an inheritence problem and don't pick - this up (as of the time of writing). To workaround this issue, you need to - specify those override properties on the command line. For example, to execute the - Clover reports for the core subproject, you would do the following:

-
    - 
    cd $ACEGI_SECURITY/core
    - 
    maven clover:html-report -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01
    -
- - - diff --git a/src/site/resources/cvs-usage.html b/src/site/resources/cvs-usage.html deleted file mode 100644 index 0c00362432..0000000000 --- a/src/site/resources/cvs-usage.html +++ /dev/null @@ -1,53 +0,0 @@ - - - - - -CVS usage -

CVS instructions for all modules

-

This instructions are general, check the module documentation if you need concrete instructions.

-

modulename can be for example:

- -

Web Access

-

- http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/ -

Anonymous Access with Maven

-

This project's CVS repository can be checked out through anonymous (pserver) CVS with the following instruction on a single line.

-
maven scm:checkout-project
-    -Dmaven.scm.method=svn
-    -Dmaven.scm.svn.module=modulename
-    -Dmaven.scm.svn.root=scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity
-    -Dmaven.scm.checkout.dir=acegisecurity
-

Anonymous SVN Access

-

- This project's SVN repository can be checked out through anonymous - SVN with the following instruction set. -

- svn co https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity

- -

Nightly Snapshots

-

If you'd prefer not to use SVN directly, please see our downloads page for nightly snapshots.

- - \ No newline at end of file diff --git a/src/site/resources/downloads.html b/src/site/resources/downloads.html deleted file mode 100644 index df2827c104..0000000000 --- a/src/site/resources/downloads.html +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - -Acegi Security Downloads - - - - -

Acegi Security Downloads

-

If you wish to try out this project, you are probably looking for the - acegi-security-xx.zip file, which contains all of the officially - released JARs, a copy of all documentation, and two WAR artifacts. The two WAR artifacts - are from the Contacts Sample and the Tutorial Sample application. The Tutorial Sample - consists of a "bare bones" configuration that will get you up and running quickly, whereas - the Contacts Sample illustrates more advanced features.

- -

Please note that in order to reduce download size, we only include in the - release ZIP one of the WAR artifacts produced by the Contacts Sample application. - The WAR artifact we include is suitable for standalone deployment (specifically, it - does not require a CAS server, container adapter, X509 or LDAP setup). The official release ZIP - therefore probably contains what you need, especially if you're initially - evaluating the project. If you wish to deploy the other WAR artifacts produced by - the Contacts Sample application (ie those that target CAS, container adapters, X509 or LDAP usage), - you will need to build Acegi Security from source. - -

The acegi-security-xx-src.zip is intended for use with IDEs. It does not contain the - files needed to compile Acegi Security. It also does not contain the sources to the - sample applications. If you need any of these files, please download from SVN.

- -

Official Releases

-

The official release ZIP files are available from the - Sourceforge File Release System.

-

Maven Dependencies

-

The Acegi Security JARs are also available via the - iBiblio Maven Repository.

-

Building From Source

-

Detailed instructions on downloading from CVS and building from source - are provided on the Building with Maven - page.

-

SVN Snapshots and Daily Builds

-

- If you don't wish to access SVN directly, we provide - nightly SVN exports for your convenience. - There is also an automated build which uploads bundle of Acegi Security jar files to the same location. - Both binary and source archives have the date of the build and the SVN revision number appended to the filename, - so you can match them up easily. -

- - - diff --git a/src/site/resources/petclinic-tutorial.html b/src/site/resources/petclinic-tutorial.html deleted file mode 100644 index 7b8dc85890..0000000000 --- a/src/site/resources/petclinic-tutorial.html +++ /dev/null @@ -1,222 +0,0 @@ - - -Tutorial: Adding Security to Spring Petclinic - - - -

Tutorial: Adding Security to Spring Petclinic

- -

Preparation

- -

To complete this tutorial, you will require a servlet container (such as Tomcat) -and a general understanding of using Spring without Acegi Security. The Petclinic -sample itself is part of Spring and should help you learn Spring. We suggest you -only try to learn one thing at a time, and start with Spring/Petclinic before -Acegi Security. -

- -

-You will also need to download: -

-

- -

-Unzip both files. After unzipping Acegi Security, you'll need to unzip the -acegi-security-sample-tutorial.war file, because we need some files that are -included within it. In the code below, we'll refer to the respective unzipped -locations as %spring% and %acegi% (with the latter variable referring to the -unzipped WAR, not the original ZIP). There is no need to setup any environment -variables to complete the tutorial. -

- -

Add required Acegi Security files to Petclinic

- -

-We now need to put some extra files into Petclinic. The following commands should work: -

-mkdir %spring%\samples\petclinic\war\WEB-INF\lib
-copy %acegi%\acegilogin.jsp %spring%\samples\petclinic\war
-copy %acegi%\accessDenied.jsp %spring%\samples\petclinic\war
-copy %acegi%\WEB-INF\users.properties %spring%\samples\petclinic\war\WEB-INF
-copy %acegi%\WEB-INF\applicationContext-acegi-security.xml %spring%\samples\petclinic\war\WEB-INF
-copy %acegi%\WEB-INF\lib\acegi-security-1.0.0.jar %spring%\samples\petclinic\war\WEB-INF\lib
-copy %acegi%\WEB-INF\lib\oro-2.0.8.jar %spring%\samples\petclinic\war\WEB-INF\lib
-copy %acegi%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WEB-INF\lib
-
-

- -

Configure Petclinic's files

- -

Edit %spring%\samples\petclinic\war\WEB-INF\web.xml and insert the following block of code. -

-<filter>
-  <filter-name>Acegi Filter Chain Proxy</filter-name>
-  <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
-  <init-param>
-    <param-name>targetClass</param-name>
-    <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
-  </init-param>
-</filter>
-
-<filter-mapping>
-  <filter-name>Acegi Filter Chain Proxy</filter-name>
-  <url-pattern>/*</url-pattern>
-</filter-mapping>
-
-Next, locate the "contextConfigLocation" parameter, and add a new line into the existing param-value. -The resulting block will look like this: -
-<context-param>
-  <param-name>contextConfigLocation</param-name>
-  <param-value>
-    /WEB-INF/applicationContext-jdbc.xml
-    /WEB-INF/applicationContext-acegi-security.xml
-  </param-value>
-</context-param>
-
-

- -

-To make it easier to experiment with the application, now edit -%spring%\samples\petclinic\war\WEB-INF\jsp\footer.jsp. Add a new "logout" link, as shown: -

-<table style="width:100%"><tr>
-  <td><A href="<c:url value="/welcome.htm"/>">Home</A></td>
-  <td><A href="<c:url value="/j_acegi_logout"/>">Logout</A></td>
-  <td style="text-align:right;color:silver">PetClinic :: a Spring Framework demonstration</td>
-</tr></table>
-
-

- -

-Our last step is to specify which URLs require authorization and which do not. Let's -edit %spring%\samples\petclinic\war\WEB-INF\applicationContext-acegi-security.xml. -Locate the bean definition for FilterSecurityInterceptor. Edit its objectDefinitionSource -property so that it reflects the following: -

-<property name="objectDefinitionSource">
-  <value>
-    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-    PATTERN_TYPE_APACHE_ANT
-    /acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
-    /**=IS_AUTHENTICATED_REMEMBERED
-  </value>
-</property>
-
-

- -

Start Petclinic's database

- -

Start the Hypersonic server (this is just normal Petclinic configuration): -

-cd %spring%\samples\petclinic\db\hsqldb
-server
-
-

- -

-Insert some data (again, normal Petclinic configuration): -

-cd %spring%\samples\petclinic
-build setupDB
-
-

- - -

Build and deploy the Petclinic WAR file

- -

-Use Petclinic's Ant build script and deploy to your servlet container: -

-cd %spring%\samples\petclinic
-build warfile
-copy dist\petclinic.war %TOMCAT_HOME%\webapps
-
-

- -

Finally, start your container and try to visit the home page. -Your request should be intercepted and you will be forced to login.

- -

Optional Bonus: Securing the Middle Tier

-

-Whilst you've now secured your web requests, you might want to stop users -from being able to add clinic visits unless authorized. We'll make it so -you need to hold ROLE_SUPERVISOR to add a clinic visit. -

- -

-In %spring%\samples\petclinic\war\WEB-INF\applicationContext-jdbc.xml, locate -the TransactionProxyFactoryBean definition. Add an additional property after -the existing "preInterceptors" property: -

-<property name="postInterceptors" ref="methodSecurityInterceptor"/>
-
-

- -

-Finally, we need to add in the referred-to "methodSecurityInterceptor" bean definition. -So pop an extra bean definition in, as shown below: -

-<bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
-  <property name="authenticationManager"><ref bean="authenticationManager"/></property>
-  <property name="accessDecisionManager">
-    <bean class="org.acegisecurity.vote.AffirmativeBased">
-      <property name="allowIfAllAbstainDecisions" value="false"/>
-      <property name="decisionVoters">
-        <list>
-          <bean class="org.acegisecurity.vote.RoleVoter"/>
-          <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
-        </list>
-      </property>
-    </bean>
-  </property>
-  <property name="objectDefinitionSource">
-    <value>
-      org.springframework.samples.petclinic.Clinic.*=IS_AUTHENTICATED_REMEMBERED
-      org.springframework.samples.petclinic.Clinic.storeVisit=ROLE_SUPERVISOR
-    </value>
-  </property>
-</bean>
-
-

- -

-Redeploy your web application. Use the earlier process to do that. Be careful to -ensure that the old Petclinic WAR is replaced by the new Petclinic WAR in your -servlet container. Login as "marissa", who has ROLE_SUPERVISOR. You will be able to -then view a customer and add a visit. Logout, then login as anyone other than Marissa. -You will receive an access denied error when you attempt to add a visit. -

- -

-To clean things up a bit, you might want to wrap up by hiding the "add visit" link -unless you are authorized to use it. Acegi Security provides a tag library to help -you do that. Edit %spring%\samples\petclinic\war\WEB-INF\jsp\owner.jsp. Add -the following line to the top of the file: -

-<%@ taglib prefix="authz" uri="http://acegisecurity.org/authz" %>
-
-Next, scroll down and find the link to "add visit". Modify it as follows: -
-<authz:authorize ifAllGranted="ROLE_SUPERVISOR">
-  <FORM method=GET action="<c:url value="/addVisit.htm"/>" name="formVisitPet<c:out value="${pet.id}"/>">
-  <INPUT type="hidden" name="petId" value="<c:out value="${pet.id}"/>"/>
-  <INPUT type="submit" value="Add Visit"/>
-  </FORM>
-</authz:authorize>          
-
-

- -

What now?

-

-These steps can be applied to your own application. Although we do suggest -that you visit http://acegisecurity.org -and in particular review the "Suggested Steps" for getting started with Acegi -Security. The suggested steps are optimized for learning Acegi Security quickly -and applying it to your own projects. It also includes realistic time estimates -for each step so you can plan your integration activities.

- - \ No newline at end of file diff --git a/src/site/resources/suggested.html b/src/site/resources/suggested.html deleted file mode 100644 index 4fd9f2aa9d..0000000000 --- a/src/site/resources/suggested.html +++ /dev/null @@ -1,133 +0,0 @@ - - - - - - -Acegi Security Suggested Steps - - - - -

Suggested Steps

-

Presented below are the steps we encourage you to take in order to gain the most - out of Acegi Security in a realistic timeframe. -

    -
  1. - First of all, deploy the "Tutorial Sample", which is included in the main distribution - ZIP file. The sample doesn't do a great deal, but it does give you a template that can - be quickly and easily used to integrate into your own project.

    - - Estimated time: 30 minutes.

    -
    2. - -
  2. - Next, follow the Petclinic tutorial, which - covers how to add Acegi Security to the commonly-used Petclinic sample application - that ships with Spring. This will give you a hands-on approach to integrating - Acegi Security into your own application.

    - - Estimated time: 1 hour.

    -
    3. - -
  3. - Next, review the Reference Guide, and in particular - Part I. It has been designed to give you a solid overview. Go through the beans - defined in the "Tutorial Sample" and understand their main purpose within the overall - framework. Once you understand this, you'll have no difficulty moving on to more - complex examples. You can also experiment in the Petclinic tutorial that you - implemented in the last step.

    - - Estimated time: 1 day.

    -
    4. - -
  4. - If you have relatively simple security needs, you can probably start to integrate - Acegi Security into your application at this point. Just use the "Tutorial Sample" - as your basis (now that you understand how it works). Those with more complicated - requirements should review the "Contacts Sample" application. - This will probably involve deploying acegi-security-sample-contacts-filter.war, - which is also included in the release ZIP file.

    - - The purpose of understanding the "Contacts Sample" is to get a better feel for how method - security is implemented, particularly with domain object access control lists. This will - really round-out the rest of the framework for you.

    - - The actual java code - is a completely standard Spring application, except ContactManagerBackend - which shows how we create and delete ACL permissions. The rest of the Java code has no - security awareness, with all security services being declared in the XML files - (don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container - declarations or the stock-standard web.xml). The main - XML files to review are - applicationContext-acegi-security.xml (from the filter webapp), - applicationContext-common-authorization.xml, - applicationContext-common-business.xml (just note we add contactManagerSecurity to the services layer target bean), and - web.xml (from the filter webapp). - The XML definitions are comprehensively discussed in the - Reference Guide. -

    - - Please note the release ZIP files do not include the sample application Java source code. You - will need to download from SVN if you would like to access the Java sources.

    - - Estimated time: 1-2 days.

    -
    5. - -
  5. By now you will have a good grasp on how Acegi Security works, and all that is left to - do is design your own application's implementation. -

    - - We strongly recommend that you start your actual integration with the "Tutorial Sample". - Don't start by integrating with the "Contacts Sample", even if you have complex needs. - Most people reporting problems on the forums do so because of a configuration problem, - as they're trying to make far too many changes at once without really knowing what - they're doing. Instead, make changes one at a time, starting from the bare bones configuration - provided by the "Tutorial Sample".

    - - If you've followed the steps above, and refer back to the - Reference Guide, - forums, and - FAQ - for help, you'll find it pretty easy to implement Acegi Security in your application. - Most importantly, you'll be using a security framework that offers you complete container - portability, flexibility, and community support - without needing to write and maintain your - own code.

    - - Estimated time: 1-5 days.

    -
    -
    6. - -
- -

Please note the time estimates are just that: estimates. They will vary considerably depending - on how much experience you have, particularly with Java and Spring. They will also vary depending - on how complex your intended security-enabled application will be. Some people need to push the domain - object instance access control list capabilities to the maximum, whilst others don't even need anything - beyond web request security. The good thing is Acegi Security will either directly support your future - needs, or provide a clearly-defined extension point for addressing them. - -

- We welcome your feedback about how long it has actually taken you to complete each step, so we - can update this page and help new users better assess their project timetables in the future. - Any other tips on what you found helpful in learning Acegi Security are also very welcome. - -