134 lines
7.1 KiB
HTML
134 lines
7.1 KiB
HTML
<!--
|
|
* ========================================================================
|
|
*
|
|
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* ========================================================================
|
|
-->
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
|
|
<head>
|
|
<title>Acegi Security Suggested Steps</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
|
|
</head>
|
|
|
|
<body>
|
|
<h1>Suggested Steps</h1>
|
|
<p>Presented below are the steps we encourage you to take in order to gain the most
|
|
out of Acegi Security in a realistic timeframe.
|
|
<ol>
|
|
<li>
|
|
First of all, deploy the "Tutorial Sample", which is included in the main distribution
|
|
ZIP file. The sample doesn't do a great deal, but it does give you a template that can
|
|
be quickly and easily used to integrate into your own project.<br><br>
|
|
|
|
Estimated time: 30 minutes.<br><br>
|
|
</li>
|
|
|
|
<li>
|
|
Next, follow the <a href="petclinic-tutorial.html">Petclinic tutorial</a>, which
|
|
covers how to add Acegi Security to the commonly-used Petclinic sample application
|
|
that ships with Spring. This will give you a hands-on approach to integrating
|
|
Acegi Security into your own application.<br><br>
|
|
|
|
Estimated time: 1 hour.<br><br>
|
|
</li>
|
|
|
|
<li>
|
|
Next, review the <a href="reference.html">Reference Guide</a>, and in particular
|
|
Part I. It has been designed to give you a solid overview. Go through the beans
|
|
defined in the "Tutorial Sample" and understand their main purpose within the overall
|
|
framework. Once you understand this, you'll have no difficulty moving on to more
|
|
complex examples. You can also experiment in the Petclinic tutorial that you
|
|
implemented in the last step.<br><br>
|
|
|
|
Estimated time: 1 day.<br><br>
|
|
</li>
|
|
|
|
<li>
|
|
If you have relatively simple security needs, you can probably start to integrate
|
|
Acegi Security into your application at this point. Just use the "Tutorial Sample"
|
|
as your basis (now that you understand how it works). Those with more complicated
|
|
requirements should review the "Contacts Sample" application.
|
|
This will probably involve deploying <code>acegi-security-sample-contacts-filter.war</code>,
|
|
which is also included in the release ZIP file.<br><br>
|
|
|
|
The purpose of understanding the "Contacts Sample" is to get a better feel for how method
|
|
security is implemented, particularly with domain object access control lists. This will
|
|
really round-out the rest of the framework for you.<br><br>
|
|
|
|
The actual <a target="_blank" class="newWindow" href="multiproject/acegi-security-sample-contacts/xref/index.html">java code</a>
|
|
is a completely standard Spring application, except <code>ContactManagerBackend</code>
|
|
which shows how we create and delete ACL permissions. The rest of the Java code has no
|
|
security awareness, with all security services being declared in the XML files
|
|
(don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container
|
|
declarations or the stock-standard <code>web.xml</code>). The main
|
|
XML files to review are
|
|
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp),
|
|
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>,
|
|
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <code>contactManagerSecurity</code> to the services layer target bean), and
|
|
<a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp).
|
|
The XML definitions are comprehensively discussed in the
|
|
<a href="reference.html">Reference Guide</a>.
|
|
<br><br>
|
|
|
|
Please note the release ZIP files do not include the sample application Java source code. You
|
|
will need to download from SVN if you would like to access the Java sources.<br><br>
|
|
|
|
Estimated time: 1-2 days.<br><br>
|
|
</li>
|
|
|
|
<li>By now you will have a good grasp on how Acegi Security works, and all that is left to
|
|
do is design your own application's implementation.
|
|
<br><br>
|
|
|
|
We strongly recommend that you start your actual integration with the "Tutorial Sample".
|
|
Don't start by integrating with the "Contacts Sample", even if you have complex needs.
|
|
Most people reporting problems on the forums do so because of a configuration problem,
|
|
as they're trying to make far too many changes at once without really knowing what
|
|
they're doing. Instead, make changes one at a time, starting from the bare bones configuration
|
|
provided by the "Tutorial Sample".<br><br>
|
|
|
|
If you've followed the steps above, and refer back to the
|
|
<a href="reference.html">Reference Guide</a>,
|
|
<a href="http://www.springframework.org">forums</a>, and
|
|
<a href="faq.html">FAQ</a>
|
|
for help, you'll find it pretty easy to implement Acegi Security in your application.
|
|
Most importantly, you'll be using a security framework that offers you complete container
|
|
portability, flexibility, and community support - without needing to write and maintain your
|
|
own code.<br><br>
|
|
|
|
Estimated time: 1-5 days.<br><br>
|
|
</br>
|
|
</li>
|
|
|
|
</ol>
|
|
|
|
<p>Please note the time estimates are just that: estimates. They will vary considerably depending
|
|
on how much experience you have, particularly with Java and Spring. They will also vary depending
|
|
on how complex your intended security-enabled application will be. Some people need to push the domain
|
|
object instance access control list capabilities to the maximum, whilst others don't even need anything
|
|
beyond web request security. The good thing is Acegi Security will either directly support your future
|
|
needs, or provide a clearly-defined extension point for addressing them.
|
|
|
|
<p>
|
|
We welcome your feedback about how long it has actually taken you to complete each step, so we
|
|
can update this page and help new users better assess their project timetables in the future.
|
|
Any other tips on what you found helpful in learning Acegi Security are also very welcome.
|
|
</body>
|
|
</html>
|