Sunday, January 30, 2005

Acegi Security Framework for Spring Tips

Over at Craig's stack trace, Crag has a nice post on a terse configuration for the Acegi Security Framework for Spring.

Now that version 0.7 of Acegi is out, I had to make two small changes to Craig's acegi-common.xml file. This file holds all the default and stock beans needed for a generic install of Acegi. By moving all the boilerplate config out of the main configuration files, Acegi suddenly becomes usable.

To make this config work in the Acegi 0.7 + Spring 1.1.4 world, you must make (at least) two minor modifications.

First, for all the beans in acegi-common.xml that will be redefined in your application specific security configuration, you must add the attribute abstract="true". This is in addition to lazy-init="true". The abstract attribute forces Spring not to load up the bean, even if another bean references it. This is the case in acegi-common.xml where the httpSessionIntegrationFilter bean references other beans.

Which brings me to my second tip. You need to change the AutoIntegrationFilter reference to HttpSessionIntegrationFilter (or another IntegrationFilter of your choice). In version 0.7 of Acegi, the AutoIntegrationFilter has been removed.

It all seems to be working, now!
Post a Comment


I'm probably required to say that the views expressed in this blog are my own, and do not necessarily reflect those of my employer. Also, except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code samples are licensed under the BSD License.