Acegi Security Framework for Spring Tips

Over at Craig's stack trace, Crag has a nice post on a terse configuration for the Acegi Security Framework for Spring.

Now that version 0.7 of Acegi is out, I had to make two small changes to Craig's acegi-common.xml file. This file holds all the default and stock beans needed for a generic install of Acegi. By moving all the boilerplate config out of the main configuration files, Acegi suddenly becomes usable.

To make this config work in the Acegi 0.7 + Spring 1.1.4 world, you must make (at least) two minor modifications.

First, for all the beans in acegi-common.xml that will be redefined in your application specific security configuration, you must add the attribute abstract="true". This is in addition to lazy-init="true". The abstract attribute forces Spring not to load up the bean, even if another bean references it. This is the case in acegi-common.xml where the httpSessionIntegrationFilter bean references other beans.

Which brings me to my second tip. You need to change the AutoIntegrationFilter reference to HttpSessionIntegrationFilter (or another IntegrationFilter of your choice). In version 0.7 of Acegi, the AutoIntegrationFilter has been removed.

It all seems to be working, now!
Post a Comment

Popular posts from this blog

Converting Array to List in Scala

I ported a JavaScript app to Dart. Here's what I learned.

Minification is not enough, you need tree shaking