Practical Quick Start with Acegi Security and Spring

The afternoon sessions begin with Practical Quick Start with Acegi Security and Spring, presented by Ben Alex. Ben is the project lead for Acegi Security, a fully pluggable and flexible enterprise security framework. Specifically for your enterprise software, it's not an Operating System security framework or any sort of browser or sandbox security solution.

The important thing to know about Acegi Security is it is more of a model and lexicon instead of pre-built security implementation. Because security varies across each application so widely, Acegi provides interfaces and extension points to make building a security framework much easier.

Acegi is much more than a replacement for Servlet API security. While it does fully replace the Servlet security features, it also provides fine grained ACLs on a per-object instance which is a huge feature. J2EE security does not support that at all. Other features include CAPTCHA, channel security, switch user, prohibit concurrent logins, and many others.

It's important to note that Acegi Security is not specific to web applications. It's perfectly viable as a security framework for your Rich Client project, too.

There are an insane amount of Authentican mechanisms, including Form, HTTP Basic, HTTP Digest, RMI X509, Yale CAS, SiteMinder, Remember-Me, Anonymous, and others.
Post a Comment

Popular posts from this blog

I ported a JavaScript app to Dart. Here's what I learned.

Converting Array to List in Scala

Minification is not enough, you need tree shaking