Showing posts from January, 2005

Acegi Security Framework for Spring Tips

Over at Craig's stack trace, Crag has a nice post on a terse configuration for the Acegi Security Framework for Spring.

Now that version 0.7 of Acegi is out, I had to make two small changes to Craig's acegi-common.xml file. This file holds all the default and stock beans needed for a generic install of Acegi. By moving all the boilerplate config out of the main configuration files, Acegi suddenly becomes usable.

To make this config work in the Acegi 0.7 + Spring 1.1.4 world, you must make (at least) two minor modifications.

First, for all the beans in acegi-common.xml that will be redefined in your application specific security configuration, you must add the attribute abstract="true". This is in addition to lazy-init="true". The abstract attribute forces Spring not to load up the bean, even if another bean references it. This is the case in acegi-common.xml where the httpSessionIntegrationFilter bean references other beans.

Which brings me to my second ti…