Acegi Security Framework for Spring Tips
Over at Craig's stack trace , Crag has a nice post on a terse configuration for the Acegi Security Framework for Spring . Now that version 0.7 of Acegi is out, I had to make two small changes to Craig's acegi-common.xml file. This file holds all the default and stock beans needed for a generic install of Acegi. By moving all the boilerplate config out of the main configuration files, Acegi suddenly becomes usable. To make this config work in the Acegi 0.7 + Spring 1.1.4 world, you must make (at least) two minor modifications. First, for all the beans in acegi-common.xml that will be redefined in your application specific security configuration, you must add the attribute abstract="true" . This is in addition to lazy-init="true" . The abstract attribute forces Spring not to load up the bean, even if another bean references it . This is the case in acegi-common.xml where the httpSessionIntegrationFilter bean references other beans. Which brings me ...