On Fri, 2005-06-17 at 13:44 -0700, Richard Wallace wrote: <snip/> > Not your fault. I've actually found what seems on first glace, a really > good security framework built specifically for Spring > http://agisecurity.sf.net. Now I don't like the fact that I'll be tied > to a specific container, but it sounds like I can do exactly the kind of > stuff that I need to do with it.
We're also using Acegi on our current project at work. Simply because, it's the best option I found available ... until AuthX has a comprable feature set ready of course. Acegi has a very nice feature set, but here's what I don't like (or did not understand): - It's tied to Spring - It's role based only - It's all XML stuff (and you need to write a hell lot of XML) - You've got to play by the rules it defines I would really like to replace our use of Acegi, but before that, here's the list of stuff that need to be implemented: - Hibernate Realm (not very hard, should be easier than JDBC Realm) - Hibernate Information Provider, for loading roles from the Database - A stack of web utilities, including permissions to define access to web resources, servlet filters, servlet listeners, ... not that hard either - Utilities to setup authx, including authenticators, information providers and authorizers, wiring them together in the minimal amount of steps, for general usage -- Vincent
