On 8/14/06, Neil Smith <[EMAIL PROTECTED]> wrote:
I am about to start a new Spring MVC project using Acegi for security access and OJB for persistance. Acegi has a JDBC implementation for accessing the user details from a database. Question: Is it advisable to write an OJB implementation of the Acegi UserDetails interface to take advantage of OJB's cashing and consistancecy of database access? Secondly, has anyone already done this?
It sure is possible and, depending on your data model, may also make a lot of sense. I've done this in a former project with good success. If I remember correctly, The general idea is: * You should have something like a UserDAO that returns User objects as part of your normal business model. This DAO should use Spring's OJB DAO helper class and be a Spring-managed bean. * Create a wrapper class around your user objects that implements Acegi's UserDetails interface. * Create a class that implements Acegi's UserDetailsService by calling out to your DAO (wired via Spring). See chapter 6.2 of the Acegi doc. * In your Acegi's configuration, use the DaoAuthenticationProvider (chapter 7 of the Acegi doc) with your UserDetailsService implementation. That should be about it. In case you also have a role concept in your business model, you'll also want to define a mapping of your roles to Acegi's role strings and use that in your aforementioned UserDetails. Acegi also provides additional hooks to override it's default role concept with your own. If you want to do that, it is best to search/ask in the Acegi forums, though. Tom --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
