Thomas Dudziak wrote:
On 8/14/06, Neil Smith <[EMAIL PROTECTED]> wrote:
I am about to start a new Spring MVC project using Acegi for security
access and OJB for
persistance. Acegi has a JDBC implementation for accessing the user
details from a database.
Question: Is it advisable to write an OJB implementation of the Acegi
UserDetails interface to take
advantage of OJB's cashing and consistancecy of database access?
Secondly, has anyone already done this?
It sure is possible and, depending on your data model, may also make a
lot of sense.
I've done this in a former project with good success. If I remember
correctly, The general idea is:
* You should have something like a UserDAO that returns User objects
as part of your normal business model. This DAO should use Spring's
OJB DAO helper class and be a Spring-managed bean.
* Create a wrapper class around your user objects that implements
Acegi's UserDetails interface.
* Create a class that implements Acegi's UserDetailsService by calling
out to your DAO (wired via Spring). See chapter 6.2 of the Acegi doc.
* In your Acegi's configuration, use the DaoAuthenticationProvider
(chapter 7 of the Acegi doc) with your UserDetailsService
implementation.
That should be about it.
In case you also have a role concept in your business model, you'll
also want to define a mapping of your roles to Acegi's role strings
and use that in your aforementioned UserDetails. Acegi also provides
additional hooks to override it's default role concept with your own.
If you want to do that, it is best to search/ask in the Acegi forums,
though.
Tom
I have a project that is both Struts/OJB and Spring MVC/Hibernate
which uses Acegi in parts. I extended LdapPasswordAuthenticationDao
to return UserDetails from the loadUserByUsernameAndPassword method
but just used direct JDBC (not OJB) in this method to check the database for
privileges.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
