It may be difficult to rip Acegi out at this point because it has been
used for so long. However, here's a stab at doing it:
1. Remove the securityFilter from web.xml (both the filter and its mapping.xml).
2. Remove the UserSecurityAdvice class and its test (if you're using
1.x or 2.0 with full-source).
Add the following to your web.xml:
<!-- All anyone to access passwordHint and signup -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Unrestricted</web-resource-name>
<description>All users can view</description>
<url-pattern>/passwordHint.html</url-pattern>
<url-pattern>/signup.html</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Restrict all users from accessing *.html -->
<security-constraint>
<web-resource-collection>
<web-resource-name>AppFuse</web-resource-name>
<description>Require users to authenticate</description>
<url-pattern>*.html</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Define who can access this url-pattern</description>
<role-name>admin</role-name>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<!-- Doesn't work on Resin
<description>
Encryption is not required for the application in general.
</description>
-->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=true</form-error-page>
</form-login-config>
</login-config>
<!-- The admin role -->
<security-role>
<description>Administrator role (can edit Users)</description>
<role-name>ROLE_ADMIN</role-name>
</security-role>
<!-- The tomcat role -->
<security-role>
<description>Default Role for All Users</description>
<role-name>ROLE_USER</role-name>
</security-role>
The role-names will need to match what you have in sample-data.xml.
They've only recently changed to the ones you see above - they used to
be "admin" and "tomcat". You should also remove Acegi as a dependency
and see what compile errors you get. Then you may want to checkout an
older tag from Subversion and see how we did it before Acegi was
added.
You can search for files using FishEye:
http://fisheye4.cenqua.com/search/appfuse
You can see all the tags at:
http://fisheye4.cenqua.com/browse/appfuse/tags
Matt
On 6/13/07, Sandeep Sukumaran1 <[EMAIL PROTECTED]> wrote:
Hello ,
I would like to remove the Acegi security of Appfuse and make it to run
using CMA . When i went through the tutorial which is available online , i
could not download the old web-security.xml at appfuse CVS attic . Please
let me know , whether can i foind this file ..
Waiting for your response at the earliest .
Thanks
Sandeep
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
http://raibledesigns.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
