Hey everyone,
I'm progressing with our move to Java and JSF and am trying to integrate
some security. I've decided on using Acegi Security because I need to
be able to have domain object level ACLs and it's the most complete open
source implementation I've seen. But, I'm having some problems figuring
how best to integrate it with JSF.
The main issue is that most of the servlet security stuff is implemented
in Servlet Filters, including the part that authenticates the user.
Whats worse, IMO, is that the Filters are actually Spring managed beans
proxied by a delegating Filter. The main problems I have with this is
that I can't create a nice JSF form with an
action="#{authHandler.authenticate}" action handler. I'd also like to
control the flow of the page and what happens when logins succeed/fail
from the JSF navigation. As it stands now that's actually handled by
one of the Spring managed beans.
To these ends I've created an AuthenticationHandler backing bean, mostly
just copying the code in the AuthenticationProcessingFilter class which
listens for requests to a certain URL and tries to login the user with
the credentials in the request. The other stuff is a bit more
complicated and I'm not 100% sure where to begin. I'm thinking I need
to create PhaseListener classes for the other Filters and copying the
code from the corresponding filters.
Has anyone worked on integrating Acegi and JSF more seemlessly before?
I'd appreciate any advice anyone can give.
Thanks,
Rich
- Acegi and JSF integration Richard Wallace
-