We use Acegi/Wicket in our current project at work. The main thing
you need to worry about is the session implementation. Here's a
snippet from ours:
private AuthenticationManager getAuthenticationManager()
{
return (( MyWebApplication )
getApplication()).getAuthenticationManager();
}
public boolean authenticate(String username, String password)
{
UsernamePasswordAuthenticationToken tok = new
UsernamePasswordAuthenticationToken(username, password);
final Authentication auth =
getAuthenticationManager().authenticate(tok);
if (auth != null && auth.isAuthenticated())
{
SecurityContextHolder.getContext().setAuthentication(auth);
return true;
}
return false;
}
public Roles getRoles()
{
if (isSignedIn())
{
final Authentication auth =
SecurityContextHolder.getContext().getAuthentication();
if (auth == null)
{
return null;
}
Roles roles = new Roles();
for (GrantedAuthority grantedAuthority : auth.getAuthorities())
{
roles.add(grantedAuthority.getAuthority());
}
return roles;
}
return null;
}
So, your custom web application has to be able to get a handle on the
Acegi (I'd go with spring-security if I were you if you're starting
from scratch because that seems to be the next generation of Acegi)
AuthenticationManager (we used Spring to do this). Alternatively, you
could mark your session class as @Configurable and let Spring inject
the AuthenticationManager in. The other part you need is to set up
the Spring/Acegi filter stuff in your web.xml:
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Then, in your applicationContext.xml file:
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"
autowire="autodetect">
<property name="forceEagerSessionCreation" value="true"/>
</bean>
Hope this helps. The last two parts are just vanilla Acegi stuff.
So, if you've had Acegi working in the past, just copy/paste it from
there.
On Mon, May 5, 2008 at 10:40 AM, David Nedrow <[EMAIL PROTECTED]> wrote:
> I'm adding Acegi support to a Wicket project, but have been completely
> unable to get all the pieces correct. One of the main problems is that there
> appears to be no standalone example available. The acegi-security examples
> are awful, since all thirty of the samples are mixed with each other and
> re-use components, needlessly complicating each example. IE., there's no way
> to see what is actually required for a specific example.
>
> The online guides
> (eg.http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo
> ) refer to existing mixed examples without providing a full sample.
>
> Has anyone seen an Acegi+Wicket example that is:
>
> 1) Targeted at implementing Acegi in Wicket
> 2) Contains all the sample sources in a self-contained tree
>
> -David
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
