For those who has worked with Acegi Security previously, must have been through the XML hell since there are a lot of boilerplate managed beans under the module. Fear no more, Spring Security 2 is here, to make it your day (if Spring is your cup of tea, that is). There have been some major changes, mostly to simplify the web security settings. There are 2 files needed to be updated/created.
First off, the web.xml, add the following elements:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Then finally, the Spring’s beans xml file:
<http auto-config=”true”>
<intercept-url pattern=”/faces/**” access=”ROLE_SUPERVISOR”/>
<intercept-url pattern=”/faces/**” access=”IS_AUTHENTICATED_REMEMBER“/>
</http>
<authentication-provider>
<password-encoder hash=”md5″/>
<user-service>
<user name=”rod” password=”a564de63c2d0da68cf47586ee05984d7″ authorities=”ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER” />
</user-service>
</authentication-provider>
Presto, my application is now secured by Spring. Of course, there are some prerequisite steps that I’ve done, such as, include all the dependencies libraries and setup Spring Core to load all Spring’s beans xml. For more info. please refer to documentation from Spring Framework. Surely, you could appreciate the simplicity of Spring Security 2, especially, compared to its predecessor. Caveat, this sample is not intended for production deployment but more for prototyping an application. Naturally, you might need to move out the authentication provider to another service provider such as a database or LDAP authentication.
