Spring Security 2.0 and Spring 2.0.X

Spring Security allows applications to include authentication features in J2EE applications with a very few effort. However, configuration in previous versions, like Acegi Security, was a hard task to perform by a newcomer. Spring people talks about a difference of a hundred of configuration lines between Acegi 1.0 (120 lines for configuration) and Security 2.0 (just only 16 lines). So, it’s highly advisable to use Spring Security 2.0.

These links can help in developing a small sample:

In our case, form based authentication via user/password in a webapp, we’ve include two minor adjustments in web.xml (webapp container configuration) and applicationContext.xml (Spring configuration).

web.xml


    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy


  springSecurityFilterChain
  /*

* I’ve replaced – character for _ character in this XML file

applicationContext.xml




    


    


    
    
        
    

[...]

* I’ve replaced – character for _ character and : character for __ characters in this XML file to get a suitable visualization

Development of login.jsp page is detailed in several resources, such as here.

It could be wonderful, but there is one important point for us which is poorly documented. Spring Security 2.0 only works with Spring 2.0.8. And we are using BEA Weblogic 10. And BEA Weblogic 10 only certifies the use of Spring 2.0.2. 

So we have now a dangerous decision: shall we use Spring Security 2.0 and Spring 2.0.8 and loose BEA (I mean Oracle) support or shall we use Acegi Security 1.0 and Spring 2.0.2 and write tedious and hard to maintain configuration files?

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s