Ben,
I've evolved my initial effort in JSR-168 Portlet support for Acegi into
something that I think is close to ready for inclusion into the overall
framework.
I've reimplemented it all as a separate provider with its own
implementation of AbstractAuthenticationToken, AuthenticationProvider,
UserCache, etc. I've also provided a
PortletSessionContextIntegrationInterceptor and
PortletProcessingInterceptor.
One of the unique challenges of portlet development in this space is
that filters are not applied to portlet requests, so none of the
existing filter-based can be used with the portlets. But with the two
interceptors above I think it covers the basics and allows for use of
MethodSecurityInterceptor and for the taglib in JSP content.
The main thing that is missing at this point is an equivalent of the
URL-based security mechanisms such as FilterSecurityInterceptor. Since
portlet requests don't include tradition URLs, this is difficult to
translate. I think the best thing here will be to implement something
parallel to the HandlerMapping classes that allows security to be
applied in the same way.
I've posted the classes and some example application context entries on
the Spring Portlet Wiki site. You can download the file here:
http://opensource2.atlassian.com/confluence/spring/download/attachments/10/acegi-portlet.zip
I'm very interested in your feedback. When you get a chance to take a
look at it all, let me know what you think.
John Lewis
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
