|
Hello, I suppose I have a slightly unique situation in regards to
my security implementation. Bear in mind I am a complete newbie to J2EE, Spring
and Acegi so if I mess up terminology or am completely wrong in a certain sense
– let me know but be nice ;) So I am developing security architecture for a J2EE web app
running on WebSphere Portal Server 5.1. We are currently using Spring as a
middle tier IoC framework, JSF for the presentation tier, and WebSphere managed
security against an IBM Tivoli Directory Server (LDAP). Id like to use Acegi in
our architecture as it provides many advantages over the container managed WebSphere
security. Most importantly it would allow my architecture team to push new
security configurations to developers via source code control without having to
reconfigure WebSphere instances (which you need to do if you use WebSpheres
security). Also the declarative approach to fine grained security would also
make the lives of developers MUCH easier. If life were only this easy….. I’m not entirely sure why but I am told that we must
use WebSphere security for authentication and that we can use Acegi for
authorization. To me this can either translate as using JaasAuthenticationProvider
or AuthByAdapterProvider. I’m not sure which one would provide the WebSphere
container managed authentication and allow Acegi to handle authorization
policies. If I need to use AuthByAdapterProvider then I must ask if
anyone has written a Web Sphere adapter. If not than I would like to be pointed
to a reference explaining how to write a container adapter. Clearly this
reference would need to explain the hooks into a container that Acegi needs and
the hooks into Acegi that the container would need. Just reading the provided
adapters I checked out of CVS gave me little frame of reference towards a
solution. I am also wondering if I will run into any bumps in the road
with JSF and Acegi or Acegi and WebSphere Portal Filters (Our porlets are
written using JSR168 Standard) Thanks for the help. Dan Horowitz |
