Hi, a few weeks ago, I started an open source project (Security Annotation Framework) which addresses annotation-based, instance-level access control for Spring applications. It is also based on Spring 2.0's extensible XML authoring features. You can find more info at
http://sourceforge.net/projects/safr and http://safr.sourceforge.net/ The framework was created during a project in 2006 and is now available under the Apache 2.0 license. It's a generic framework focused on processing security annotations on Spring beans as well as domain objects (which typically aren't managed by a Spring application context) and can be used to enforce access decisions for domain object instances. It can be used with any authorization provider and is not specific to Acegi. However, I plan to include an example how to use the SAF with Acegi authorization soon. Furthermore, it supports inheritance of annotations from base classes and interfaces. Hope this is somehow helpful for you. I am also very interested to include further Acegi support into the SAF. If you have any further ideas please let me know and let's start a new thread on this (either on the SAF mailing lists or here). Cheers, Martin James Carman wrote: > > Ben, > > Sounds great! I think we're going to want something like this on our > current project, so I am going to have to write it anyway. I just > really wanted to make sure nobody had already started it off. I was > going to basically take the Spring transaction XSD file and parser as > an example since it's doing virtually the same thing (autoproxying > based on annotations). I figured I might be able to do a little > find/replace magic to get something working. So, it should look/feel > a lot like the existing Spring stuff (I agree that it needs to adhere > to the "Spring way"). > > Does anyone else have any opinions about how this stuff should look? > The annotation-driven syntax would probably look just like what I've > proposed (I have to make sure I've exposed all the properties that > you'd need to set), I would think. I haven't really fleshed out the > advice stuff, yet, but I do anticipate it looking a lot like the > transaction stuff (as the example illustrates). > > Oh, by the way, I'm new to this list and I haven't been able to tell > you guys yet, but kudos on a really cool framework! I wrote an > adapter (http://svn.javaforge.com/svn/tapestry/tapestry-acegi/trunk > login with anonymous/anon) for Tapestry (and HiveMind too) which > allows you to put Acegi @Secured annotations on component/page > listener methods (and at the class level) to secure them. It's all > configured in HiveMind and it works very well. > > James > > On 2/11/07, Ben Alex <[EMAIL PROTECTED]> wrote: >> James Carman wrote: >> > I am thinking about writing a Spring 2.0 style parser for Acegi >> > configuration. >> >> Hi James >> >> This is very important work for a subsequent release, although I'd like >> to ensure that the proposed XSD is conceptually similar with other >> Spring XSDs (one big benefit of Spring is once you learn one part of it, >> the other parts feel the same to work with). We'd also need to ensure >> the XSD catered for all commonly-used configuration options in the >> framework and genuinely reduced XML whilst also leveraging XSD >> validation and auto-completion. >> >> Give the above comments, it is rather important that we have a >> comprehensive XML example of what we'd like Acegi Security configuration >> to look like from release 1.1.0. The example would need to show how >> people could achieve their own customizations without resorting to >> writing large numbers of bean definitions from scratch. I'd be quite >> happy for people on this list to collaborate on the target XML. Once we >> get the target XML sorted, writing the namespace handler and XSD is >> comparatively easy work. How does that sound? >> >> Cheers >> Ben >> >> ------------------------------------------------------------------------- >> Using Tomcat but need to do more? Need to support web services, security? >> Get stuff done quickly with pre-integrated technology to make your job >> easier. >> Download IBM WebSphere Application Server v.1.0.1 based on Apache >> Geronimo >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >> _______________________________________________ >> Home: http://acegisecurity.org >> Acegisecurity-developer mailing list >> [EMAIL PROTECTED] >> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer >> >> > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > -- View this message in context: http://www.nabble.com/Spring-2.0-XSD-Parsers-tf3205417.html#a9990445 Sent from the acegisecurity-developer mailing list archive at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
