Hi Erik, You shouldn't need to subclass the SecurityManager implementations - a decent amount of work has gone into allowing you to inject almost anything you need. That is, we favor a composition over inheritance development philosophy.
So, you only need to configure your realms in the Filter's config in web.xml. The .ini config (examples are in the Filter's JavaDoc) allows you to do things like the following (in the [main] section): someDependency = some.class.name.MySimplePojo someDependency.someProperty = aValue ... realmA = some.fully.qualified.pkg.MyRealm realmA.someDependency = $someDependency\ realmA.aProperty = someValue ... That's all you have to do. Any Realms defined will be automatically injected into the SecurityManager created by the Filter. Then, in your application code, when you call SecurityUtils.getSubject().login(myAuthenticationToken), that call will make it down through the SecurityManager down to your configured realms. If this is not sufficient, you could also define one or more RealmFactory beans: realmFactory = some.class.that.implements.RealmFactory realmFactory.property1 = someValue ... Then, any Realms returned from the constructed RealmFactory will be automatically injected into the SecurityManager created by the Filter. Finally, if all of this is not sufficient, and you need more robust configuration mechanisms (e.g. Spring or Guice or whatever), you can subclass IniWebConfiguration to look up beans defined in that configuration mechanism. The SpringIniWebConfiguration's source code is a good example. I hope that helps! Cheers, Les On Thu, Apr 2, 2009 at 12:43 AM, Erik Beeson <[email protected]> wrote: > I've been using JSecurity for a few months now and I really like it. So > far, I've just added it to my existing (home grown) user management system, > but I'm evaluating replacing my home grown stuff with the JSecurityFilter > web stuff. > I'm looking at the sample web app, but I don't see where authentication > actually happens. Is the expected behavior to subclass > DefaultWebSecurityManager and pass in a Realm to do authentication, then > specify it with the "securityManager" config parameter on JSecurityFilter? > Or is there another way to specify a realm? > > Thanks, > Erik > >
