I suppose I have a slightly unique situation in regards to my security implementation. Bear in mind I am a complete newbie to J2EE, Spring and Acegi so if I mess up terminology or am completely wrong in a certain sense – let me know but be nice
So I am developing security architecture for a J2EE web app running on WebSphere Portal Server 5.1. We are currently using Spring as a middle tier IoC framework, JSF for the presentation tier, and WebSphere managed security against an IBM Tivoli Directory Server (LDAP). Id like to use Acegi in our architecture as it provides many advantages over the container managed WebSphere security. Most importantly it would allow my architecture team to push new security configurations to developers via source code control without having to reconfigure WebSphere instances (which you need to do if you use WebSpheres security). Also the declarative approach to fine grained security would also make the lives of developers MUCH easier. If life were only this easy…..
I’m not entirely sure why but I am told that we must use WebSphere security for authentication and that we can use Acegi for authorization. To me this can either translate as using JaasAuthenticationProvider or AuthByAdapterProvider. I’m not sure which one would provide the WebSphere container managed authentication and allow Acegi to handle authorization policies.
If I need to use AuthByAdapterProvider then I must ask if anyone has written a Web Sphere adapter. If not than I would like to be pointed to a reference explaining how to write a container adapter. Clearly this reference would need to explain the hooks into a container that Acegi needs and the hooks into Acegi that the container would need. Just reading the provided adapters I checked out of CVS gave me little frame of reference towards a solution.
I am also wondering if I will run into any bumps in the road with JSF and Acegi or Acegi and WebSphere Portal Filters (Our porlets are written using JSR168 Standard)
Thanks for the help.