Oct 31st, 2005, 08:08 AM
Authentication (acegi worth it?)
im writing a little webapplication which requires some sort of user authentication and log in.
i searched this forum and the web and really everything is pointing to acegi for security reasons in spring apps.
im sure acegi is a wonderful framework BUT is it worth it? my application is not really huge and acegi seems to have some time consuming aspect.
i need at last several hours to read documentation and those stuff.
im not sure, cause normally im not a web programmer. but isnt there a possibility to add a securityfilter in web.xml?
is there some filter possibility in spring itself?
i even could create a securitycontroller which always checks authenticationinfo fist and redirects to login form if necessary. this controller is used as superclass for all other controllers.
what do you think?
p.s.: if theres an simple authentication mechanism which i dont know dont be afraid of telling me ;-)
Oct 31st, 2005, 10:32 AM
I will agree that acegi sometimes is a overkill.
In stead of a super-class I would use an Interceptor:
Oct 31st, 2005, 10:39 AM
Not sure if this helps, but here is a small and codeless Spring + Acegi example. It contains login & logout functionality.
One other option is to protect the application using the security-constraint in web.xml... but I think this is not the best solution.
Last edited by noon; Oct 31st, 2005 at 10:45 AM.
Oct 31st, 2005, 10:45 AM
I think that using Acegi is absolutely worth it. While it supports many advanced security features, its also suitable and very easy to use for simple authentication schemes.
The Acegi documentation is very complete and for someone looking to implement simple authentication quickly, it might be overwhelming. I would suggest that you download Acegi and look at the samples. They provide a simple example with the minimal required configuration. Just add the filters and other configuration in your app and things will work! You can then re-read the documentation as and when you need additional security features.
Oct 31st, 2005, 12:48 PM
The learning curve in Acegi is a bit high... or is it just me? Not overwhelming though. Still it's the best pair for security matters when working with Spring Framework.
Nov 1st, 2005, 12:14 AM
Why not use container security, it is not to hard to use for instance Tomcat web security. Just some adjustments in the web.xml file and create a realm. You can find the wright documentation at the site om tomcat. If you are using a different container something simular is possible.
hope this helps