how to use acegi in legacy system　？

**chinofish** · Jun 22nd, 2006, 12:52 AM

There is a legacy system which was founded 3 years ago. certainly the system did not user spring as it's container.

now i want to add security function into the legacy system, may i do the job based on Acegi ?

the security requirement includes method inception except for url filter !

is there any examples ? thanks a lot !!!!!!

**katentim** · Jun 22nd, 2006, 05:32 AM

the security requirement includes method inception

Sounds like a good fit for Acegi.

is there any examples ?

There's the contacts sample which demonstrates many features, and the simpler tutorial, both in the 1.0.0 distribution.

**igotmilk** · Jun 22nd, 2006, 09:15 AM

To add to Kats statement, Acegi can be used even if you application does not use Spring. The security context gets loaded from the web config using the ContextLoaderListener.

**chinofish** · Jun 22nd, 2006, 11:38 AM

Originally Posted by katentim

Sounds like a good fit for Acegi.

There's the contacts sample which demonstrates many features, and the simpler tutorial, both in the 1.0.0 distribution.

i have read contact & tutorial in detail, and i found that method inceptor security can not run because legacy system has no ability of aop which equipped with spring.
How can i judge authority without method interception ?

**igotmilk** · Jun 22nd, 2006, 01:28 PM

You application does not have to be Spring-ified, however if you want to use Acegi you will need to add the Spring jars to your project.

**chinofish** · Jun 23rd, 2006, 07:24 AM

Originally Posted by igotmilk

You application does not have to be Spring-ified, however if you want to use Acegi you will need to add the Spring jars to your project.

when my application is not Spring-ified (such as a legacy app), i can handle filterInvocationInterceptor, as follows:

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
</bean>

however, i can not handle methodSecurityInterceptor because there is no method intercept machine in legacy system. maybe aspectJ ? and furthermore acl implementation also need method interceptor . so how can i make most use of the power of ACEGI in legacy system ?? It's a question !!

<bean id="methodSecurityInterceptor"
class="org.acegisecurity.intercept.method.aopallia nce.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean
class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
org.springframework.samples.petclinic.Clinic.*=IS_ AUTHENTICATED_REMEMBERED
org.springframework.samples.petclinic.Clinic.store Visit=ROLE_SUPERVISOR
</value>
</property>
</bean>

Thread: how to use acegi in legacy system　？

Thread Tools

Display