Feb 2nd, 2006, 10:27 AM
Newbie question, i.e., how to get authentication to work...
Hi, I am exploring the possibilities of changing our EJB/J2EE based system to be running on Spring&Acegi&Tomcat as soon as possible. I got easily to the point in which I converted my demo EJB and its client to a Spring framework based servlet and a corresponding client utilising HttpInvokerProxyFactoryBean. The ultimate goal is to have a java CLI client (a former EJB client) that can call methods from a server class residing inside a servlet (a former EJB) + A&A for the server side (and here authorisation is needed at method-level, just like in J2EE); no WebUIs are in the picture.
The first part of the goal is OK, but unfortunately I haven't had time yet to go beyond the first A, so the first question is how to get authentication working properly? I have in my servlet's web.xml these spring/acegi related items:
and in the security.xml these entries:
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
<bean id="JAASAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthen ticationProvider">
<bean class="org.acegisecurity.providers.jaas.JaasNameCa llbackHandler"/>
<bean class="org.acegisecurity.providers.jaas.JaasPasswo rdCallbackHandler"/>
Should this be enough for enabling authentication using my own JAAS modules or am I missing some important entries? Anyway, my servlet does not even start in Tomcat with these configurations and I have not been able to pinpoint the exact cause for the failure. Furthermore, it starts and works OK (however, with no security) if I comment out the above entries in the security.xml. All classes are found properly (at least I do not see any related errors in the logs, but I do see that the acegi classes are at least loaded) - so I am a bit puzzled here. Should this even work? The next question would then be how to configure authorisation most easily, i.e., how to most easily duplicate what ejb-jar.xml is doing for EJBs?
I would very much appreciate advice - and perhaps even clear howtos, if that is not asking too much - on the subject, although I am probably asking the very stupid and basic question (my deep apologies for that). Or is there a good and _simple_ example application showing how to convert a basic CLI client-server system + especially the A&A from the J2EE world to the Spring/Acegi world?