1. Acegi is indeed a versatile, very flexible, but/and/though complex security framework.
IMHO, the reference documentation is *almost* out of reach for newcomers, and the reference contacts example *absolutely* out of reach. Both are however absolutely necessary: we have to have a reference doc and a reference example.
The reference doc (parts of it) is alas out of sync with the API, for instance *SecurityEnforcementFilter* is still used throughout the doc while it no longer exists.
2. To further promote Acegi in my organisation I had to write a tutorial intended to newcomers. Currently I have two contrived samples working with Acegi 1.0: "ATI-Acegi-Web1" and "ATI-Acegi-Method1". I plan to add a sample featuring ACLs, and extending these basic samples with more advanced features later on.
"ATI-Acegi-Web1" features the simplest web app:
- URLs are protected via FilterSecurityInterceptor
- Authentication is performed the simplest way via InMemoryDaoImpl in the config file
"ATI-Acegi-Method1" features the simplest sample to protect methods:
- Methods are protected via MethodSecurityInterceptor
- Authentication is performed via InMemoryDaoImpl
Please find attached these 2 samples without the JARs (which are listed in WEB-INF\lib\README.txt and available in the contacts sample).
Nota: Although "ATI-Acegi-Method1" is not a web application, the JARs are kept in WEB-INF\lib as well, so that I may use the same "build.xml" file for both samples.
- [ati-acegi-web1-1.0-nolib.zip] contains the deployed webapp
- [ati-acegi-method1-src-1.0-nolib.zip] contains the Java classes and TestCase to protect methods.
Currently the explanation of these samples is in... French.
Should you be interested in it, I might export my Confluence (excellent wiki!) pages to PDF or HTML.
The samples are however so contrived that one could easily do without further explanation.
If I someone is interested in hosting the samples, I might provide the (small) Eclipse projects also.
Hope this help.