Sep 3rd, 2006, 09:50 PM
Acegi Security or Traditional Security
Our company is currently developing a large scale enterprise web application with the spring framework. I am currently evaluating the suitability of using acegi security for our authentication/authorizations needs vs a in-house developed custom authentication/authorizations module (see ps below).
So far I have not found very compelling reasons to use acegi security but I wanted to tap the experiences of developers on this forum on whether :
1) if you used in-house developed custom authentication/authorization module or acegi security for your web application?
2) If you used in-house developed custom module what was the reason? Were you happy with the outcome?
3) If you used acegi, what was the reason ? Were you happy with the outcome?
All your opinions will be greatly appreciated.
Thank you very much.
ps. Our in house authentication/authorization is designed as follows:
Authentication: implemented in our own base controller class which all our controller extends.
Authorizations: implemented in our separate controllers reading access control list in the database.