I’ve seen several implementations of ACEGI on enterprise applications. However, I’ve never setup one myself until earlier today… At first, I was quite frustrated with the spring configuration as none seems to work. After looking at several articles online, I get more frustrated as everyone talks about different syntax.
So, I’ve thought of writing down some documentation on how to make ACEGI work seamless with Spring and Hibernate but then I’ll just be adding more confusion to all available articles on the net. So instead of writing step-by-step instructions, I’ll just give out pointers on how to make your learning experience easier.
Rule #1: Follow the Petclinic examples provided from the build – with the exact build number! It seems that there are name changes in ACEGI on different releases. This means that you could be reading an article about ver. 0.8 which is not applicable on ver.1.0, etc. There are differences even on minor releases (1.0.2 to 1.0.4). So stick with the tutorial that comes with build and copy the spring-config from the tutorial as is.
Rule #2: Understand the security framework. Spend a few hours studying the ACEGI configuration. This will save you time later. I tried implementing ACEGI right away and whenever I get lost, I have to dig around and learn the concepts. I believe that its much easier to read and understand first before beating yourself out… I find this article very helpful: http://www.tfo-eservices.eu/wb_tutorials/pages/spring-acegi-tutorial.php But don’t take the configurations from this tutorial as some have changed since 1.0.2 to 1.0.4. Just learn the concepts and again – USE THE PETCLININC EXAMPLE FROM THE BUILD.
Rule #3: Get ACEGI working using InMemoryDaoImpl. Divide your work by focusing on getting the security features working before integrating this with your user DB or AuthenticationService. This way you can isolate your issue to ACEGI settings only. Note: The PETCLINIC example uses MD5PasswordEncoder for password, you need to disable this by removing PasswordEncoder property in your DaoAuthenticationProvider.
Rule #4: Do not wrap settings on ACEGI properties. ACEGI settings are sensitive on newlines, it will not recognize the text if configurations are wrapped. You cannot remove append the lines nor create newlines… if configuration text is long, leave it as is otherwise, ACEGI will not recognize it. While this may seem obvious, I got caught with this problem when I used auto-format in Eclipse.
Well… This is all I have for now…. good luck learning ACEGI!