Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added main page

Browse Source
This commit is contained in:
Carlos Sanchez
2004-10-30 22:48:04 +00:00
parent 928498b53d
commit fc755464f0
2 changed files with 191 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
xdocs/index.html
+191
View File
@@ -0,0 +1,191 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Acegi Security System for Spring</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY>
<p>
This is the Maven generated site for the Acegi-Security project. It is generated as part of an
automated daily build. We intend to expand the information on Acegi which is available here but for
the moment, your best starting point for documentation is Ben Alex's
original <a href="./reference/index.html">reference guide</a>
which provides a comprehensive overview.
</p>
<p>
For more information on running the build with Maven, see the
<a href="./start/build.html">build</a> section of the getting started guide.
</p>
<p>
The main other area of interest at the moment is the <a href="./maven-reports.html">generated reports</a> section.
These are produced by the build on a daily basis and include complete Javadoc and source cross-reference.
</p>
<CENTER>
</CENTER><BR><BR><FONT
face=Arial size=-1>
<CENTER><B>
<HR>
<CENTER>Mission Statement</CENTER></B>
<HR>
<BR>To provide comprehensive security services for <A
href="http://www.springframework.org/"><I>The Spring Framework</I></A>.
</CENTER><BR><B>
<HR>
<CENTER>Key Features</CENTER></B>
<HR>
<BR>
<UL>
<LI><B>It is ready NOW.</B> As explained in the reference guide, the API
is now quite stable. We also use the <A
href="http://apr.apache.org/versioning.html">Apache APR Project
Versioning Guidelines</A> so you can identify backward
compatibility.<BR><BR>
<LI><B>Easy to use:</B> View our samples/quick-start directory for XML
you can simply copy and paste into applicationContext.xml and web.xml.
From there it's easy to customise Acegi Security to your unique security
needs.<BR><BR>
<LI><B>Enterprise-wide single sign on:</B> Using Yale University's open
source <A href="http://www.yale.edu/tp/auth/">Central Authentication
Service</A> (CAS), the Acegi Security System for Spring can participate
in an enterprise-wide single sign on environment. You no longer need
every web application to have its own authentication database. Nor are
you restricted to single sign on across a single web container. Advanced
single sign on features like proxy support and forced refresh of logins
are supported by both CAS and Acegi Security.<BR><BR>
<LI><B>Reuses your Spring expertise:</B> We use Spring application
contexts for all configuration, which should help Spring developers get
up-to-speed nice and quickly.<BR><BR>
<LI><B>Domain object instance security:</B> In many applications it's
desirable to define Access Control Lists (ACLs) for individual domain
object instances. We provide a comprehensive ACL package with features
including integer bit masking, permission inheritence (including
blocking), a JDBC-backed ACL repository, caching and a pluggable,
interface-driven design.<BR><BR>
<LI><B>Non-intrusive setup:</B> The entire security system can operate
within a single web application using the provided filters. There is no
need to make special changes or deploy libraries to your Servlet or EJB
container.<BR><BR>
<LI><B>Full (but optional) container integration:</B> The credential
collection and authorization capabilities of your Servlet or EJB
container can be fully utilised via included "container adapters". We
currently support Catalina (Tomcat), Jetty, JBoss and Resin, with
additional containers easily added.<BR><BR>
<LI><B>Keeps your objects free of security code:</B> Many applications
need to secure data at the bean level based on any combination of
parameters (user, time of day, authorities held, method being invoked,
parameter on method being invoked....). This package gives you this
flexibility without adding security code to your Spring business
objects.<BR><BR>
<LI><B>Secures your HTTP requests as well:</B> In addition to securing
your beans, the project also secures your HTTP requests. No longer is it
necessary to rely on web.xml security constraints. Best of all, your
HTTP requests can now be secured by your choice of regular expressions
or Apache Ant paths, along with pluggable authentication, authorization
and run-as replacement managers.<BR><BR>
<LI><B>Channel security:</B> The Acegi Security System for Spring can
automatically redirect requests across an appropriate transport channel.
Whilst flexible enough to support any of your "channel" requirements (eg
the remote user is a human, not a robot), a common channel security
feature is to ensure your secure pages will only be available over
HTTPS, and your public pages only over HTTP. Acegi Security also
supports unusual port combinations and pluggable transport decision
managers.<BR><BR>
<LI><B>Supports HTTP BASIC authentication:</B> Perfect for remoting
protocols or those web applications that prefer a simple browser pop-up
(rather than a form login), Acegi Security can directly process HTTP
BASIC authentication requests as per RFC 1945.<BR><BR>
<LI><B>Convenient security taglib:</B> Your JSP files can use our taglib
to ensure that protected content like links and messages are only
displayed to users holding the appropriate granted authorities.<BR><BR>
<LI><B>Application context or attribute-based configuration:</B> You
select the method used to configure your security environment. The
project supports configuration via Spring application contexts as well
as Jakarta Commons Attributes.<BR><BR>
<LI><B>Various authentication backends:</B> We include the ability to
retrieve your user and granted authority definitions from either an XML
file or JDBC datasource. Alternatively, you can implement the
single-method DAO interface and obtain authentication details from
anywhere you like.<BR><BR>
<LI><B>Event support:</B> Building upon Spring's
<CODE>ApplicationEvent</CODE> services, you can write your own listeners
for login, invalid password and account disabled events. This enables
you to implement account lockout and audit log systems, with complete
decoupling from Acegi Security code.<BR><BR>
<LI><B>Easy integration with existing databases:</B> Our implementations
have been designed to make it very easy to use your existing
authentication schema and data (without modification).<BR><BR>
<LI><B>Caching:</B> Use our <A
href="http://ehcache.sourceforge.net/">EHCACHE</A> wrapper to cache your
authentication information, or plug in your own cache implementation.
This flexibility means your database (or other authentication
repository) is not repeatedly queried for authentication
information.<BR><BR>
<LI><B>Pluggable architecture:</B> Every critical aspect of the package
has been modelled using high cohesion, loose coupling, interface-driven
design principles. You can easily replace, customise or extend parts of
the package.<BR><BR>
<LI><B>Startup-time validation:</B> Every critical object dependency and
configuration parameter is validated at application context startup
time. Security configuration errors are therefore detected early and
corrected quickly.<BR><BR>
<LI><B>Remoting support:</B> Does your project use a rich client? Not a
problem. Acegi Security integrates with standard Spring remoting
protocols, because it automatically processes the HTTP BASIC
authentication headers they present. Add our BASIC authentication filter
to your web.xml and you're done.<BR><BR>
<LI><B>Advanced password encoding:</B> Of course, passwords in your
authentication repository need not be in plain text. We support both SHA
and MD5 encoding, and also pluggable "salt" providers to maximise
password security.<BR><BR>
<LI><B>Run-as replacement:</B> The security system fully supports
temporarily replacing the authenticated user for the duration of the web
request or bean invocation. This enables you to build public-facing
object tiers with different security configurations than your backend
objects.<BR><BR>
<LI><B>Unit tests:</B> A must-have of any quality security project, unit
tests are included. Clover coverage is currently 98.3%.<BR><BR>
<LI><B>Container integration tests:</B> To ensure the security project
properly operates with major container versions, we provide an
integration test system that deploys those containers from scratch and
fully tests our sample web application from the perspective of a HTTP
client.<BR><BR>
<LI><B>Supports your own unit tests:</B> We provide a number of classes
that assist with your own unit testing of secured business objects. For
example, you can change the authentication identity and its associated
granted authorities directly within your test methods.<BR><BR>
<LI><B>Peer reviewed:</B> Whilst nothing is ever completely secure,
using an open source security package leverages the continuous design
and code quality improvements that emerge from peer review.<BR><BR>
<LI><B>Thorough documentation:</B> All APIs are fully documented using
JavaDoc, with a 40+ page reference guide providing an easy-to-follow
introduction.<BR><BR>
<LI><B>Apache license.</B><BR><BR></LI></UL><BR><B>
<HR>
<CENTER>Project Resources</CENTER></B>
<HR>
<BR>
<CENTER><A href="http://forum.springframework.org/"><B>Support
Forums</B></A><BR><BR><A
href="http://sourceforge.net/project/showfiles.php?group_id=104215"><B>Downloads</B></A><BR><BR><A
href="http://www.monkeymachine.co.uk/acegi">Public Maven Build (Javadocs,
Source Code etc)</A><BR><BR><A
href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity">Browse
CVS</A><BR><BR><BR><B>
<HR>
<CENTER>Development Mailing List</CENTER></B>
<HR>
<BR><A
href="https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer">Subscribe
Here</A><BR><BR><A
href="http://news.gmane.org/gmane.comp.java.springframework.acegisecurity.devel/">Gmane
Archive</A><BR><BR><A
href="http://www.mail-archive.com/acegisecurity-developer@lists.sourceforge.net/">Mail-archive.com
Archive</A><BR><BR><BR><A
href="http://sourceforge.net/projects/acegisecurity"><IMG height=31
alt="SourceForge.net Logo"
src="Acegi Security System for Spring_archivos/sflogo.png" width=88
border=0></A> </CENTER></FONT>
</BODY></HTML>
xdocs/index.xml
-30
View File
@@ -1,30 +0,0 @@
<?xml version="1.0"?>
<document>
<properties>
<title>Acegi Security System for Spring</title>
<author>Luke</author>
</properties>
<body>
<section name="Acegi Security System for Spring">
<p>
This is the Maven generated site for the Acegi-Security project. It is generated as part of an
automated daily build. We intend to expand the information on Acegi which is available here but for
the moment, your best starting point for documentation is Ben Alex's
original <a href="./reference/index.html">reference guide</a>
which provides a comprehensive overview.
</p>
<p>
For more information on running the build with Maven, see the
<a href="./start/build.html">build</a> section of the getting started guide.
</p>
<p>
The main other area of interest at the moment is the <a href="./maven-reports.html">generated reports</a> section.
These are produced by the build on a daily basis and include complete Javadoc and source cross-reference.
</p>
</section>
</body>
</document>