Acegi Security Extensions Project

 

Acegi Extensions Project aims to provide additional capabilities to Acegi Security Framework for Spring, such as declarative management of ACL entries, support for Acegi Security in portal environments, constraint based security features over role based authorization mechanism.

Acegi-portlet

 

Acegi-portlet is the project that brings full integration of Acegi Security with JSR-168 compliant portals. It was possible to configure and use only authentication capabilities of Acegi in portals. Due to architectural differences between portlets and servlets, it was not possible to employ Acegi on authorization side of individual portlets deployed so far. With the help of acegi-portlet project, you can now configure Acegi in your portal environment, and use its all of authorization features, protecting portlet requests, method level, and domain instance level security in your portlets individually.

• Acegi-portlet 0.3 is just released! We have reorganized Liferay support, added support for Liferay’s login post event mechanism so that you can keep Liferay authenticating your users, and updated documentation, added quick start sections to help you configure acegi-portlet in your Liferay environment within minutes. You can download related files from here.
• Acegi-portlet 0.2 is out. You can download the related jars now. We have support for Liferay 4.3.2 now, and it is possible to configure Liferay with in memory user authentication for testing purposes.
• Documents
• Acegi Portlet Integration in General
• How to Configure and Use acegi-portlet in Liferay Portal 4.3.2 and 4.2.2
• How to Configure and Use acegi-portlet in JBoss Portal 2.6.1

 

Acegi-acl-management

 

Acegi-acl-management tries to ease management of ACL entries, created, updated or deleted during manipulation of their corresponding domain objects. Acegi Security Framework provides ways to manage those entries, but it is on DAO level. This project provides higher level of mechanism for developers to declare on their service methods what ACL entries are to be created or deleted when a domain object of a related type is processed. Then its AOP based interceptor does the job.

• Download the project
• Documents

o       Declarative Management of ACL Entries

Samples

 

We provide two sample projects to illustrate how to configure and use acegi-portlet in your portlet web applications. Samples include use of acegi-acl-management as well. They are developed for Liferay and JBoss portals specifically as we currently have applied our solution only to those two portals. However, our solution is applicable to any JSR-168 compliant portal. You are welcomed to adapt it to your favorite portal environment.