Acegi Security: Custom Authentication
2007-05-31 | Categories: Articles, Technology | Tags: foss, security, spring
I’ve been using Acegi Security in several projects with good results. It’s powerful and flexible! Sadly, sometimes, developers have problems when they want to customize it. The code is the best documentation, so, I recommend them to read the code and javadocs. Well, this time I’ll show you how to customize the authentication. I assume a good knowledge of Spring Framework and basic knowledge of Acegi Security.
1: <bean id="authenticationProcessingFilter" 2: class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> 3: <property name="authenticationManager" ref="authenticationManager"/> 4: <property name="authenticationFailureUrl" value="/login.htm?login_error=1"/> 5: <property name="defaultTargetUrl" value="/foobar.htm"/> 6: <property name="filterProcessesUrl" value="/j_acegi_security_check"/> 7: </bean>
You usually define a bean like authenticationProcessingFilter and add it to a chain in the FilterChainProxy bean. With this configuration, you attempt to authenticate when a request to /j_acegi_security_check has been made, delegating the authentication to the authenticationManager bean. If everything is OK, the user is redirected to /foobar.htm otherwise to /login.htm?login_error=1
2006-08-02 | Categories: Articles, Technology | Tags: java, review, security

| Title: | Core Security Patterns |
| Author(s): | Christopher Steel, Ramesh Nagappan, Ray Lai |
| Published: | 2006 |
| Edition: | 1st |
| Editorial: | Prentice Hall |
Exploiting Software – How to break code
2006-08-01 | Categories: Articles, Technology | Tags: books, programming, review, security

| Title: | Exploiting Software – How to break code |
| Author(s): | Greg Hoglund, Gary McGraw |
| Published: | 2004 |
| Edition: | 1st |
| Editorial: | Addison Wesley |







