Crowd 1.5 : Integrating Crowd with Acegi Security
This page last changed on Jun 25, 2008 by smaddox.
Crowd provides centralised authentication and single sign-on connectors for the web security framework Acegi. Acegi provides a modular and highly configurable approach to authentication and authorisation for J2EE applications. The connectors are available with Crowd 1.2 and later and have been developed and tested with Acegi 1.0.5. Please consult the Acegi quick start guide or reference guide for a thorough insight into the Acegi framework. You might also find useful information in our Crowd-Acegi integration tutorial.
Prerequisites
Step 1. Configuring Crowd to Talk to your Acegi ApplicationCrowd needs to be aware that AcegiApp will be making authentication requests to Crowd. In brief, you will need to do the following:
Please see Adding an Application for a detailed guide. Step 2. Installing the Crowd Acegi Connector2.1 Adding the Crowd Acegi Connector to your Acegi ApplicationYou will need to add the Crowd Acegi connector library and its associated dependencies to your Acegi application. You can do this manually by copying over the JAR files to your Acegi application or, if your Acegi application is a Maven project, you can add the Crowd Acegi connector as a project dependency. 2.1.1 Manually Adding the Crowd Acegi Connector Libraries
Copy the Crowd integration libraries and configuration files. This is described in the Client Configuration documentation. You will need to at least copy across the following file to your Acegi application:
2.1.2 Adding the Crowd Acegi Connector as a Maven Dependency
To integrate Crowd with your Maven 2 project, you will need to include the following dependency in your pom.xml: <dependency> <groupId>com.atlassian.crowd</groupId> <artifactId>crowd-integration-client</artifactId> <version>X.X</version> <type>pom</type> </dependency> Because the Crowd libraries are not published to the standard Maven repository, you will need to add Atlassian's public repository: <repositories> <repository> <id>central</id> <url>https://m2proxy.atlassian.com/repository/public</url> <snapshots> <enabled>true</enabled> <updatePolicy>always</updatePolicy> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> </repositories> See more information on Maven 2 integration. 2.2 Configuring the Crowd Acegi Connector PropertiesThe Crowd Acegi connector needs to be configured with the details of the Crowd server.
You can read more about the crowd.properties file. Step 3. Configuring your Acegi Application to Use the Crowd Acegi ConnectorThere are two ways you can integrate your application with Crowd:
First, you will need to add the Crowd client application context to wire up the Crowd beans that manage the communication to Crowd. You can do this by including the applicationContext-CrowdClient.xml Spring configuration file, found in crowd-integration-client.jar. For example, if you are configuring Spring using a context listener, you can add the following parameter in your WEB-INF/web.xml: <context-param> <param-name>contextConfigLocation</param-name> <param-value> ... classpath:/applicationContext-CrowdClient.xml ... </param-value> </context-param> Next, open the applicationContext.xml file relevant to your application, which contains the Acegi configuration. You are likely to have a bean configuration similar to this snippet: <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /images/**=#NONE# /scripts/**=#NONE# /styles/**=#NONE# /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor </value> </property> </bean> 3.1 Configuring Centralised User ManagementPerform the following updates to your Acegi Spring configuration:
3.2 Configuring Single Sign-On (SSO)
Perform the following additional updates to your Acegi Spring configuration:
Step 4. Restarting your Acegi ApplicationBounce your application. You should now have centralised authentication and single sign-on with Crowd. AuthorisationFor the purposes of Crowd integration with Acegi, you should map Acegi's roles to Crowd's groups. To put it another way: in order to use Acegi's authorisation features, users in Crowd will have their Acegi roles specified by their group names. For example if user 'admin' is in the 'crowd-admin' group, then the user 'admin' will be authorised to view pages restricted to the 'crowd-admin' role in Acegi. <!-- authorisation --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /console/secure/**=ROLE_crowd-admin /console/user/**=IS_AUTHENTICATED_FULLY </value> </property> </bean> <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> RELATED TOPICS
|
![]() |
Document generated by Confluence on Sep 04, 2008 00:44 |