VMware offers training and certification to turbo-charge your progress.Learn more
I was cruising the blogosphere today and encountered one of the shortest blogs I've ever read. To quote nearly the entire entry, "Every time you use Acegi, a fairy dies. The sad thing is there really isn't anything better around...".
Between our community forums, developer lists, JIRA, user conference BOFs, training, support, consulting and team blog, we receive a great deal of community feedback. There is little doubt that many people have sought improvements to the Spring Security (formerly Acegi) configuration format, and we've invested a lot of time in making that possible.
As I'll be presenting at next week's Spring Experience conference, Spring Security 2.0.0 M1 features tremendously simplified configuration. You will now be able to add Spring Security to your application by the following three steps:
<filter> <filter-name>_filterChainProxy</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>_filterChainProxy</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
The third and final step requires you to add the new Spring Security 2 namespace to an existing configuration file, or create a new XML file containing your security configuration. For many users, the file will be very short and resemble:
<beans:beans namespace declarations> <annotation-driven /> <http auto-config="true"> <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBER" /> </http> <repository> <user-service hash="md5:hex"> <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR,ROLE_USER" /> </user-service> </repository> </beans:beans>
The above configuration reliably delivers the following capabilities to your web application:
Including the namespace declaration formalities, the above configuration file runs to about 16 lines. The old configuration style would have required around 120 lines of XML for comparable capabilities.
Whilst the configuration improvements are considerable, we also have other features in Spring Security 2.0.0 M1 as well! For one, you now have a choice of storing remember-me tokens in a database, which provides enhanced security. We also have hierarchical role support, which is a kind of granted authority aliasing strategy on steroids. Plus, the long-awaited user management API, NTLM support, portlet integration and much more.
If you'd like to learn more about Spring Security 2, come and see it in action at The Spring Experience. There are three sessions scheduled covering Spring Security 2, including an introduction, coverage of what's new and improved, plus how to use the new portlet security integration. For those of you who can't make it, you will be able to download the first milestone release late next week.
Hopefully these enhancements will save a few fairies.