April 12, 2007

Clustering Acegi

Acegi is a well known security framework. Some really good features:
  • method level based security configuration
  • url level auth configuration
  • easy login mechanism
  • so on.
But there only one point that is missing in current version (1.0.3) distributable SessionRegistry, in fact there is one implemantion to this interface but it do not support multiple JVM.This is used for concurrent access with username.

Quick Fix:
replace the Maps in SessionRegistryImpl with your distributable caching mechanism (can be ehcache,oscache,vs) and reimplement it. Or you can use some JMS mechanism to fix this cap but it should be used only in complex architectures.

Acegi Concurrent Setup:

<bean id=" org.acegisecurity.concurrent.SessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"/> <bean id="org.acegisecurity.concurrent.ConcurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl"> <property name="maximumSessions"> <value>1</value> </property> <property name="sessionRegistry"> <ref local="org.acegisecurity.concurrent.SessionRegistry"/> </property> <property name="sessionRegistry" ref="org.acegisecurity.concurrent.SessionRegistry"/> </bean> <bean id="org.acegisecurity.AuthenticationManager" class="org.acegisecurity.providers.ProviderManager "> <property name="providers"> <list> <ref local="org.acegisecurity.providers.dao.DaoAuthenticationProvider"/> <ref local="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"/> </list> </property> <property name="sessionController" ref="org.acegisecurity.concurrent.ConcurrentSessionController "/> </bean> <bean id="org.acegisecurity.concurrent.ConcurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter "> <property name="sessionRegistry" ref="org.acegisecurity.concurrent.SessionRegistry"/> <property name="expiredUrl" value="/myself/"/> </bean>




And add org.acegisecurity.concurrent.ConcurrentSessionFilter to your filter list

PS:
check my new blog Clustering Acegi via JGroups (DistributedHashtable)

No comments: