Originally posted by Vinicius Boson: Hi Craig Walls and Ryan Breidenbach.
What does "Spring in Action " cover about security using Spring ? Does it cover acegi ? What�s the diference between acegi and a ejb container�s security ?
"Spring in Action" does cover Acegi. The coverage is focused on what was available in Acegi when we wrote it...Acegi has evolved a little bit since then, though.
EJB security focuses on controlling access to an EJB's methods. Acegi provides the same sort of control to a POJO, via Spring AOP. But that's not all...
Acegi extends that control out to the web-layer by providing access control around servlet-based web requests, using servlet filters. (Notice that I didn't say Spring MVC-based requests...Acegi can be used to secure any servlet-based web application.)
Acegi also provides a flexible framework for authentication, allowing you to easily choose between HTTP Basic authentication, form-based authentication, or even use Yale CAS for single sign-on authentication. But if none of those suit your needs, Acegi is highly interface-based, so you're welcome to provide your own authentication mechanism by implementing Acegi interfaces.
And there's more to Acegi, but I don't want to waste a lot of space here repeating what our book and Acegi's own documentation already adequately spell out. In short, Acegi provides a flexible security framework around POJOs and/or servlets.