Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
None
-
0.7.5
-
None
-
true
Description
Hi guys,
I recently had a quick chat about this with Mike on irc (nickname was greg-, was on #codehaus): I needed a user authentication/authorization framework. Acegi looks very promising but is really complex. Seraph, on the other hand, probably has some flaws but is very simple! But it uses osuser. I need to use my own user DAOs. Nevermind, seraph should be pretty easy to integrate. Well, that was without counting that my DAOs are fully IOC'd (I'm using pico and cdi), and that they only depend on an hibernate Session.
Mike suggested that maybe the hibernate Session was ThreadLocal'd. I checked, it is not (That is, when using nanocontainer-hibernate, which is my case). So I looked at IOC'ing seraph. The main problem was - don't take this as free criticism - the usage of the SecurityConfig singleton all over the place. I ended up having to modify a few lines in seraph's original code: mostly very limited, like replacing the singleton calls with a protected method and subclassing these with added constructor dependency injection.
I also had to build a sort of filter proxy for picocontainer, much like acegi's FilterToBeanProxy.
I feel the few changes I had to make to seraph are pretty minimal - all in all, added some protected getter methods and very little other tricks which might even improve separation of concerns a tiny bit. You've probably noticed the patch in attachment. Have a look at it and tell me what you think. (You'll also notice I cheated with the logout interceptors. Still need to figure out what to do there)
Please tell me what you think about all this, if you'd be at all interested to apply my contrib to seraph, ... I'll try to complete the patch - fixing the logout interceptors issue - tomorrow, and if you like the idea, I'll upload it here too.
You can also have a glance at the customized stuff I made:
The seraph related stuff : https://swaf.dev.java.net/source/browse/swaf/swaf-tools/seraph/src/java/net/incongru/swaf/security/seraph/
The pico filter proxy : https://swaf.dev.java.net/source/browse/swaf/swaf-skeleton/src/java/net/incongru/pico/PicoFilterProxy.java?rev=1.3&content-type=text/vnd.viewcvs-markup
I just now completely cleaned up "my" filters - they were rough copies of the original instead of subclasses. They should still work but I won't be able to test'em until tomorrow 
I wish there'd been a mailing list to which i could have posted this - I know about the forums but 1/ couldn't get my login-pass back 2/ they don't seem very much used?
Thanks for reading anyways, cheers,
greg
