Acegi Security Framework for Spring is a highly popular enterprise security framework for web applications. It provides lots of authentication and authorization features in very high quality. With the use of Acegi , it is now a practical reality to be able to add security features in your system from ground up without any difficulty.
I have created a new open source project called as acegi-ext. It is located in http://sourceforge.net/projects/acegi-ext. Main aim of acegi-ext project is to provide additional capabilities to Acegi Security Framework, such as declarative management of ACL entries, support of Acegi Security in portal environments, and constraint based security features over role based authorization mechanism. There is also a documentation explaining how to enable Acegi within portlets, and use authentication and aurhorization features in general, including acl management features. Those three addins came into existence after my considerable experiences with Acegi Security in enterprise scale projects.
Acegi-portlet component is to help portlets to use authorization features inside JSR-168 compliant portals. I have already made it work with Liferay Portal 4.2.2 and JBoss Portal 2.6.1 releases. Other portal adaptations are on the way!
Acegi-acl-management is to ease adding, deleting, or updating ACL entries of domain objects while they are manipulated in the system. It does its work using AOP and Java 5 annotations, with a totally declerative fashion in nature.
The third component, namely constraint based security, is still in theory phase. Constraints are features that will be applied over existing user – role relationships.
I will try to improve all those solutions, may be add some other components in the future, and give detailed explanations from here over time. Keep in touch…