It was over one year ago that Çağatay developed some JSF components which correspond to Acegi JSP taglib. We were in the same project at that time, and were using Acegi Security Framework extensively. Later, our ways were separated and we focused on different tasks.
Recently, I started work on a new project to enable Acegi Security within portal environments. The result is Acegi Security Extensions Project in which a solution for acegi portlet integration exist. During that project, I developed sample portlets with JSF to illustrate use of Acegi, and wanted to employ acegi-jsf components in them.
Unfortunately, acegi-jsf 1.1.2 was depending on HttpServletRequest object to identify authenticated user. As there is no notion of HttpServletRequest within portlets, a modification was needed to acegi-jsf. 1.1.3 release is out with this modification. From now on acegi-jsf doesn’t depend on HttpServletRequest and can work in portlet environments as well.
Furthermore, with this arrangement you don’t have to configure SecurityContextHolderAwareRequestFilter in filter chain of your Acegi security configuration in your normal web applications. Çağatay had already mentioned it to be fixed in release 1.2, but I decided not to do a major version increment for those fixes as there is no major change in use of components. All change was occured behind the component interfaces, so your JSF pages don’t need any change to work with new release.