Acegi security framework (Java)

From Wikipedia, the free encyclopedia

Acegi Security is a Java/Java EE framework that provides authentication, authorization and other security features for enterprise applications built using the Spring Framework (Java). The project was started in late 2003 by Ben Alex, with it being publicly released under the Apache License in March 2004. Acegi Security is an official Spring sub-project, with commercial support and training available from Interface21.

Contents 1 Key Authentication Features 2 Key Authorization Features 3 Instance-Based Security Features 4 Other Features 5 External links

[edit] Key Authentication Features

• Ldap (using both bind-based and password comparison strategies) for centralization of authentication information.
• Single sign-on capabilities using the popular Central Authentication Service.
• JAAS LoginModule, a standards-based method for authentication used within Java.
• Basic authentication as defined through the IETF Request for Comments 1945 standard.
• Digest authentication as defined through the IETF Request for Comments 2617 and RFC 2069 standard.
• X.509 client certificate presentation over the Secure Sockets Layer standard.
• CA Inc SiteMinder for authentication (a popular commercial access management product).
• Su (Unix)-like support for switching principal identity over a HTTP or HTTPS connection.
• CAPTCHA support for detecting human users.
• Run-as replacement, which enables an operation to assume a different security identity.
• Anonymous authentication, which means that even unauthenticated principals are allocated a security identity.
• Container adapter (custom realm) support for Apache Tomcat, Resin, Jboss and Jetty (web server).
• Windows' NTLM to enable browser integration (experimental).
• Tivoli Access Manager, which is a popular commercial access management product (experimental).
• Web form authentication, similar to the Servlet container specification.
• "Remember-me" support via HTTP Cookies.
• Concurrent session support, which limits the number of simultaneous logins permitted by a principal.
• Full support for customization and plugging in custom authentication implementations.

[edit] Key Authorization Features

• AspectJ method invocation authorization.
• AOP Alliance method invocation authorization, which is used internally by Spring Framework (Java).
• HTTP authorization of web request URLs using a choice of Apache Ant paths or regular expressions.

[edit] Instance-Based Security Features

• Used for specifying Access control lists applicable to domain objects.
• Acegi Security offers a repository for storing, retrieving and modifying ACLs in a database.
• Authorization features are provided to enforce policies before and after method invocations.

[edit] Other Features

• Software localization so user interface messages can be in any language.
• Channel security, to automatically switch between HTTP and HTTPS upon meeting particular rules.
• Caching in all database-touching areas of the framework.
• Publishing of messages to facilitate event-driven programming.
• Support for performing integration testing via JUnit.
• Acegi Security itself has comprehensive JUnit isolation tests.
• Several sample applications, detailed JavaDocs and a reference guide.
• Web framework independence.

[edit] External links

• Official site
• Download locations
• A tutorial in French