Hi Ruben, I wanted to give you an answer, even though it isn’t a good one :-)
I’m very familiar with both spring security and magnolia CMS, but have never used them in the same project – I would be *very* interested to hear how it works out for you. The first question I have is why do it at all? Magnolia itself has a comparable security setup to spring security: - All of Magnolia is implemented as a big filter chain - There is a LoginFilter with LoginHandlers which roughly correspond to the AuthenticationFilters and AuthenticationProviders - There is a ClientCallbackFilter which roughly corresponds to the AuthenticationEndpoint - There is a UrlSecurityFilter and ContentSecurityFilter which correspond roughly to AccessDecisionManager - There is a UserManager which acts like a UserDetailSource So depending on your needs, it might be easier just to work within magnolia? If you have to use spring security, I would examine how the blossom module works exactly in conjunction with Magnolia (I don’t really know Blossom). It will have its own filters it configures into magnolia’s filter chain. It should be possible to add a filter which defers to the spring security filter chain and does the spring login in the normal way. After that you could write a custom LoginFilter for Magnolia which just takes the user infos from the SecurityContext. By having a MagnoliaUserDetailsSource on the spring side, or a SpringUserManager on the magnolia side you should be able to integrate the user databases, and arrive at a pretty nice solution… I think the challenge will be solving the interactions between magnolia’s filter chain and spring regarding the session. For example, Magnolia’s LoginFilter likes to kill the session and create a new one when you log in. Please let me know how it goes, I would be interested! Regards from Vienna, Richard Von: user-list-ow...@magnolia-cms.com [mailto:user-list-ow...@magnolia-cms.com] Im Auftrag von Ruben Manrique Gesendet: Freitag, 20. Februar 2015 23:39 An: user-list@magnolia-cms.com Betreff: [magnolia-user] Spring Security in Magnolia. Hey all, I am currently trying to figure out how to incorporate spring security into magnolia. The only things that I am finding out there seem to be a bit dated and using older versions. For this project we would be using magnolia 5.3.7, blossom 3.0.5, spring 3.2.8 and spring security 3.2.5. Is there any good information out there for a good starting point? Thanks in Advance. Ruben [Das Bild wurde vom Absender entfernt. Crescendo Collective]<http://crescendocollective.com/> Ruben Manrique<mailto:rmanri...@crescendocollective.com> Developer P:414.431.0800 F:414.751.1388 131 W Seeboth St. Suite #301 Milwaukee, WI 53204<http://goo.gl/ueUbwv> ________________________________ ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <user-list-unsubscr...@magnolia-cms.com> ---------------------------------------------------------------- ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <user-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------
