On Sat, Feb 14, 2009 at 3:00 PM, Luther Baker <lutherba...@gmail.com> wrote:
> Is anyone aware of a code example integrating JSecurity with Tapestry5? I just started integrating jsecurity with T5 for use in Trails and T5 apps in general, but it'll take a while. I'm a bit put off by the ACEGI stuff ... but honestly not looked into it. Is > there a Tapestry consensus to just use that approach? > > It depends on your needs. Acegi is just as de facto standard as Spring is, but it's cumbersome (just the same way as Spring is), and not so nice to extend. In any case it's way better than CMA (Container Managed Authentication). If you need dynamic roles or rule set or instance-based security, Acegi is not a good choice. There are various smaller annoyances I've had with it, like default system-wide salt source (just doesn't make sense if you have a db), half-baked remember me, default implementation requires roles to be named ROLE_* etc. If you want basic security for your pages and operations in them with defined roles, it'll work for you and tapestry-spring-security makes it easy to use it ( http://www.localhost.nu/java/tapestry-spring-security/). Kalle
