October 2006 – Page 2 – Kev's Development Toolbox

October 25, 2006

Understanding Acegi’s FilterSecurityInterceptor and URL matching

The ‘CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON’ parameter to FilterSecurityInterceptor means exactly that – URLs are converted to lower case for comparison with the patterns that you define.

If you use CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON, then make sure all the URL patterns you specify are also in lower case, otherwise you will never get a match. This seems obvious, but it took me several hours of trial and error before I spotted what was not working in my configuration.

For example, take this snippet of configuration:

<code>
    &lt;bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt;
        &lt;property name="authenticationManager"&gt;
        &lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
        &lt;property name="accessDecisionManager"&gt;
        &lt;ref bean="accessDecisionManager"/&gt;&lt;/property&gt;
        &lt;property name="objectDefinitionSource"&gt;
            &lt;value&gt;
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /acegilogin.jsp*=ROLE_ANONYMOUS, ROLE_ADMIN
                /=ROLE_ANONYMOUS, ROLE_ADMIN
                /index.jsp=ROLE_ANONYMOUS, ROLE_ADMIN

                /item/show/**=ROLE_ANONYMOUS, ROLE_ADMIN
                /item/list/**=ROLE_ANONYMOUS, ROLE_ADMIN
                /item/doSomeOtherThing=ROLE_ANONYMOUS, ROLE_ADMIN
                ...
    &lt;/bean&gt;
</code>

The URL ‘/item/doSomeOtherThing’ is never going to be matched, since the incoming URLs for comparison are converted to lowercase by the CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON instruction.

October 25, 2006

History behind Struts 1 and Struts 2

Don Brown has an interesting article on OnJava.com on the history behind Struts 1 (the original Struts framework), Struts Shale (based on JSF), and Struts 2 , which has been based on WebWork 2.

If you’re confused as to what is going on in the Struts world then this article is an interesting read to bring you up to date.

October 25, 2006

Firefox 2 beats IE7 on Security and new features

CNET have a review of the latest Firefox 2 browser, and in a comparison with IE7 say that Firefox 2’s Security and other features are better than what is being offered in the latest IE7 from Microsoft.

Some of the new features include the ability to arrange tabs when browing multiple sites, restore the state of tabs if the OS crashes, and reopen a tab if you accidentally close it. Live Titles is another new interesting feature which allows websites to send updates to your bookmarks (RSS for bookmarks?), so for example if you have a news website bookmarked, when you view your bookmark for this site it will display a summary of the latest headline from the site.

October 24, 2006

‘Ruby for Rails’ – learning Ruby in order to get the most out of Ruby on Rails

The Register has a short book review of the new book ‘Ruby for Rails’ which aims to be a quickstart guide and an introduction to Ruby aimed at developers wanting to learn Ruby on Rails.

I have been interested in the ‘Convention over Configuration’ approach made popular by Ruby on Rails and so was keen to pick up Rails and take a look, but I must admit, I found it hard to move from my mainly Java programming background to Ruby, since the syntax is very different between the two languages. This book looks like it could be a big help for other people interested in learning Ruby on Rails, but struggling with the Ruby language.

Of course an excellent alternative for Java developers and the Java platform is Grails, which is based on all the benefits of the RoR approach, but implemented using Groovy scripting language and runs directly on the Java platform…