Page 1 of 1
BroadleafCommerce v2 security changes
Posted: Wed Oct 03, 2012 12:07 am
by pokemon007
I'm in the middle of migrating my v1 based project to v2. It seems v2 changed quite changes in v2 security configuration. It doesn't use Filter Chain anymore, either does it use LocalRedirectStrategy. Can someone give a bit detail on these changes or point me to the documentation that describes this change?
Thank you in advance!
-Charlie
Re: BroadleafCommerce v2 security changes
Posted: Thu Oct 04, 2012 3:26 pm
by aazzolini
The new security settings utilize Spring 3.1 security, which features greatly enhanced configuration.
You can plug into the filter chain by defining a <sec:custom-filter> object (you can see an example of this in the security XML file).
You can also see the redirect strategies that are employed in that XML, and you can definitely configure it however you'd like.
Here are the Spring docs:
http://static.springsource.org/spring-s ... ingle.html
Re: BroadleafCommerce v2 security changes
Posted: Fri Oct 05, 2012 11:27 am
by pokemon007
Thank you for the info. I was looking at admin project that seems using different security method, annotation-based security.
One last question, looking at blAuthenticationSuccessHandler and blAuthenticationFailureHandler in site project's applicationContext-security.xml, I couldn't find where blAuthenticationSuccessRedirectStrategy and blAuthenticationFailureRedirectStrategy are defined in xml or annotated in java module. Am I missing something?
Thank you!
-Charlie
Re: BroadleafCommerce v2 security changes
Posted: Fri Oct 05, 2012 11:35 am
by aazzolini
Re: BroadleafCommerce v2 security changes
Posted: Fri Oct 05, 2012 12:20 pm
by pokemon007
Thank you. It looks the search has some problem.