On Friday morning, Jim Gellman of the Institute for Systems Biology asked a question on the OpenSSO Users mailing list about OpenSSO/Spring Security (formerly known as Acegi) integration:
We'd like to use opensso with an app that's using Spring Security currently, but we don't have the resources at the moment to develop a module to do this.
Instead we're hoping we can use Spring Security's container adapter for tomcat along with the OpenSSO agent. Does anyone know for sure whether this is a reasonable approach?
I actually have code based on acegi-security 1.0.3 that provides an AuthenticationProvider, LogoutHandler, AuthenticationProcessingFilter, and AuthenticationProcessingFilterEntryPoint. I would be more than happy to donate to OpenSSO extensions if they want it.
How can you refuse an offer like that? Actually, it turns out that Robert had also done some work with Seraph (Atlassian's security framework, used by Jira and Confluence). So, this morning I created two new 'Authentication Provider' OpenSSO Extensions - one for Spring and one for Seraph - and Robert checked in his code. If you've been scratching your head, wondering how to integrate OpenSSO with Spring or Seraph, go check 'em out!