02-22-2010

Ben moved Black Box docs over to the new wiki: http://colusrclxvd1/trac/megatron/.  Started looking at the new slide decks that are in there.  The Eclipse project that came with the slide deck contains a bunch of text files with the extension of .xmlvb.  They appear to XML fragments that are either prototypes or examples of XML that flow thru a system.  One file, Type_V0.xml, is almost DTD-like in that it appears to define types.  The text is in Spanish so it makes it difficult for me to understand exactly what everything is all about.  Ben found an interesting link: LU2 Connectivity with Host Integration Server. 

Continued integrating Spring MVC and Spring Security.  Switched from form-based authentication to Basic authentication.  Have run into an issue.  The Spring docs recommend placing all JSPs into WEB-INF/jsp so that access to those pages from outside the web appliaction is not possible.  There are cases where we want to send the user to a page if the sesssion times out or there are other security related issues.  How should I do that?  Specifying /WEB-INF/foo.jsp does not seem to work.  Do I need to create an Spring MVC binding for those error pages just to get around the visibility issue?  The answer appears to be "yes".

Successfully integrated authentication via OpenID.  Using Google's provider.  Very slick and not hard to set up.  Next step, control access to bean methods.

Adding method-level security seems pretty simple.  Add a @Secured annotation, specifying the valid roles and Spring will check to see if the user is allowed access to run that method.  An "access denied" exception is thrown and you get moved to an error page.

Started using Spring Expression Language in the Spring Security but things ain't working quite right.  I get permission denied from the get go and can't run the app any longer.