I was just wondering what security framework is being used in Alfresco? Is it Acegi Security framework? If so, can you please share your experience in using Acegi Security framework.
We do use some bits of acegi: - to store the security context; - for some authentication routes; - to provide the framework for security enforcement around method invocations.
We do not use acegi to store authorities on the authentication context. We have some dynamic authorities - such as owner.
We persist ACLs in hibernate
We have our own filters etc to do authentication from the web client.
The bits I have used have been good. The method protection is very annoying when executing unprotected/new methods added to the API as it resets the security context (if you forgot to go and add the security config), which produces a delayed error.
Without some context for your query, that is about all I can offer.
See the Wiki docs if you want more general information.
