Implementation Guide for Oracle Self-Service E-Billing > Customizing User Management >

Customizing Acegi Configuration

You can customize the Acegi configuration in the acegi-security.xml file, found in the EDX_HOME/config/acegi subdirectory (under the application directories for the EAR and WAR files).

The filter defined to handle HTTP form authentication, formAuthenticationProcessingFilter, uses AuthenticationProcessingFilter to process a log in form. This is the most common way to authenticate users. Form-based authentication is entirely compatible with the DAO and JAAS authentication providers.

The following code defines the filter that handles form authentication in the acegi-security.xml file:

<!-- Define filter to handle FORM authentication -->

<bean id="formAuthenticationProcessingFilter"

="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">

<property name="filterProcessesUrl">

<value>/j_acegi_security_check</value>

</property>

<property name="authenticationFailureUrl">

<value>/login.do?login_error=1</value>

</property>

<property name="defaultTargetUrl">

<value>/reportStart.do</value>

</property>

<property name="authenticationManager">

<ref bean="authenticationManager" />

</property>

</bean>

The configured AuthenticationManager processes each authentication request.

If authentication is successful, the resulting Authentication object is placed into the SecurityContextHolder and the browser is redirected to the defaultTargetUrl property. The default target URL is reportStart.do. You can customize the defaultTargetUrl property to a particular target URL (action, jsp, or html).

If authentication fails, AuthenticationException is placed into the HttpSession attribute indicated by AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY, which provides a reason on the error page displayed to the user. If authentication fails, the browser displays the URL in authenticationFailureUrl, which you can also customize.