Announcement Announcement Module
Collapse
No announcement yet.
global-method-security on a roo app Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    For the benefit of the archives, see http://jira.springframework.org/browse/SEC-1232 for a related issue.

    Comment


    • #17
      Roo WebApp

      I'm still trying to get annotation based security work in my Roo webapp without any success. Due to Roo the architecture I want to secure some methods within my Roo Controllers. But all @Secured annotation don't have any effect. Without logging in I'm able to access a mehtod like this one:
      Code:
      	@Secured("ROLE_ADMIN")
      	@RequestMapping(value = "/admin/form", method = RequestMethod.GET)
      	public String createForm(ModelMap modelMap) {
      		return "admin/create";
      	}
      I'm usign Spring Security 3.1.0

      Here is my relevant configuration file: /myApp/src/main/resources/META-INF/spring/applicationContext-security.xml (if more is needed, i'll post it)
      Code:
      	<!-- HTTP security configurations -->
      	<http auto-config="true" use-expressions="true">
      		<remember-me data-source-ref="dataSource" />
      		<form-login login-processing-url="/static/j_spring_security_check"
      			login-page="/login" authentication-failure-url="/login?login_error=t" />
      		<logout logout-url="/static/j_spring_security_logout" />
      
      		<anonymous />
      	</http>
      
      	<!-- Configure Authentication mechanism -->
      	<beans:bean id="passwordEncoder"
      		class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
      	<authentication-manager alias="authenticationManager">
      		<authentication-provider user-service-ref="userProfileDao">
      			<password-encoder ref="passwordEncoder" />
      		</authentication-provider>
      	</authentication-manager>
      
      
      	<global-method-security secured-annotations="enabled" mode="aspectj" />
      
      	<!-- ACL service definitions -->
      
      	<beans:bean id="aclCache"
      		class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
      		<beans:constructor-arg>
      			<beans:bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
      				<beans:property name="cacheManager">
      					<beans:bean
      						class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
      				</beans:property>
      				<beans:property name="cacheName" value="aclCache" />
      			</beans:bean>
      		</beans:constructor-arg>
      	</beans:bean>
      
      	<beans:bean id="lookupStrategy"
      		class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
      		<beans:constructor-arg ref="dataSource" />
      		<beans:constructor-arg ref="aclCache" />
      		<beans:constructor-arg>
      			<beans:bean
      				class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
      				<beans:constructor-arg>
      					<beans:list>
      						<beans:bean
      							class="org.springframework.security.core.authority.GrantedAuthorityImpl">
      							<beans:constructor-arg value="ROLE_ADMIN" />
      						</beans:bean>
      						<beans:bean
      							class="org.springframework.security.core.authority.GrantedAuthorityImpl">
      							<beans:constructor-arg value="ROLE_ADMIN" />
      						</beans:bean>
      						<beans:bean
      							class="org.springframework.security.core.authority.GrantedAuthorityImpl">
      							<beans:constructor-arg value="ROLE_ADMIN" />
      						</beans:bean>
      					</beans:list>
      				</beans:constructor-arg>
      			</beans:bean>
      		</beans:constructor-arg>
      		<beans:constructor-arg>
      			<beans:bean
      				class="org.springframework.security.acls.domain.ConsoleAuditLogger" />
      		</beans:constructor-arg>
      	</beans:bean>
      
      	<beans:bean id="aclService"
      		class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
      		<beans:constructor-arg ref="dataSource" />
      		<beans:constructor-arg ref="lookupStrategy" />
      		<beans:constructor-arg ref="aclCache" />
      	</beans:bean>
      After starting Tomcat the only info I get from org.springframework.security is:

      Code:
      [main] INFO  org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor - Validated configuration attributes
      Any hints for getting the annotation to work in a Roo WebApp?

      Comment


      • #18
        move global-method-security into webmvc-config.xml

        see http://static.springsource.org/sprin...in-web-context

        Comment

        Working...
        X