Announcement Announcement Module
Collapse
No announcement yet.
<security:accesscontrollist> doesn't do anything Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • <security:accesscontrollist> doesn't do anything

    Hi everybody,

    So I have the following code in my xhtml page that does absolutely nothing
    <security:accesscontrollist hasPermission="7" domainObject="#{handler.article}">
    ..... button
    </security:accesscontrollist>

    From what I understand the button should only be showed if my user has the requested right for that object. Well the button is shown for all users which shouldn't be the case.
    Another thing I don't get and haven't been able to find a clear answer about is:
    aren't my ACLDecissionManager and the ACLVoters supposed to be called for this tag? Because in my case they aren't.

    Could you please help me out with this problem.

    Thanks!

  • #2
    AccessControlListTag class not getting called

    Ok ... so I've debugged the application and the AccessControlListTag class is never called. Does anybody know what the problem could be?

    here is my config for the acls:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns="http://www.springframework.org/schema/p"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schem...-beans-3.1.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schem...ontext-3.1.xsd
    http://www.springframework.org/schema/tx
    http://www.springframework.org/schem...ing-tx-3.1.xsd
    http://www.springframework.org/schema/util
    http://www.springframework.org/schem...g-util-3.1.xsd
    http://www.springframework.org/schema/aop
    http://www.springframework.org/schem...ng-aop-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:global-method-security
    secured-annotations="enabled"
    access-decision-manager-ref="aclDecisionManager" >
    </security:global-method-security>

    <!-- ACL Service -->
    <bean class="de.localprj.acl.service.MyJdbcMutableAclSer vice" id="mutableAclService">
    <constructor-arg ref="dataSource"/>
    <constructor-arg ref="lookupStrategy"/>
    <constructor-arg ref="aclCache"/>
    </bean>

    <bean class="de.localprj.acl.util.MyACLLookupStrategy" id="lookupStrategy">
    <constructor-arg ref="dataSource"/>
    <!-- Ehcache -->
    <constructor-arg ref="aclCache"/>
    <constructor-arg ref="aclAuthorizationStrategy"/>
    <constructor-arg ref="aclAuditLogger"/>
    <!-- custom permisison factory -->
    <property name="permissionFactory" ref="myPermissionFactory"/>
    </bean>
    <bean class="de.localprj.acl.util.MyACLPermissionFactory " id="myPermissionFactory"/>

    <!-- ACL Caching -->
    <bean id="aclCache" class="org.springframework.security.acls.domain.Eh CacheBasedAclCache">
    <constructor-arg>
    <bean class="org.springframework.cache.ehcache.EhCacheFa ctoryBean">
    <property name="cacheManager">
    <bean class="org.springframework.cache.ehcache.EhCacheMa nagerFactoryBean"/>
    </property>
    <property name="cacheName" value="aclCache"/>
    </bean>
    </constructor-arg>
    </bean>

    <!-- ACL Authorization Strategy -->
    <bean class="org.springframework.security.acls.domain.Ac lAuthorizationStrategyImpl" id="aclAuthorizationStrategy">
    <constructor-arg>
    <array>
    <ref local="aclAdminAuthority"/>
    <ref local="aclAdminAuthority"/>
    <ref local="aclAdminAuthority"/>
    </array>
    </constructor-arg>
    </bean>

    <!-- ACL Audit Logger -->
    <bean class="org.springframework.security.acls.domain.Co nsoleAuditLogger" id="aclAuditLogger"/>

    <bean class="org.springframework.security.access.vote.Af firmativeBased" id="aclDecisionManager">
    <property name="allowIfAllAbstainDecisions" value="false" />
    <property name="decisionVoters">
    <list>
    .......
    </list>
    </property>
    </bean>

    ....

    <bean class="org.springframework.security.core.authority .GrantedAuthorityImpl" id="aclAdminAuthority">
    <constructor-arg value="ROLE_ADMIN"/>
    </bean>



    </beans>

    Comment


    • #3
      Sounds like you do not have the jsp tag library setup correctly. Is spring-security-taglibs-<version>.jar in your lib folder and does it match the other versions of spring-security jars?

      Comment


      • #4
        I have the spring-security-taglibs-3.1.0RC2 in my libs project and it matches the rest of the libraries ans their version (all are 3.1.0RC2 spring security).

        I have a question regarding what you said: "Sounds like you do not have the jsp tag library setup correctly."
        What do you mean by that? I am actually using xhtml pages not jsp pages but thought the tag should work in both cases.

        Configuration looks like this

        ...
        xsi:schemaLocation="http://www.springframework.org/schema/beans

        http://www.springframework.org/schem...-beans-3.1.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schem...ontext-3.1.xsd
        http://www.springframework.org/schema/tx
        http://www.springframework.org/schem...ing-tx-3.1.xsd
        http://www.springframework.org/schema/util
        http://www.springframework.org/schem...g-util-3.1.xsd
        http://www.springframework.org/schema/aop
        http://www.springframework.org/schem...ng-aop-3.1.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd"
        ...

        xhtml File:
        ...
        xmlns:security="http://www.springframework.org/schema/security"
        ...
        <security:accesscontrollist hasPermission="7" domainObject="#{handler.article}">
        button
        </security:accesscontrollist>


        What am I doing wrong?

        Thanks

        Comment

        Working...
        X