Announcement Announcement Module
Collapse
No announcement yet.
After ACL Read Authorization Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • After ACL Read Authorization

    I'm attempting to secure my domain objects com.shawmut.model.ui.MenuItem but i'm getting this error seen below. I have secured my service method like so:

    com.shawmut.service.ui.menu.MenuManager.getMenuIte m=ROLE_USER,AFTER_ACL_READ


    I'm specifically concerned with the part that says:

    Code:
    <Looking up: net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentit
    y[Classname: com.shawmut.model.ui.MenuItem$$EnhancerByCGLIB$$bed418bc; Identity: 9]>
    You'll notice the class name is a bit different from the one above.

    Does anyone have any conclusions as to why i'm seeing a different classname?

    I'm pretty sure its because i'm using hibernate. Is acegi AFTER_ACL_READ compatible with Hibernate?



    Code:
    ] attempting to pass to constructor: public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity(java.lang.Object) throws java.lang.IllegalAccessE
    xception,java.lang.reflect.InvocationTargetException>
    2005-12-22 11:30:43,511 DEBUG [net.sf.acegisecurity.acl.basic.BasicAclProvider] - <Looking up: net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentit
    y[Classname: com.shawmut.model.ui.MenuItem$$EnhancerByCGLIB$$bed418bc; Identity: 9]>
    2005-12-22 11:30:43,511 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   ----- ................................ (0)
    >
    2005-12-22 11:30:43,511 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   A---- ...............................1 (1)
    >
    2005-12-22 11:30:43,511 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   -R--- ..............................1. (2)
    >
    2005-12-22 11:30:43,531 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   --W-- .............................1.. (4)
    >
    2005-12-22 11:30:43,531 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   -RW-- .............................11. (6)
    >
    2005-12-22 11:30:43,531 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   ---C- ............................1... (8)
    >
    2005-12-22 11:30:43,531 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   -RWC- ............................111. (14
    )>
    2005-12-22 11:30:43,531 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   ----D ...........................1.... (16
    )>
    2005-12-22 11:30:43,531 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   -RW-D ...........................1.11. (22
    )>
    2005-12-22 11:30:43,541 DEBUG [net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry] - <Valid permission:   -RWCD ...........................1111. (30
    )>
    2005-12-22 11:30:43,561 DEBUG [net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter] - <Access is denied (user is not anonymous); sending back
     forbidden response>

  • #2
    Looks like the mecanism is working. I did notice you are requesting object with id 9, the list with allowed operations on objects does not contain number 9. Maybe that helps.

    Comment


    • #3
      This is an issue. I have logged it in JIRA as http://opensource2.atlassian.com/pro...browse/SEC-154

      Comment

      Working...
      X