Announcement Announcement Module
No announcement yet.
WebExpressionVoter Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • WebExpressionVoter

    Hi -

    I have the following configuration for accessDecisionManager
    <beans:bean id="accessDecisionManager" class=" firmativeBased">
    <beansroperty name="decisionVoters">
    <beans:bean class=" leVoter"/>
    <beans:bean class=" thenticatedVoter"/>
    <beans:bean class=" ression.WebExpressionVoter"/>

    After adding WebExpressionVoter I am getting the following error -
    java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: interface org.aopalliance.intercept.MethodInvocation
    at org.springframework.util.Assert.isTrue( :65)

    What is the correct way to add WebExpressionVoter to accessDecisionManager?

    Thanks in advance

  • #2
    Typically if you want expressions you only need to specify [email protected]=true which will set this up for you automatically. Are you trying to configure web or method security? The AccessDecisionManager you have configured looks like it should be configured against the [email protected] but it appears you have configured it against the [email protected] See the Namepace Appendix for details.

    PS: Please use the code tags when posting configuration, stacktraces, code, etc as this makes it easier to read


    • #3
      Thanks for the reply.
      Using [email protected]=true works perfectly.
      However, I am not using the http namespace since there is no control over the filters.
      Hence using the following
      <beans:bean id="springSecurityFilterChain" class="">
            <security:filter-chain-map path-type="ant">
      <security:filter-chain pattern="/testurl/**" filters="Filter1, Filter2, Filter3" />
      <beans:bean id="filterSecurityInterceptor"
              <beans:property name="authenticationManager" ref="authenticationManager"/>
        		<beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
      	  <beans:property name="securityMetadataSource">
      	    <security:filter-security-metadata-source lowercase-comparisons="true" use-expressions="true">
      		  <security:intercept-url pattern="/**" access="permitAll" />
       <beans:bean id="accessDecisionManager" class="">
      	    <beans:property name="decisionVoters">
      	            <beans:bean class=""/>
      	            <beans:bean class=""/>
      	            <beans:bean class=""/>

      <global-method-security> had reference to accessDecisionManager, after removing that reference the error is resolved.

      Does the <http> namespace provide the option to define multiple filters and maintain the order of invocation?

      Thanks again


      • #4
        You don't have as much control over the Filters with the namespace. However, you can insert custom Filters using the custom-filter element.