Announcement Announcement Module
Collapse
No announcement yet.
IP-based roles without login screen Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP-based roles without login screen

    Update I have solved the problem, the DelegatingFilterProxy was missing in that project Please close
    ----------------


    I am working on a new project where we want to assign Spring security roles according to their IPs and use those roles in the intercept-url 'access' command. That project will not have any interface, it's just a simple m2m machine.

    The problem I have is that my access decision manager is not called (my ipAuthenticationEntryPoint isn't called either). It doesn't matter if I use <intercept-url pattern="/**" access="denyAll" /> or check with hasRole for the role, in both cases I can access any page and the access decision manager is not called...

    Do you have any idea what's wrong or how I could accomplish what I want? It works flawlessly in one of my other projects, but there I have a normal login screen etc.

    Thank you in advance

    PHP Code:
    <?xml version="1.0" encoding="UTF-8"?>

    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

        <http auto-config="false" use-expressions="true" entry-point-ref="ipAuthenticationEntryPoint"
            access-decision-manager-ref="accessDecisionManager" 
            disable-url-rewriting="true">

            <!-- <intercept-url pattern="/test" access="hasRole('IP_LOCAL')"
                method="POST" /> -->

            <intercept-url pattern="/**" access="denyAll" />

        </http>

        <beans:bean id="ipAuthenticationEntryPoint"
            class="com.myproject.security.IpAuthenticationEntryPoint">
        </beans:bean>
        
        <authentication-manager />

        <beans:bean id="accessDecisionManager"
            class="org.springframework.security.access.vote.AffirmativeBased">
            <beans:property name="decisionVoters">
                <beans:list>
                    <beans:bean class="org.springframework.security.access.vote.RoleVoter" />
                    <beans:bean class="com.myproject.security.IpAddressVoter" />
                    <beans:bean class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
                </beans:list>
            </beans:property>
        </beans:bean>

    </beans:beans>
    Last edited by Clemensl; Oct 24th, 2012, 09:36 AM. Reason: [solved]
Working...
X