Announcement Announcement Module
Collapse
No announcement yet.
filterInvocationInterceptor not matching as excpected Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • filterInvocationInterceptor not matching as excpected

    (Using Acegi 0.9.0 -- Spring 1.2.7)
    In general, the url filter is working as expected but there is one url that is being blocked and I can't figure out why.

    The url is: /userscreens/spring/billingfile?filename=/home/interface/datafeeds/vendors/0001/10_22_051806114441.pdf

    I am expecting it to match:
    /userscreens/spring/billingfile**=ROLE_BILLADMIN

    But it's not:
    Code:
    2006-05-18 11:44:52,329 DEBUG [net.sf.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - Candidate is:'/userscreens/spring/billingfile?filename=/home/interface/datafeeds/vendors/0001/10_22_051806114441.pdf'; pattern is /userscreens/spring/billingfile**; matched=false
    Am I missing something? Thank you in advance!


    Here is the filterInvocationInterceptor bean definition here:

    Code:
    <!--  Defines access to web resources based on role -->
    	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager">
    			<ref bean="authenticationManager" />
    		</property>
    		<property name="accessDecisionManager">
    			<ref bean="accessDecisionManager" />
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				<![CDATA[			
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT 
    				/userscreens/spring/finalizedocuments**=ROLE_PHYSICIAN,ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/signall**=ROLE_PHYSICIAN
    				/userscreens/spring/assumeidentity**=ROLE_ASSUMEIDENTITY
    				/userscreens/spring/attachorphan**=ROLE_DATAADMIN
    				/userscreens/spring/resendtochartscript**=ROLE_DATAADMIN
    				/userscreens/spring/assignphysician**=ROLE_DATAADMIN
    				/userscreens/spring/unassignphysician**=ROLE_DATAADMIN
    				/userscreens/spring/assigndictatingphysician**=ROLE_DATAADMIN
    				/userscreens/spring/detachdocument**=ROLE_DATAADMIN
    				/userscreens/spring/deletedocument**=ROLE_DATAADMIN
    				/userscreens/spring/savedocumentchanges**=ROLE_PHYSICIAN
    				/userscreens/spring/geticd9description**=ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/getcptdescription**=ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/savecodes**=ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/cancelcoding**=ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/facesheetreport**=ROLE_CODER,ROLE_FACILITYCODER,ROLE_BILLADMIN
    				/userscreens/spring/generatefacesheetreport**=ROLE_CODER,ROLE_FACILITYCODER,ROLE_BILLADMIN
    				/userscreens/spring/releasechartstobilling**=ROLE_BILLADMIN
    				/userscreens/spring/releaseallchartstobilling**=ROLE_BILLADMIN
    				/userscreens/spring/unreleasechartsforbilling**=ROLE_BILLADMIN
    				/userscreens/spring/reassignvendor**=ROLE_BILLADMIN,ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/returntophysician**=ROLE_CODER,ROLE_FACILITYCODER
    				/userscreens/spring/backtocoding**=ROLE_BILLADMIN
    				/userscreens/spring/assignvendor**=ROLE_DATAADMIN
    				/userscreens/spring/billingfile**=ROLE_BILLADMIN
    				/userscreens/spring/swapshift**=ROLE_PHYSICIAN
    				/userscreens/spring/saveencounterchanges**=ROLE_DATAADMIN
    				/userscreens/spring/getstats**=ROLE_PHYSICIAN
    				/userscreens/spring/server**=ROLE_USER			
    				/userscreens/spring/getencounterdetails**=ROLE_USER			
    				/userscreens/spring/changepassword**=ROLE_USER			
    				/userscreens/spring/createnewmessage**=ROLE_USER			
    				/userscreens/spring/sendmessage**=ROLE_USER			
    				/userscreens/spring/getmessagedetails**=ROLE_USER			
    				/userscreens/spring/getuisettings**=ROLE_USER			
    				/userscreens/spring/loggingout**=ROLE_USER			
    				/userscreens/spring/excellreport**=ROLE_USER			
    				/userscreens/spring/printabledocumenthtml**=ROLE_USER			
    				/userscreens/spring/markmessageasread**=ROLE_USER			
    				/userscreens/spring/releaseidlelock**=ROLE_USER			
    				/userscreens/spring/setidlelock**=ROLE_USER			
    				/userscreens/spring/parsedaterange**=ROLE_USER			
    				/userscreens/spring/deletemessages**=ROLE_USER			
    				/userscreens/spring/getscheduleitems**=ROLE_USER			
    				/userscreens/spring/**=ROLE_NOACCESS	
    				/userscreens/**=ROLE_USER
    				/userscreens**=ROLE_USER
    				]]>
    			</value>
    		</property>
    	</bean>

  • #2
    There were some changes made to the way path matching works with URLs with query strings:

    http://opensource.atlassian.com/proj...browse/SEC-161

    You might want to try a later version. Note also that if you enable debugging you will get very explicit information on URL matching in the logs.

    Comment


    • #3
      Thank you.

      Luke,

      You are correct it seems to have something to do with the query string. I am able to work around the problem by changing what is passed in via the URL.

      Thank you,
      -Vito

      Comment


      • #4
        Remember that if you need more sophisticated matching, you can use also regular expressions instead of ant paths.

        Comment

        Working...
        X