Announcement Announcement Module
No announcement yet.
With invalid privilege also user is able to login. Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • With invalid privilege also user is able to login.

    Currently am integrating my application with Spring Security acegi framework.

    I need to authenticate the login page.
    So, Iam using the MethodSecurityInterceptor and setting the login method to objectDefinitionSource property.
    But actually, the user has ROLE_ADMIN privilege and to the objectDefinitionSource level I have given the authority as ROLE_USER, in this case the user is able to login.

    Since the user and method privileges are different, the user should not be allowed to login and an exception should be thorwn.

    Iam attaching my source code(Spring ApplicationContext.xml file)

    Can I know whether am doing any thing wrong over here.

    thanks in advance,

  • #2
    In addition to previous post.

    Just swap the privileges. i.e, User has ROLE_USER and method ROLE_ADMIN.