Announcement Announcement Module
Collapse
No announcement yet.
MethodSecurityInterceptor is intercepting from Action classes in struts. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • MethodSecurityInterceptor is intercepting from Action classes in struts.

    <bean name="/foo/fooPath"
    class="org.springframework.aop.framework.ProxyFact oryBean">
    <property name="target">
    <bean class="org.foo.web.actions.path.SomeAction">
    </property>
    <property name="interceptorNames">
    <list>
    <value>securityAdvice</value>
    </list>
    </property>
    </bean>



    <bean id="securityAdvice"
    class="org.acegisecurity.intercept.method.aopallia nce.MethodSecurityInterceptor">
    <property name="validateConfigAttributes" value="true"/>
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager" ref="accessDecisionManager"/>
    <property name="objectDefinitionSource">
    org.foo.web.actions.some.SomeAction.*=ROLE_CEO
    </property>

    </bean>
    Last edited by gd007; Jan 30th, 2007, 07:24 PM. Reason: Fixing typo

  • #2
    Originally posted by gd007 View Post
    <property name="objectDefinitionSource">
    org.foo.web.actions.some.SomeAction.*=ROLE_CEO
    </property>
    Should be "org.foo.web.actions.path.SomeAction.*=ROLE_CE O" to match the above (is it a typo?).

    Besides that: Is the method in question declared in the class itself or perhaps in an implemented interface? If the latter is the case, then the interface method has to be declared in the "objectDefinitionSource" property.

    If that does not help, please turn on debug logging and see what happens. Maybe that can provide a clue.

    Regards,
    Andreas

    Comment


    • #3
      Just out of interesting, I wondered why you are trying to intercept methods on the Struts action instead of the URLs? Does it make more sense to use FilterSecurityInterceptor instead of MethodSecurityInterceptor? As for the action which method were you trying to intercept?

      http://www.acegisecurity.org/multipr...terceptor.html
      http://www.acegisecurity.org/multipr...terceptor.html

      Comment


      • #4
        Andreas,
        Yeah that was a typo, and I don't see in the logs that methods are being secured.

        karldmoore,

        That was good catch. We are intercepting uris first. We are also trying to secure methods on top of that. URI part is working just fine.

        --

        Comment


        • #5
          I've not actually seen people doing this before. Usually the URLs are intecepted and then the service layer. How are you integrating Struts and Spring? The article below shows a few ways of doing it, which are you using?
          http://www-128.ibm.com/developerwork...ary/j-sr2.html

          Comment


          • #6
            karldmoore,

            We are using the second approach of struts and spring applying the RequestProcessor. We have no problem in that. But don't know why
            the MethodSecurityInterceptor is not firing.

            Comment


            • #7
              Hmmm, I wondered if there were any issues with internal calls hence no proxying. I'll try and have a look at this later as I'm quite interested myself. In the mean time, I'd stick the debugger on it and see what happens.
              http://www.springframework.org/docs/...ng-aop-proxies

              Comment


              • #8
                objectDefinitionSource problem

                There is no problem with proxying. I have debugged into the code and it is going
                in MethodSecurityInterceptor. But after it goes there my debugger gets messed up. Problem is with the objectDefinitionSource. I don't see that the methods are being secured in the logs. I have tuned the logging level to debug.

                Comment


                • #9
                  I'm just trying the same thing at the moment, with the same result. Haven't managed to track down what's going on yet, but I'll post back when I know more.

                  Comment


                  • #10
                    It is reproducible

                    Nice to see that it is reproducible. Keep us posted on any progress.

                    Comment


                    • #11
                      Any update on this?

                      I was wondering if anybody got any update on this.

                      Comment


                      • #12
                        I've still got this thread in my list of things to do. I've been away all this week so I've not had chance to look at it yet. Might get chance this weekend.

                        Comment


                        • #13
                          Are these at all related?
                          http://forum.springframework.org/showthread.php?p=94634
                          http://opensource.atlassian.com/proj.../browse/SEC-99

                          Comment


                          • #14
                            I think they are pretty much unrelated. But thanks for the links anyway.

                            Comment

                            Working...
                            X