Announcement Announcement Module
Collapse
No announcement yet.
FilterSecurityInterceptor can't match URL parameters Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • FilterSecurityInterceptor can't match URL parameters

    I am having trouble setting up a FilterSecurityInterceptor that is supposed to match a URL with parameters. Our application is built using the mach-ii framework, and as such all URL's are of the form:

    http://glast/index.cfm?event=upload.satellite.command

    (internally the mach-ii framework uses a look-up table to find the actual page associated with the string "upload.satellite.command", similiar to hiding jsp pages in /WEB-INF/jsp/ and using Spring MVC to render the view).

    I want to protect my "upload.satellite.command" URL using Acegi, but the equal sign "=" used to pass the "event" parameter is causing me grief when I try to match it using a regexp. This was my attempt:

    Code:
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
    	<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
    	<property name="runAsManager"><ref local="runAsManager"/></property>
    	<property name="objectDefinitionSource">
    		<value>
    			CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    			\A/index\.cfm\?event\=upload\.satellite\.command.*\Z=ROLE_GLAST_ADMINISTRATOR
    		</value>
    	</property>
    </bean>
    Even though I try to escape the "=" using "\=", Acegi seems to think that everything after the "\=" is the list of roles, and I get this exception in the logs on application startup:

    Code:
    java.lang.IllegalArgumentException&#58; Malformed regular expression&#58; \A/index\.cfm\?event\
    It looks like the problem is in FilterInvocationDefinitionSourceEditor.setAsText(S tring) since it is tokenizing my regexp expression using "=" without regard to the context of where "=" is used in the string.

    How do I match a literal "=" in the regexp so that I can protect URL's based on parameters? It seems like matching URL parameters would be generally useful to for Acegi programmers.

    Warmest reagrds, Matt

  • #2
    use hex code for =

    To answer my own question, I just needed to use the hex code for equal "=" (which is 3D). My new bean definition simply became:

    Code:
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
       <property name="authenticationManager"><ref local="authenticationManager"/></property>
       <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
       <property name="runAsManager"><ref local="runAsManager"/></property>
       <property name="objectDefinitionSource">
          <value>
             CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
             \A/index\.cfm\?event\x3Dupload\.satellite\.command.*\Z=ROLE_GLAST_ADMINISTRATOR
          </value>
       </property>
    </bean>

    Comment


    • #3
      Excellent Matt, the other way would be to just match the part after the equals. ie .*upload\.satellite\.command.*\Z=ROLE_GLAST_ADMINI STRATOR

      Comment


      • #4
        Ant Patterns

        Can you give the same example using ant pattern?
        Is there a way to get the parameter values (The values of the *) from the filter invocation?

        Oded Blayer
        Invoke Solutions

        Comment

        Working...
        X