Announcement Announcement Module
Collapse
No announcement yet.
Possible bug in PathBasedFilterInvocationDefinitionMap Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible bug in PathBasedFilterInvocationDefinitionMap

    This is either a bug or a misunderstanding on my part. I have a FilterSecurityInterceptor defined for my web site with an objectDefinitionSource in my Spring config that contains something along these lines:
    Code:
      <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
        <property name="runAsManager"><ref bean="runAsManager"/></property>
        <property name="objectDefinitionSource">
          <value>
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
            ...
            /somepath/somesubpath/SpecificPage=
            /somepath/**=ROLE_USER
          </value>
        </property>
      </bean>
    Basically what I'm trying to accomplish is to secure (require a login) for all content below /somepath/** EXCEPT for the specific page /somepath/somesubpath/SpecificPage (hence, the empty role list). I did a quick look at the source code and it appears this should work except that PathBasedFilterInvocationDefinitionMap has this line in the addSecureUrl method:
    Code:
            if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                logger.debug&#40;"Added Ant path&#58; " + antPath + "; attributes&#58; "
                    + attr.toString&#40;&#41;&#41;;
            &#125;
    However, since I have an empty role list on the right hand side of my path the "ConfigAttributeDefinition attr" parameter is null at this point, so I get a NullPointerException.
    Is this a bug, or should I be approaching the issue differently?

    Thanks,
    Andy

  • #2
    Hi Andy

    I intend to address this in the long-term by having an anonymous user, which can have GrantedAuthority[]s automatically assigned. As such your filter could require ROLE_ANONYMOUS (granted to the anonymous user) and it would work.

    In the meantime, this approach is probably best: http://forum.springframework.org/showthread.php?t=11996
    Last edited by robyn; May 19th, 2006, 05:35 AM.

    Comment

    Working...
    X