Announcement Announcement Module
No announcement yet.
Unable to set RolePrefix for RoleVoter Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to set RolePrefix for RoleVoter

    I'm attempting to set my own rolePrefix for RoleVoter. I haven't seen any concrete examples to do this except for an old acegi security one. Here's my applicationContext-security-ns.xml file:

    <beans:beans xmlns=""

    <beans:bean id="roleVoter" class=" ">
    <property name="rolePrefix" value="FOO-BAR-"/>

    Here's the error message:

    Context initialization failed
    org.springframework.beans.factory.xml.XmlBeanDefin itionStoreException: Line 16 in XML document from ServletContext resource [/WEB-INF/applicationContext-security-ns.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'property'.

    How does one set the rolePrefix for the RoleVoter? Or is this just a trival configuration issue on my part?



  • #2
    The element "property" is part of the "beans" namespace, so it needs the prefix too. Using a decent XML editor is recommended as it will tell you this right away. Otherwise it's a bit like Java programming with a text editor instead of an IDE and only finding out your mistakes at compile time .


    • #3
      Thanks. I'll use XMLSpy from now on.


      • #4
        Defining just the roleVoter bean doesn't appear to be enough. The roleVoter bean probably needs to be associated w/ another bean like say a httpRequestAccessDecisionManager which is then associated w/ a filterInvocationInterceptor and so on? I imagine going this explicit config route I won't be able to use the http bean which consolidates stuff? This is what I have so far:

        <beans:bean id="roleVoter" class=" ">
        <beansroperty name="rolePrefix" value="FOO-BAR-"/>

        <http auto-config="true">
        <intercept-url pattern="/*.do" access="FOO-BAR-USER" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <user name="admin" password="admin" authorities="FOO-BAR-USER,FOO-BAR-ADMIN" />
        <user name="user" password="user" authorities="FOO-BAR-USER" />

        2008-04-30 09:34:56,437 ERROR [org.springframework.web.context.ContextLoader] - Context initialization failed org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_filterSecurityInterceptor': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [FOO-BAR-USER]


        • #5
          The below allowed me to change the prefix from 'ROLE_' to 'PRIV_'. I am still wondering if there are less wordy ways to do the same.

          <http access-decision-manager-ref="accessDecisionManager"

          class=" veBased">
          <beansroperty name="decisionVoters">
          <beans:ref bean="roleVoter" />
          <beans:ref bean="authenticatedVoter" />

          class=" ">
          <beansroperty name="rolePrefix" value="PRIV_" />

          class=" atedVoter">


          • #6
            Thanks. Your sample config works for me.


            • #7
              So a local authentication-provider user-service config works. When trying a ldap-server and ldap-authentication-provider the role prefix ROLE_ appears. I'm using the same config you've detailed and have this ldap config:

              <ldap-server url="ldap://localhost:10389/dc=poc" />

              <http auto-config="false" access-decision-manager-ref="accessDecisionManager">
              <intercept-url pattern="/*.do" access="FOO-BAR-User" />
              <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
              <form-login />
              <anonymous />
              <http-basic />
              <logout />

              Debug log statements:

              2008-04-30 15:09:18,703 DEBUG [
              textSource] - Got Ldap context on server 'ldap://localhost:10389/dc=poc'
              2008-04-30 15:09:18,718 DEBUG [
              ltLdapAuthoritiesPopulator] - Roles from search: [FOO-BAR-OKC-Administrator, FOO-BAR-User]
              2008-04-30 15:09:18,718 DEBUG [
              pUserDetailsMapper] - Mapping user details from context with DN: uid=admin, ou=p
              eople, dc=poc
              2008-04-30 15:09:18,734 DEBUG [
              tionProcessingFilter] - Authentication success:
              [email protected] 6: Principal: org.springframew
              [email protected] 5388b5: Username: admin; Passw
              ord: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired:
              true; AccountNonLocked: true; Granted Authorities: ROLE_FOO-BAR-USER, ROLE_FOO-BAR
              -OKC-ADMINISTRATOR; Password: [PROTECTED]; Authenticated: true; Details:
     [email protected]: RemoteIpAddre
              ss:; SessionId: F07FB2B25D02E10A3764A36FE2FD4E97; Granted Authorities:


              • #8
                Originally posted by janw View Post
                The below allowed me to change the prefix from 'ROLE_' to 'PRIV_'. I am still wondering if there are less wordy ways to do the same.
                You can use a shorter prefix for the "beans" namespace. Alternatively, you can write your bean declarations in another file (which uses beans as the default namespace) and either import it or add it to the context loader.