Announcement Announcement Module
No announcement yet.
Writing a custom ObjectDefinitionSource Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Writing a custom ObjectDefinitionSource

    i'm starting using acegi security framework (version 1.0.7) since just few days. I have a problem about my authorization settings: i'm trying to write a custom ObjectDefinitionSource for my test application in order to set specific protections for some beans,because i need to handle roles dynamically (even without DAO or database access,just to store them in memory).I
    I realized the following class:

    public class MyObjectDefinitionSource extends AbstractFilterInvocationDefinitionSource{

    private Map requestMap = new HashMap();

    public void init(){
    SecurityConfig securityConfig = new SecurityConfig("ROLE_USER_ENABLED");
    configDefinition.addConfigAttribute(securityConfig );
    addSecureUrl("it.rara.resources.FunctionsTest.sum* ", configDefinition);

    public void addSecureUrl(String expression, ConfigAttributeDefinition attr) {

    public ConfigAttributeDefinition lookupAttributes(String url) {
    return (ConfigAttributeDefinition)this.requestMap.get(url );
    else return null;

    public Iterator getConfigAttributeDefinitions() {
    return this.requestMap.values().iterator();


    and here's the mapping in the acegi-security.xml:

    <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy .BeanNameAutoProxyCreator">
    <property name='interceptorNames'>
    <property name="beanNames">
    <property name="proxyTargetClass" value="true"/>

    <bean id='functionsImpl' class="FunctionsTest" />

    <bean id='methodSecurityInterceptor' class='org.acegisecurity.intercept.method.aopallia nce.MethodSecurityInterceptor'>
    <property name='authenticationManager' ref='authenticationManager' />
    <property name='accessDecisionManager' ref='accessDecisionManager' />
    <property name="objectDefinitionSource">
    <ref local="myDefinitionSource"/>

    <bean id="myDefinitionSource" class="MyObjectDefinitionSource" init-method="init" />

    When i deploy the application, i get the following error:

    org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'methodSecurityInterceptor' defined in ServletContext resource [/WEB-INF/acegi-security.xml]: Error setting property values; nested exception is org.springframework.beans.PropertyAccessExceptions Exception; nested PropertyAccessExceptions (1) are:
    PropertyAccessException 1: org.springframework.beans.TypeMismatchException: Failed to convert property value of type [MyObjectDefinitionSource] to required type [org.acegisecurity.intercept.method.MethodDefinitio nSource] for property 'objectDefinitionSource'
    org.springframework.beans.PropertyAccessExceptions Exception; nested PropertyAccessException details (1) are:
    PropertyAccessException 1:
    org.springframework.beans.TypeMismatchException: Failed to convert property value of type [MyObjectDefinitionSource] to required type [org.acegisecurity.intercept.method.MethodDefinitio nSource] for property 'objectDefinitionSource'

    Can anybody help me to find out what's the mistake?Thank you so much in advance!

  • #2
    If you're starting out, I'd recommend you use Spring Security instead. Acegi 1.0.7 is deprecated and there will be no further releases.

    The error is because you are suing the wrong type (a FilterInvocationDefinitionSource) for method security, hence the message

    Failed to convert property value of type [MyObjectDefinitionSource] to required type [org.acegisecurity.intercept.method.MethodDefinitionSource]


    • #3
      Thank you so much for your reply
      Yes, i understood Acegi 1.0.7 is deprecated,but for now unfortunately i'm bound to use it.
      About the error i got,do you know which type i should use, in order to write my custom ObjectDefinitionSource?
      Thank you again!


      • #4
        Well, method security uses MethodInvocations rather than FilterInvocations, and it should be pretty obvious that methods like "addSecureUrl" do not apply.

        You really need to understand the basic architecture before doing something like this, or you will come unstuck, so I'd suggest you read chapter 5 of the manual to start with:

        and then spend some more time looking at the code for the existing implementations to see how they work, before trying to implement your own.

        The underlying architecture is still pretty much the same as for Acegi, but the code is a good bit cleaner in 2.0.