Announcement Announcement Module
No announcement yet.
Mappable roles always empty using J2EE preauth Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mappable roles always empty using J2EE preauth

    Hi everyone

    I'm writing an application based on the preauth sample, but having problems with authorisation. While debugging, I've found that the WebXmlMappableAttributesRetriever doesn't actually retrieve any roles that are defined in my web.xml file.

    No exceptions are thrown, so it doesn't look like anything's breaking - but it's just not getting the roles. My web.xml has three roles defined, and I've been through the spring security source code to make sure the WebXmlMappableAttributesRetriever is looking in the same place as where I've defined them (not that there's anywhere else to put them anyway - just checking everything).

    In my logs I have the following entries: appableAttributesRetriever - Reading mappable attributes from XML document appableAttributesRetriever - Mappable attributes from XML document: []

    This is causing all role-based security checks to fail, as all users fail the security role check. There are no roles to check against, so all users effectively have no role memberships.

    I've looked at this rather exhaustively and I'm getting nowhere... perhaps I've been looking at it TOO long :-)

    I'd really appreciate some help on this! I'm quite new to Spring security, so could've easily missed something obvious.

    Thanks in advance!

  • #2

    I've given up trying to find out why this isn't working, and have just configured a SimpleMappableAttributesRetriever instead.

    This is not ideal, as I now have to keep two sources updated - but this particular area of my app doesn't change, so it's not the end of the world. Will look into this again at some point, but at least it's working for now.