Announcement Announcement Module
No announcement yet.
Full example with JBoss adapter Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Full example with JBoss adapter

    If I understood correctly the whole thing (correct me if I'm wrong) even though I manage to authenticate I need to add another layer that binds the data I gathered before and add it in my container specific implementation using an adapter and that way I could use the role names in places like the struts-config.xml and the action tag so I'd be able to do things like:
    <action roles="ROLE_1,ROLE_2" ... />
    I'd like to do that because I tried securing an action with the invocationInterceptor
     <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager">
          <ref bean="authenticationManager"/>
        <property name="accessDecisionManager">
          <ref local="httpRequestAccessDecisionManager"/>
        <property name="objectDefinitionSource">
    and yet I still manage to invoke the action even without the role so my hope is that at least using the adapter I could configure struts to deny access to actions if user is not in role (this is only hipothesys, did anyone made it work this way or otherwise?).
    I'm using JBoss 4.0RC1, will be installing RC2 today. Did anyone try it with this version? Can someone post a working in-memory example (or jdbc) (with web.xml, files that you changed/added in the server directories and where he put them and the applicationContext-acegi-security.xml file, where does the beanRefFactory.xml file go, is it a spring beans file and is that one bean the only thing that should be in it)? I would like to do it by myself but if someone did it why not use it as I don't find it to be the most intuitive thing in the world.
    In the application policy tag, what does the
    <module-option name = "key">my_password</module-option>
    serve? Do I need to change that password and who uses that password and for what? Again sorry if I'm asking obvious questions.

  • #2
    You're using "convert to lowercase" so the mapping

    should be

    I'd also recommend you have a

    and protect your public pages by explicitly declaring them as ROLE_ANONYMOUS. See the Contacts Filter Sample for a complete example. It basically means there's a "catch all" pattern that requires the user to be authenticated, rather than defaulting to authorizing the request.