Announcement Announcement Module
Collapse
No announcement yet.
@Secured annotation seem that not work Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • @Secured annotation seem that not work

    i try to implement security for an method using @Secured annotation
    So, i have an config file, where it's configured security:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans 	xmlns="http://www.springframework.org/schema/security"
    				xmlns:security="http://www.springframework.org/schema/security"
    				xmlns:beans="http://www.springframework.org/schema/beans"
    				xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    				xsi:schemaLocation="http://www.springframework.org/schema/beans 
    						http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                            http://www.springframework.org/schema/security 
    						http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    	
    	<http auto-config="true" session-fixation-protection="none"/>
    	<global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
    	<authentication-provider>
    			<user-service>
    				<user name="1" password="1" authorities="SUPERUSER" />
    			</user-service>
    	</authentication-provider>	
    </beans:beans>
    My class it's bellow:
    Code:
    @Service("myService")
    @RemotingDestination(channels = { "my-amf" })
    public class MyTestService {
    
    	@Autowired
    	private ZoneDao myDao;
    
    	@RemotingInclude
    	@Secured({"SUPERUSER"})
    	public List<Zone> getZone() {
    		return myDao.getZone();
    	}
    	
    	@RemotingInclude
    	public String getHello()
    	{
    		return myDao.getHello();
    	}
    }
    At flex side, i have an simple example. I try to login using this:
    Code:
    private function init():void
          		{
          			var channel:AMFChannel = new AMFChannel("my-amf", "http://localhost:8080/blazeds/spring/messagebroker/amf");
    				var channelSet:ChannelSet = new ChannelSet();
    				channelSet.addChannel(channel);
    				rem.channelSet = channelSet;
          			        rem.channelSet.login("1","1");//do login
          		}
    Anything i do, get an "RPC Fault faultString="Access is denied" faultCode="Client.Authorization" faultDetail="null"
    Invoking unprotected method "getHello()", work without any problem.
    I don't have any compiler error, or when server startup.

  • #2
    Ok, i found where it's the problem. Spring security expect authorities with prefix "ROLE_". So that it's the reason why i get "Access denied" response, because my role it's simply "SUPERUSER".
    Very strange anyway this restriction, but that is.

    Comment

    Working...
    X