Announcement Announcement Module
Collapse
No announcement yet.
Using a custom PermissionEveluator in WebFlow Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using a custom PermissionEveluator in WebFlow

    Hi everybody,
    I have setup an application to make use of web flows.
    But when it comes to use the <sec:authorize /> tag in my JSPXs views, the permission evaluator (it's a custom implementation) is not invoked (I'm sure about that because I tried to toggle a breakpoint).

    Webflow configuration (WEB-INF/spring/webflow.xml)
    HTML Code:
    	<!--Maps request paths to flows in the flowRegistry -->
    	<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping">
    		<property name="order" value="0"/>
    		<property name="flowRegistry" ref="flowRegistry"/>
    		<property name="interceptors">
    			<array>
    				<ref bean="conversionServiceExposingInterceptor"/>
    			</array>
    		</property>
    	</bean>
    
    	<!-- Dispatches requests mapped to flows to FlowHandler implementations -->
    	<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter">
    		<property name="flowExecutor" ref="flowExecutor"/>
    	</bean>
    
    	<bean class="org.springframework.webflow.security.SecurityFlowExecutionListener" id="securityFlowExecutionListener" />
    	<!-- Executes flows: the entry point into the Spring Web Flow system -->
    	<webflow:flow-executor id="flowExecutor">
    		<webflow:flow-execution-listeners>
    			<webflow:listener ref="securityFlowExecutionListener"/>
    		</webflow:flow-execution-listeners>
    	</webflow:flow-executor>
    
    	<!-- The registry of executable flow definitions -->
    	<webflow:flow-registry base-path="/WEB-INF/views" flow-builder-services="flowBuilderServices" id="flowRegistry">
    		<webflow:flow-location-pattern value="/**/flow.xml"/>
    	</webflow:flow-registry>
    
    	<!-- Plugs in a custom creator for Web Flow views -->
    	<webflow:flow-builder-services development="true" id="flowBuilderServices" validator="cmc_validator" view-factory-creator="mvcViewFactoryCreator"/>
    
    	<bean class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator" id="mvcViewFactoryCreator">
    		<property name="viewResolvers" ref="tilesViewResolver"/>
    	</bean>
    	<bean class="org.springframework.web.servlet.handler.ConversionServiceExposingInterceptor" id="conversionServiceExposingInterceptor">
    		<constructor-arg ref="conversionService"/>
    	</bean>
    </beans>
    Security context (META-INF/spring/applicetionContext-security)
    HTML Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:util="http://www.springframework.org/schema/util"
    	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
    		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
    	
            <!-- UserDetailsService, PasswordEncoder, SaltSource and other beans related to authentication mechanism -->
    
    	<global-method-security pre-post-annotations="enabled" mode="aspectj">
    		<expression-handler ref="expressionHandler"/>
    	</global-method-security>
    
    	<beans:bean id="expressionHandler"
    		class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
    		<beans:property name="permissionEvaluator">
    			<beans:bean class="it.cmc.security.acl.AclPermissionEvaluator" />
    		</beans:property>
    	</beans:bean>
    
    </beans:beans>
    What am I doing wrong?

    Thanks,
    Stefano
Working...
X