Re: T5: help needed with tapestry-acegi
On 9/17/07, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote: > After some hours trying to figure out what mistake I have been doing, I've > found it! Using the default configuration, Acegi only takes into account > roles prefixed with "ROLE_"!!! Acegi's Javadoc states that here: > http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/RoleVoter.html. Great! > Now everything works like a charm! It's amazingly simple to just add or > change an annotation, reload the page and being allowed or denied to view > the page! Kudos to Howard (for Tapestry 5) and Robin (tapestry5-acegi) for > such amazing work and support!!! :) Thanks, and I also thank Ivan that wrote most of the initial code. > Robin: what about having a warning in tapestry5-acegi docs about this > error I've had? Yeah, that might be a good idea, I'll take a mental note about it :) -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5: help needed with tapestry-acegi
On Mon, 17 Sep 2007 16:35:13 -0300, Robin Helgelin <[EMAIL PROTECTED]>
wrote:
No, you should be able to have an arbitrary length of roles. How does
your public GrantedAuthority[] getAuthorities() from your user
UserDetails look?
I can't post the code here (and it wouldn't help much, as it's written in
Portuguese), but I have this architecture:
class User {
private List groups;
...
}
class Group {
private List permissions;
...
}
class Permission {
private String name; // name of the role/authority
}
I created an UserDetails implementation which getGrantedAuthorities()
method returns all the permissions of all the groups some user belongs to.
I'm using the GrantedAuthorityImpl class that comes with Acegi.
--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5: help needed with tapestry-acegi
On 9/17/07, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote:
> I have an user that has a number of roles (GrantedAuthority instances),
> one of them named "Admin". When I annotate a page class with
> @Secured("Admin"), Acegi denies access to the page. I have just tried the
> same page, with the same annotation, now with an user with just one
> GrantedAuthority, "Admin". Now Acegi happily gives me access to the page.
>
> Does that mean that each user must have exactly one role (aka
> GrantedAuthority) in order to use the @Secured annotation?
No, you should be able to have an arbitrary length of roles. How does
your public GrantedAuthority[] getAuthorities() from your user
UserDetails look?
--
regards,
Robin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5: help needed with tapestry-acegi
On Mon, 17 Sep 2007 16:13:03 -0300, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote: I have an user that has a number of roles (GrantedAuthority instances), one of them named "Admin". After some hours trying to figure out what mistake I have been doing, I've found it! Using the default configuration, Acegi only takes into account roles prefixed with "ROLE_"!!! Acegi's Javadoc states that here: http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/RoleVoter.html. Now everything works like a charm! It's amazingly simple to just add or change an annotation, reload the page and being allowed or denied to view the page! Kudos to Howard (for Tapestry 5) and Robin (tapestry5-acegi) for such amazing work and support!!! :) Robin: what about having a warning in tapestry5-acegi docs about this error I've had? -- Thiago H. de Paula Figueiredo Desenvolvedor, Instrutor e Consultor de Tecnologia Eteg Tecnologia da Informação Ltda. http://www.eteg.com.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
