On 09/18/2010 06:31 PM, Grzegorz Krugły wrote:
Hi Grzegorz,
> After having security interceptor in place, just write a class and
> implement those 3 methods:
>
> public class SecurityManager extends J2EESecurityManager implements
> SecurityHandler {
> protected Boolean hasRole(ActionBean bean, Method handler, String
> role) {
> }
> protected Boolean isUserAuthenticated(ActionBean bean, Method handler) {
> }
> public Resolution handleAccessDenied(ActionBean bean, Method handler) {
> }
> }
>
> I think their names and params are self-explanatory.
>
> Then, configure the SecurityManager in web.xml by adding
>
> <init-param>
> <param-name>SecurityManager.Class</param-name>
> <param-value>com.package.SecurityManager</param-value>
> </init-param>
>
> That's all - now You can use @RolesAllowed anotation on every action
> method that needs access limited.
>
> This stuff - and much, much more - I've learned from Freddy's book, I am
> not affiliated with him by any means, but I highly recommend the book to
> everyone.
good idea to have a look at Freddy's book. I am so used to googling
around that I did not come to the idea.
I did as you said and I added simply "return false" to hasRole() and
isUserAuthenticated() and I added a @RolesAllowed annotation to a method
of an action bean.
I expected now to see an error message, an exception or something that
tells me that I am not logged in once I refreshed the page. But nothing
changed. Actually I think that my SecurityManager was never loaded. But
there is no error message in the logs that tells me that anything is wrong.
I tried to force stripes to produce an error message by supplying a
bogus value:
<init-param>
<param-name>SecurityManager.Class</param-name>
<param-value>bogus</param-value>
</init-param>
But nothing changed.
I tried zu set the Security plugin itself to a bogus value and nothing
changed. That was the point where I thought I might be adding the wrong
web.xml but by changing another option I could finally provoke an error
so I know it is the right file.
I did add the <ini-param>-tags with the only <filter> tag that I have.
What could possibly be wrong?
>
> HTH
> Grzegorz
Thomas
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
