I already made User.getAuthorities() call User.getAllAuthorities() and that's
what allowed me to log in and have the mainMenu.xhtml display the links to
the admin secured areas. It's just that when I then click to view the Users
List - I get the access denied error.
I'll try it.
mraible wrote:
>
> What if you change User.getAllAuthorities to be User.getAuthorities -
> does that work?
>
> Matt
>
> On 2/26/07, tonyl <[EMAIL PROTECTED]> wrote:
>>
>> I get the following error:
>>
>> Caused by: org.acegisecurity.AccessDeniedException: Access is denied
>> at
>> org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
>> at
>> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:276)
>> at
>> org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:63)
>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
>> at
>> org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:104)
>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
>> at
>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
>> at
>> org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:652)
>> at
>> com.openlogic.blueglue.server.service.impl.UserManagerImpl$$EnhancerByCGLIB$$dd3afb5a.getUsers(<generated>)
>> at
>> com.openlogic.blueglue.webapp.action.UserList.getUsers(UserList.java:80)
>>
>> So, the transaction advice is getting called before the getUsers() call
>> but
>> I don't think it's calling UserSecurityAdvice since I put some printlns
>> in
>> the before method and nothing is coming out in the console or the log.
>>
>> Unfortunately, my laptop won't let me run tests - I have some
>> configuration
>> problem with my database, but the application runs totally fine.
>>
>>
>>
>> mraible wrote:
>> >
>> > On 2/26/07, tonyl <[EMAIL PROTECTED]> wrote:
>> >>
>> >> The following code got me a whole lot farther than I expected. I'm
>> >> getting an
>> >> Access Denied Error however. The code that checks for that is in
>> >> UserSecurityAdvice - correct?
>> >
>> > It depends on when you get the access denied error. You might try
>> > running and manipulating UserSecurityAdviceTest.
>> >
>> > Matt
>> >
>> >>
>> >>
>> >> public GrantedAuthority[] getAuthorities()
>> >> {
>> >> /*
>> >> List<GrantedAuthority> authorities = new
>> >> LinkedList<GrantedAuthority>();
>> >> authorities.addAll( roles );
>> >> for ( Iterator iter = roles.iterator(); iter.hasNext(); )
>> >> {
>> >> RoleDB role = (RoleDB) iter.next();
>> >> authorities.addAll( role.getPermissions() );
>> >> }
>> >> return authorities.toArray(new GrantedAuthority[0]);
>> >> */
>> >> return getAllAuthorities();
>> >> }
>> >>
>> >> public GrantedAuthority[] getAllAuthorities()
>> >> {
>> >> List<GrantedAuthority> authorities = new
>> >> LinkedList<GrantedAuthority>();
>> >> authorities.addAll( roles );
>> >> for ( Iterator iter = roles.iterator(); iter.hasNext(); )
>> >> {
>> >> RoleDB role = (RoleDB) iter.next();
>> >> authorities.addAll( role.getPermissions() );
>> >> }
>> >>
>> >> for ( Iterator giter = groups.iterator(); giter.hasNext(); )
>> >> {
>> >> GroupDB group = (GroupDB) giter.next();
>> >> Set roles = group.getRoles();
>> >> for ( Iterator riter = roles.iterator(); riter.hasNext();
>> )
>> >> {
>> >> RoleDB role = (RoleDB) riter.next();
>> >> authorities.addAll( role.getPermissions() );
>> >> }
>> >> }
>> >>
>> >> return authorities.toArray(new GrantedAuthority[0]);
>> >> }
>> >>
>> >>
>> >>
>> >> tonyl wrote:
>> >> >
>> >> > Matt,
>> >> >
>> >> > I checked out the JIRA issue, and it redirects to
>> >> >
>> >> > http://opensource.atlassian.com/projects/spring/browse/SEC-272
>> >> >
>> >> > which is still open. I'll check the sample apps, too.
>> >> >
>> >> >
>> >> >
>> >> > mraible wrote:
>> >> >>
>> >> >> Apparently, Acegi security supports groups now, but I couldn't find
>> >> >> any documentation on it. You might want to check one of their
>> sample
>> >> >> apps.
>> >> >>
>> >> >> http://opensource.atlassian.com/projects/spring/browse/SEC-325
>> >> >>
>> >> >> Matt
>> >> >>
>> >> >> On 2/26/07, tonyl <[EMAIL PROTECTED]> wrote:
>> >> >>>
>> >> >>> So, we are adding groups of users to the base application
>> generated
>> >> by
>> >> >>> AppFuse, and we have set up the groups to accept Roles, just like
>> >> Users.
>> >> >>> The
>> >> >>> issue that I am having is how to have the session recognize the
>> >> >>> amalgamation
>> >> >>> of roles from both the User and the Groups that the User belongs
>> to.
>> >> >>>
>> >> >>> For example, create a user that has the default User role. Then
>> >> create a
>> >> >>> group that contains the user. The group has the role of Admin.
>> When I
>> >> >>> log in
>> >> >>> as the user, I want the session to recognize that the user now has
>> >> Admin
>> >> >>> privileges because of the group.
>> >> >>>
>> >> >>> I've tried various things in the UserSecurityAdvice class, but
>> >> nothing
>> >> >>> seems
>> >> >>> to work. I have implemented a getAllAuthorities method that does
>> the
>> >> >>> amalgamation but I can't figure out where to pass it into the
>> context
>> >> to
>> >> >>> get
>> >> >>> it to recognize that all the permissions.
>> >> >>>
>> >> >>> Thanks,
>> >> >>>
>> >> >>> Tony
>> >> >>>
>> >> >>>
>> >> >>> --
>> >> >>> View this message in context:
>> >> >>>
>> >>
>> http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9170681
>> >> >>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>> >> >>>
>> >> >>>
>> ---------------------------------------------------------------------
>> >> >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >>> For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> http://raibledesigns.com
>> >> >>
>> >> >>
>> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9171560
>> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>> > --
>> > http://raibledesigns.com
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9172123
>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> http://raibledesigns.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9172308
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
