Thanks for adding that note - more documentation is never a bad thing. ;-)
Matt On 6/22/07, tibi <[EMAIL PROTECTED]> wrote:
that works. if you don;'t mind i added an info about changeing your own roles: http://appfuse.org/display/APF/Release+Notes+2.0+M5 tibi Matt Raible wrote: > If you add a new role, it needs to be prefixed with ROLE_ - so > ROLE_myRole should work. We changed the RoleVoter from using a "" > prefix to using the default "ROLE_". > > Matt > > On 6/22/07, tibi <[EMAIL PROTECTED]> wrote: >> with a fresh 2.0m5 i can't add a role to the security.xml like i used to >> do in 2.0m4 >> >> >> >> i tried to add myRole: >> >> <bean id="filterInvocationInterceptor" >> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="accessDecisionManager" >> ref="accessDecisionManager"/> >> <property name="objectDefinitionSource"> >> <value> >> PATTERN_TYPE_APACHE_ANT >> /activeUsers.*=ROLE_ADMIN >> /clickstreams.jsp*=ROLE_ADMIN >> /flushCache.*=ROLE_ADMIN >> >> /passwordHint.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER,myRole >> /reload.*=ROLE_ADMIN >> /signup.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER >> /a4j.res/*.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER >> <!-- APF-737, OK to remove if not using JSF --> >> /users.html*=ROLE_ADMIN >> /**/*.html*=ROLE_ADMIN,ROLE_USER,myRole >> </value> >> </property> >> </bean> >> >> error message: >> [INFO] [talledLocalContainer] [testIncipio] ERROR [main] >> ContextLoader.initWebApplicationContext(203) | Context initialization >> failed >> [INFO] [talledLocalContainer] >> org.springframework.beans.factory.BeanCreationException: Error creating >> bean with name 'filterInvocationInterceptor' defined in ServletContext >> resource [/WEB-INF/security.xml]: Invocation of init method failed; >> nested exception is java.lang.IllegalArgumentException: Unsupported >> configuration attributes: [myRole] >> [INFO] [talledLocalContainer] Caused by: >> [INFO] [talledLocalContainer] java.lang.IllegalArgumentException: >> Unsupported configuration attributes: [myRole] >> [INFO] [talledLocalContainer] at >> org.acegisecurity.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:223) >> >> [INFO] [talledLocalContainer] at >> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java >> >> >> >> >> fullsecurity xml: >> >> <?xml version="1.0" encoding="UTF-8"?> >> <beans xmlns="http://www.springframework.org/schema/beans"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xmlns:aop="http://www.springframework.org/schema/aop"; >> xsi:schemaLocation="http://www.springframework.org/schema/beans >> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd >> http://www.springframework.org/schema/aop >> http://www.springframework.org/schema/aop/spring-aop-2.0.xsd";> >> >> <!-- ======================== FILTER CHAIN >> ======================= --> >> <bean id="filterChainProxy" >> class="org.acegisecurity.util.FilterChainProxy"> >> <property name="filterInvocationDefinitionSource"> >> <value> >> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON >> PATTERN_TYPE_APACHE_ANT >> /images/**=#NONE# >> /scripts/**=#NONE# >> /styles/**=#NONE# >> >> /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor >> >> </value> >> <!-- Put channelProcessingFilter before >> securityContextHolderAwareRequestFilter to turn on SSL switching --> >> <!-- It's off by default b/c Canoo WebTest doesn't support >> SSL out-of-the-box --> >> </property> >> </bean> >> >> <bean id="httpSessionContextIntegrationFilter" >> class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> >> >> <!-- Changed to use logout.jsp since causes 404 on WebSphere: >> http://issues.appfuse.org/browse/APF-566 --> >> <!--bean id="logoutFilter" >> class="org.acegisecurity.ui.logout.LogoutFilter"> >> <constructor-arg value="/index.jsp"/> >> <constructor-arg> >> <list> >> <ref bean="rememberMeServices"/> >> <bean >> class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> >> </list> >> </constructor-arg> >> <property name="filterProcessesUrl" value="/logout.jsp"/> >> </bean--> >> >> <bean id="authenticationProcessingFilter" >> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="authenticationFailureUrl" >> value="/login.jsp?error=true"/> >> <property name="defaultTargetUrl" value="/"/> >> <property name="filterProcessesUrl" value="/j_security_check"/> >> <property name="rememberMeServices" ref="rememberMeServices"/> >> </bean> >> >> <bean id="securityContextHolderAwareRequestFilter" >> class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> >> >> >> <bean id="rememberMeProcessingFilter" >> class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="rememberMeServices" ref="rememberMeServices"/> >> </bean> >> >> <bean id="anonymousProcessingFilter" >> class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> >> <property name="key" value="anonymous"/> >> <property name="userAttribute" >> value="anonymous,ROLE_ANONYMOUS"/> >> </bean> >> >> <bean id="exceptionTranslationFilter" >> class="org.acegisecurity.ui.ExceptionTranslationFilter"> >> <property name="authenticationEntryPoint"> >> <bean >> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> >> >> <property name="loginFormUrl" value="/login.jsp"/> >> <property name="forceHttps" value="false"/> >> </bean> >> </property> >> </bean> >> >> <bean id="filterInvocationInterceptor" >> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="accessDecisionManager" >> ref="accessDecisionManager"/> >> <property name="objectDefinitionSource"> >> <value> >> PATTERN_TYPE_APACHE_ANT >> /activeUsers.*=ROLE_ADMIN >> /clickstreams.jsp*=ROLE_ADMIN >> /flushCache.*=ROLE_ADMIN >> >> /passwordHint.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER,myRole >> /reload.*=ROLE_ADMIN >> /signup.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER >> /a4j.res/*.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER >> <!-- APF-737, OK to remove if not using JSF --> >> /users.html*=ROLE_ADMIN >> /**/*.html*=ROLE_ADMIN,ROLE_USER,myRole >> </value> >> </property> >> </bean> >> >> <bean id="accessDecisionManager" >> class="org.acegisecurity.vote.AffirmativeBased"> >> <property name="allowIfAllAbstainDecisions" value="false"/> >> <property name="decisionVoters"> >> <list> >> <bean class="org.acegisecurity.vote.RoleVoter"/> >> </list> >> </property> >> </bean> >> >> <bean id="rememberMeServices" >> class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> >> <property name="userDetailsService" ref="userDao"/> >> <property name="key" value="23_*!cdU='612./e;NrI"/> >> <property name="parameter" value="rememberMe"/> >> </bean> >> >> <bean id="authenticationManager" >> class="org.acegisecurity.providers.ProviderManager"> >> <property name="providers"> >> <list> >> <ref local="daoAuthenticationProvider"/> >> <ref local="anonymousAuthenticationProvider"/> >> <ref local="rememberMeAuthenticationProvider"/> >> </list> >> </property> >> </bean> >> >> <bean id="daoAuthenticationProvider" >> class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> >> <property name="userDetailsService" ref="userDao"/> >> <property name="passwordEncoder" ref="passwordEncoder"/> >> </bean> >> >> <bean id="anonymousAuthenticationProvider" >> class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> >> >> <property name="key" value="anonymous"/> >> </bean> >> >> <bean id="rememberMeAuthenticationProvider" >> class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> >> >> <property name="key" value="23_*!cdU='612./e;NrI"/> >> </bean> >> >> <!-- This bean definition must be available to >> ApplicationContext.getBean() so StartupListener >> can look for it and detect if password encryption is turned on >> or not --> >> <bean id="passwordEncoder" >> class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/> >> >> <!-- This bean is optional; it isn't used by any other bean as it >> only listens and logs --> >> <bean id="loggerListener" >> class="org.acegisecurity.event.authentication.LoggerListener"/> >> >> <!-- Apply method-level interceptor to userManager bean --> >> <aop:config> >> <aop:advisor id="managerSecurity" >> advice-ref="methodSecurityInterceptor" pointcut="execution(* >> org.appfuse.service.UserManager.*(..))"/> >> </aop:config> >> >> <bean id="methodSecurityInterceptor" >> class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> >> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="accessDecisionManager" >> ref="accessDecisionManager"/> >> <property name="objectDefinitionSource"> >> <value> >> org.appfuse.service.UserManager.getUsers=ROLE_ADMIN >> org.appfuse.service.UserManager.removeUser=ROLE_ADMIN >> </value> >> </property> >> </bean> >> >> <!-- SSL Switching: to use this, configure it in the >> filterChainProxy bean --> >> <bean id="channelProcessingFilter" >> class="org.acegisecurity.securechannel.ChannelProcessingFilter"> >> <property name="channelDecisionManager" >> ref="channelDecisionManager"/> >> <property name="filterInvocationDefinitionSource"> >> <value> >> PATTERN_TYPE_APACHE_ANT >> /admin/**=REQUIRES_SECURE_CHANNEL >> /login*=REQUIRES_SECURE_CHANNEL >> /j_security_check*=REQUIRES_SECURE_CHANNEL >> /editProfile.html*=REQUIRES_SECURE_CHANNEL >> /signup.html*=REQUIRES_SECURE_CHANNEL >> /saveUser.html*=REQUIRES_SECURE_CHANNEL >> /**=REQUIRES_INSECURE_CHANNEL >> </value> >> </property> >> </bean> >> >> <bean id="channelDecisionManager" >> class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> >> <property name="channelProcessors"> >> <list> >> <bean >> class="org.acegisecurity.securechannel.SecureChannelProcessor"/> >> <bean >> class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> >> </list> >> </property> >> </bean> >> </beans> >> >> >> thanks, >> >> tibi >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- http://raibledesigns.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
