Matt, I checked my *Action.java page, but there were no roles specified there for any @struts.action. I'm guessing that's what you were referring to.
My question is this: If I add new roles or change existing role names in the role table (in the db), where would I typically need to make a change in order for my application to work. Firstly, I have the following roles in my role table: admin, support (which was previously the 'user' role), Sadmin, Ssupport. These are the places I made changes 1) filterInvocationInterceptor in security.xml. Here I have "/**/*.html=admin,support,SAdmin,SSupport". 2) If I want only specified roles to access a method. I make a change to methodSecurityInterceptor. For some reason, changing the 'user' role name to support seems to have messed it up. As long as I login as admin I'm fine. Any other role, I'm denied access. Vanessa Pacheco Programmer Bowman Systems L.L.C 318.213.8780x307 ====================================== IMPORTANT WARNING: This message is intended for the use of the person or entity to which it is addressed and may contain information that is privileged and confidential, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this information is strictly prohibited. If you have received this message in error, please notify the sender immediately and arrange for the return or destruction of these documents. -----Original Message----- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 02, 2008 12:45 PM To: [email protected] Subject: Re: [appfuse-user] acegi security Are you sure the URL to your Action isn't protected? Are you certain the "Access Denied" error is coming from this interceptor? Matt On 1/2/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > I'm using Appfuse 1.9.4 with Struts framework. > > > > I'm trying to use 'methodSecurityInterceptor' to secure access. > > > > I have these constants in Constants.java > > Public static final String SPIES_ADMIN = "SpiesAdmin"; > > Public static final String ADMIN_ROLE = "admin"; > > Public static final String USER_ROLE = "support"; > > Public static final String SPIES_USER = "SpiesUser"; > > > > I have all these roles in my role table in the database. Now, I want to > grant admin, support access to getInstallations(). So this is what I added > to security.xml > > > > org.appfuse.service.InstallationManager.getInstallations=admin,support > to the methodSecurityInterceptor bean. > > > > If I log in as a user with admin role, I can see all installations. However, > if I log in as a user with support role, I am denied access to the page. > > > > Can someone please help me. > > > > Thanks in advance > > > > Vanessa Pacheco > Programmer > Bowman Systems L.L.C > 318.213.8780x307 > > > > ====================================== > > IMPORTANT WARNING: This message is intended for the use of the person or > entity to which it is addressed and may contain information that is > privileged and confidential, the disclosure of which is governed by > applicable law. If the reader of this message is not the intended recipient, > or the employee or agent responsible to deliver it to the intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this information is strictly prohibited. If you have received > this message in error, please notify the sender immediately and arrange for > the return or destruction of these documents. > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
