As far as I remember, I believe you only need to change roles in security.xml, as well as sample-data.xml if you're using DbUnit to populate your database.
Matt On 1/2/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Matt, > > I checked my *Action.java page, but there were no roles specified there > for any @struts.action. I'm guessing that's what you were referring to. > > My question is this: If I add new roles or change existing role names in > the role table (in the db), where would I typically need to make a change > in order for my application to work. > > Firstly, I have the following roles in my role table: admin, support > (which was previously the 'user' role), Sadmin, Ssupport. > > These are the places I made changes > 1) filterInvocationInterceptor in security.xml. Here I have > "/**/*.html=admin,support,SAdmin,SSupport". > 2) If I want only specified roles to access a method. I make a change to > methodSecurityInterceptor. > > For some reason, changing the 'user' role name to support seems to have > messed it up. As long as I login as admin I'm fine. Any other role, I'm > denied access. > > Vanessa Pacheco > Programmer > Bowman Systems L.L.C > 318.213.8780x307 > > ====================================== > IMPORTANT WARNING: This message is intended for the use of the person or > entity to which it is addressed and may contain information that is > privileged and confidential, the disclosure of which is governed by > applicable law. If the reader of this message is not the intended > recipient, or the employee or agent responsible to deliver it to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of this information is strictly prohibited. If you > have received this message in error, please notify the sender immediately > and arrange for the return or destruction of these documents. > > -----Original Message----- > From: Matt Raible [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 02, 2008 12:45 PM > To: [email protected] > Subject: Re: [appfuse-user] acegi security > > Are you sure the URL to your Action isn't protected? Are you certain > the "Access Denied" error is coming from this interceptor? > > Matt > > On 1/2/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > > > > > > I'm using Appfuse 1.9.4 with Struts framework. > > > > > > > > I'm trying to use 'methodSecurityInterceptor' to secure access. > > > > > > > > I have these constants in Constants.java > > > > Public static final String SPIES_ADMIN = "SpiesAdmin"; > > > > Public static final String ADMIN_ROLE = "admin"; > > > > Public static final String USER_ROLE = "support"; > > > > Public static final String SPIES_USER = "SpiesUser"; > > > > > > > > I have all these roles in my role table in the database. Now, I want to > > grant admin, support access to getInstallations(). So this is what I > added > > to security.xml > > > > > > > > org.appfuse.service.InstallationManager.getInstallations=admin,support > > to the methodSecurityInterceptor bean. > > > > > > > > If I log in as a user with admin role, I can see all installations. > However, > > if I log in as a user with support role, I am denied access to the page. > > > > > > > > Can someone please help me. > > > > > > > > Thanks in advance > > > > > > > > Vanessa Pacheco > > Programmer > > Bowman Systems L.L.C > > 318.213.8780x307 > > > > > > > > ====================================== > > > > IMPORTANT WARNING: This message is intended for the use of the person or > > entity to which it is addressed and may contain information that is > > privileged and confidential, the disclosure of which is governed by > > applicable law. If the reader of this message is not the intended > recipient, > > or the employee or agent responsible to deliver it to the intended > > recipient, you are hereby notified that any dissemination, distribution > or > > copying of this information is strictly prohibited. If you have received > > this message in error, please notify the sender immediately and arrange > for > > the return or destruction of these documents. > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
