Cooool :-D I fix the problem.
So simply comment from security.xml the lines above:
...
<!-- <intercept-url pattern="/signup.html*" access="ROLE_ADMIN"/> -->
<!-- <intercept-url pattern="/editProfile.html*" access="ROLE_ADMIN"/> -->
...
and also i modified struts.xml adding <interceptor-ref name="adminCheck"/>
to this actions definitions:
...
<action name="signup" class="signupAction">
<interceptor-ref name="adminCheck"/>
<result name="cancel" type="redirect">/</result>
<result name="input">/WEB-INF/pages/signup.jsp</result>
<result name="success" type="chain">saveSignup</result>
</action>
<action name="saveSignup" class="signupAction" method="save">
<interceptor-ref name="adminCheck"/>
<result name="input">/WEB-INF/pages/signup.jsp</result>
<result name="success" type="redirect-action">/mainMenu</result>
</action>
<action name="editUser" class="userAction" method="edit">
<interceptor-ref name="adminCheck"/>
<result name="success">/WEB-INF/pages/userForm.jsp</result>
<result name="input">/WEB-INF/pages/admin/userList.jsp</result>
</action>
<action name="editProfile" class="userAction" method="edit">
<interceptor-ref name="adminCheck"/>
<result name="success">/WEB-INF/pages/userForm.jsp</result>
<result name="error">/WEB-INF/pages/mainMenu.jsp</result>
</action>
<action name="saveUser" class="userAction" method="save">
<interceptor-ref name="adminCheck"/>
<result name="cancel"
type="redirect-action">admin/users</result>
<result name="input">/WEB-INF/pages/userForm.jsp</result>
<result name="success"
type="redirect-action">admin/users</result>
</action>
...
and now it works.
When a simple user try to edit URL directly from browser AppFuse redirect
him/her to Access Denied.
Thanks again :-D
Ema :-)
mannobug wrote:
>
> Hi guys any idea? :-S
> I'm in big trouble....nothing change.
> Ema :-)
>
>
> mannobug wrote:
>>
>> The code is the code that i have in my eclipse project. I didn't touch
>> web.xml only the files that i describe in the previopus message.
>> This is security.xml:
>>
>> ?xml version="1.0" encoding="UTF-8"?>
>> <beans:beans xmlns="http://www.springframework.org/schema/security";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xmlns:beans="http://www.springframework.org/schema/beans";
>>
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>> http://www.springframework.org/schema/security
>> http://www.springframework.org/schema/security/spring-security-2.0.1.xsd";>
>>
>> <http auto-config="true" lowercase-comparisons="false">
>> <!--intercept-url pattern="/images/*" filters="none"/>
>> <intercept-url pattern="/styles/*" filters="none"/>
>> <intercept-url pattern="/scripts/*" filters="none"/-->
>> <intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
>> <intercept-url pattern="/passwordHint.html*"
>> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
>> <!-- <intercept-url pattern="/signup.html*"
>> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> -->
>> <intercept-url pattern="/signup.html*" access="ROLE_ADMIN"/>
>> <intercept-url pattern="/a4j.res/*.html*"
>> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
>> <!-- Regola per l'intercettazione del cambio profilo solo per
>> Admin -->
>> <intercept-url pattern="/editProfile.html*" access="ROLE_ADMIN"/>
>> <!-- APF-737, OK to remove line below if you're not using JSF -->
>> <intercept-url pattern="/**/*.html*"
>> access="ROLE_ADMIN,ROLE_USER"/>
>> <form-login login-page="/login.jsp"
>> authentication-failure-url="/login.jsp?error=true"
>> login-processing-url="/j_security_check"/>
>> <remember-me user-service-ref="userDao"
>> key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
>> </http>
>>
>> <authentication-provider user-service-ref="userDao">
>> <password-encoder ref="passwordEncoder"/>
>> </authentication-provider>
>>
>> <!-- Override the default password-encoder (SHA) by uncommenting the
>> following and changing the class -->
>> <!-- <bean id="passwordEncoder"
>> class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/>
>> -->
>>
>> <global-method-security>
>> <protect-pointcut expression="execution(*
>> *..service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
>> <protect-pointcut expression="execution(*
>> *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
>> </global-method-security>
>> </beans:beans>
>>
>>
>> And this is menu-config.xml:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <MenuConfig>
>> <Displayers>
>> <Displayer name="Velocity"
>> type="net.sf.navigator.displayer.VelocityMenuDisplayer"/>
>> </Displayers>
>> <Menus>
>> <Menu name="MainMenu" title="mainMenu.title"
>> page="/mainMenu.html" roles="ROLE_ADMIN,ROLE_USER"/>
>> <!-- Edit Profile รจ solo concesso agli amministratori e non i
>> retailer -->
>> <Menu name="UserMenu" title="menu.user" description="User Menu"
>> page="/editProfile.html" roles="ROLE_ADMIN"/>
>> <Menu name="AdminMenu" title="menu.admin" description="Admin
>> Menu" roles="ROLE_ADMIN" width="120" page="/admin/users.html">
>> <Item name="ViewUsers" title="menu.admin.users"
>> page="/admin/users.html"/>
>> <Item name="ActiveUsers" title="mainMenu.activeUsers"
>> page="/admin/activeUsers.html"/>
>> <Item name="ReloadContext" title="menu.admin.reload"
>> page="/admin/reload.html"/>
>> <!-- <Item name="FileUpload" title="menu.selectFile"
>> page="/uploadFile.html"/> -->
>> <Item name="FlushCache" title="menu.flushCache"
>> page="/admin/flushCache.html"/>
>> <Item name="Clickstream" title="menu.clickstream"
>> page="/admin/clickstreams.jsp"/>
>> </Menu>
>> <Menu name="Logout" title="user.logout" page="/logout.jsp"
>> roles="ROLE_ADMIN,ROLE_USER"/>
>> <Menu name="EndUserMenu" title="menu.viewEndUser"
>> page="/endUser.html" roles="ROLE_ADMIN,ROLE_USER"/>
>> </Menus>
>> </MenuConfig>
>>
>> All the other files are the same by the way this is my web.xml:
>>
>> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>
>>
>> <display-name>appfuse</display-name>
>> <distributable/>
>>
>> <!-- precompiled jsp mappings -->
>>
>> <!-- Define the default CSS Theme -->
>> <context-param>
>> <param-name>csstheme</param-name>
>> <param-value>simplicity</param-value>
>> </context-param>
>> <!-- Define the basename for a resource bundle for I18N -->
>> <context-param>
>>
>> <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
>> <param-value>ApplicationResources</param-value>
>> </context-param>
>> <!-- Fallback locale if no bundles found for browser's preferred
>> locale -->
>> <!-- Force a single locale using param-name
>> 'javax.servlet.jsp.jstl.fmt.locale' -->
>> <context-param>
>>
>> <param-name>javax.servlet.jsp.jstl.fmt.fallbackLocale</param-name>
>> <param-value>en</param-value>
>> </context-param>
>> <!-- Context Configuration locations for Spring XML files -->
>> <context-param>
>> <param-name>contextConfigLocation</param-name>
>> <param-value>
>> classpath:/applicationContext-resources.xml
>> classpath:/applicationContext-dao.xml
>> classpath:/applicationContext-service.xml
>> classpath*:/applicationContext.xml
>> /WEB-INF/applicationContext*.xml
>> /WEB-INF/xfire-servlet.xml
>> /WEB-INF/security.xml
>> </param-value>
>> </context-param>
>>
>> <filter>
>> <filter-name>cacheFilter</filter-name>
>>
>> <filter-class>com.opensymphony.oscache.web.filter.CacheFilter</filter-class>
>> </filter>
>> <filter>
>> <filter-name>clickstreamFilter</filter-name>
>>
>> <filter-class>com.opensymphony.clickstream.ClickstreamFilter</filter-class>
>> </filter>
>> <filter>
>> <filter-name>encodingFilter</filter-name>
>>
>> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
>> <init-param>
>> <param-name>encoding</param-name>
>> <param-value>UTF-8</param-value>
>> </init-param>
>> <init-param>
>> <param-name>forceEncoding</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> </filter>
>> <filter>
>> <filter-name>exportFilter</filter-name>
>>
>> <filter-class>org.displaytag.filter.ResponseOverrideFilter</filter-class>
>> </filter>
>> <filter>
>> <filter-name>gzipFilter</filter-name>
>>
>> <filter-class>net.sf.ehcache.constructs.web.filter.GzipFilter</filter-class>
>> </filter>
>> <!--<filter>
>> <filter-name>lazyLoadingFilter</filter-name>
>>
>> <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
>> </filter>-->
>> <!-- Use
>> "org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter" if
>> you're using JPA -->
>> <filter>
>> <filter-name>localeFilter</filter-name>
>>
>> <filter-class>org.appfuse.webapp.filter.LocaleFilter</filter-class>
>> </filter>
>> <filter>
>> <filter-name>rewriteFilter</filter-name>
>>
>> <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
>> <init-param>
>> <param-name>logLevel</param-name>
>> <param-value>log4j</param-value>
>> </init-param>
>> </filter>
>> <filter>
>> <filter-name>securityFilter</filter-name>
>>
>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>> <init-param>
>> <param-name>targetBeanName</param-name>
>> <param-value>springSecurityFilterChain</param-value>
>> </init-param>
>> </filter>
>> <filter>
>> <filter-name>sitemesh</filter-name>
>>
>> <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
>> </filter>
>> <filter>
>> <filter-name>staticFilter</filter-name>
>>
>> <filter-class>org.appfuse.webapp.filter.StaticFilter</filter-class>
>> <init-param>
>> <param-name>includes</param-name>
>> <param-value>/scripts/dojo/*,/dwr/*</param-value>
>> </init-param>
>> </filter>
>> <filter>
>> <filter-name>struts-cleanup</filter-name>
>>
>> <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
>> </filter>
>> <filter>
>> <filter-name>struts</filter-name>
>>
>> <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
>> <init-param>
>> <param-name>actionPackages</param-name>
>> <param-value>it.retelit.app.webapp.action</param-value>
>> </init-param>
>> </filter>
>>
>> <filter-mapping>
>> <filter-name>encodingFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>securityFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>> <!-- Commented out for 2 reasons: 1) it's a pain when developing
>> JSPs, and
>> 2) it causes the Signup webtest to
>> fail -->
>> <!--filter-mapping>
>> <filter-name>cacheFilter</filter-name>
>> <url-pattern>*.jsp</url-pattern>
>> </filter-mapping-->
>> <!--<filter-mapping>
>> <filter-name>lazyLoadingFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>-->
>> <filter-mapping>
>> <filter-name>clickstreamFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>localeFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>> <!-- GZipFilter has issues with XFire's service-listing servlet. -->
>> <!-- http://issues.appfuse.org/browse/APF-863 -->
>> <filter-mapping>
>> <filter-name>gzipFilter</filter-name>
>> <url-pattern>*.css</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>gzipFilter</filter-name>
>> <url-pattern>*.html</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>gzipFilter</filter-name>
>> <url-pattern>*.js</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>gzipFilter</filter-name>
>> <url-pattern>*.jsp</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>exportFilter</filter-name>
>> <url-pattern>*.html</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>rewriteFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> <dispatcher>REQUEST</dispatcher>
>> <dispatcher>FORWARD</dispatcher>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>struts-cleanup</filter-name>
>> <url-pattern>/*</url-pattern>
>> <dispatcher>REQUEST</dispatcher>
>> <dispatcher>FORWARD</dispatcher>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>sitemesh</filter-name>
>> <url-pattern>/*</url-pattern>
>> <dispatcher>REQUEST</dispatcher>
>> <dispatcher>FORWARD</dispatcher>
>> <dispatcher>INCLUDE</dispatcher>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>staticFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> <dispatcher>REQUEST</dispatcher>
>> <dispatcher>FORWARD</dispatcher>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>struts</filter-name>
>> <url-pattern>/*</url-pattern>
>> <dispatcher>REQUEST</dispatcher>
>> <dispatcher>FORWARD</dispatcher>
>> </filter-mapping>
>>
>> <listener>
>>
>> <listener-class>com.opensymphony.clickstream.ClickstreamListener</listener-class>
>> </listener>
>> <listener>
>>
>> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>> </listener>
>> <listener>
>>
>> <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
>> </listener>
>> <listener>
>>
>> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
>> </listener>
>> <listener>
>>
>> <listener-class>org.appfuse.webapp.listener.StartupListener</listener-class>
>> </listener>
>> <listener>
>>
>> <listener-class>org.appfuse.webapp.listener.UserCounterListener</listener-class>
>> </listener>
>> <listener>
>>
>> <listener-class>net.sf.navigator.menu.MenuContextListener</listener-class>
>> </listener>
>>
>> <servlet>
>> <servlet-name>dwr-invoker</servlet-name>
>>
>> <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
>> <init-param>
>> <param-name>debug</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> </servlet>
>>
>> <servlet>
>> <servlet-name>xfire</servlet-name>
>>
>> <servlet-class>org.codehaus.xfire.spring.XFireSpringServlet</servlet-class>
>> </servlet>
>>
>> <servlet-mapping>
>> <servlet-name>dwr-invoker</servlet-name>
>> <url-pattern>/dwr/*</url-pattern>
>> </servlet-mapping>
>>
>> <servlet-mapping>
>> <servlet-name>xfire</servlet-name>
>> <url-pattern>/services/*</url-pattern>
>> </servlet-mapping>
>>
>> <session-config>
>> <session-timeout>10</session-timeout>
>> </session-config>
>>
>> <welcome-file-list>
>> <welcome-file>index.jsp</welcome-file>
>> </welcome-file-list>
>>
>> <error-page>
>> <error-code>500</error-code>
>> <location>/error.jsp</location>
>> </error-page>
>> <error-page>
>> <error-code>400</error-code>
>> <location>/index.jsp</location>
>> </error-page>
>> <error-page>
>> <error-code>403</error-code>
>> <location>/403.jsp</location>
>> </error-page>
>> <error-page>
>> <error-code>404</error-code>
>> <location>/404.jsp</location>
>> </error-page>
>> </web-app>
>>
>> Thanks a lot Matt :-)
>> Ema
>>
>>
>> mraible wrote:
>>>
>>> Can you post before and after code differences? Have you changed the
>>> order of filters in your web.xml?
>>>
>>> Matt
>>>
>>> On Mon, Aug 25, 2008 at 7:33 AM, mannobug <[EMAIL PROTECTED]> wrote:
>>>>
>>>> Hi Matt thanks for reply :-)
>>>> I modified security.xml adding this:
>>>>
>>>> ...
>>>> <intercept-url pattern="/signup.html*" access="ROLE_ADMIN"/>
>>>> <intercept-url pattern="/editProfile.html*" access="ROLE_ADMIN"/>
>>>> ...
>>>>
>>>> in menu-config.xml i edit entry in this way:
>>>> ...
>>>> <Menu name="UserMenu" title="menu.user" description="User Menu"
>>>> page="/editProfile.html" roles="ROLE_ADMIN"/>
>>>> ...
>>>>
>>>> nothing more.
>>>> I tried to follow the idea but for sure is not correct.
>>>> Tell me if is enough instead i'll put all the code. ;-)
>>>>
>>>> Thanks a lot.
>>>> Ema
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> mraible wrote:
>>>>>
>>>>> Can you post a diff of your modification?
>>>>>
>>>>> Matt
>>>>>
>>>>> On Mon, Aug 25, 2008 at 7:02 AM, mannobug <[EMAIL PROTECTED]> wrote:
>>>>>>
>>>>>> Hi all I'm new of this community, I started just few days ago to work
>>>>>> with
>>>>>> AppFuse. First, it's amazing and really powerful. I followed all
>>>>>> tutorials
>>>>>> starting from persistence to web. I'm working with Hibernate, Spring
>>>>>> and
>>>>>> Struts2.
>>>>>> I'd like to disable editProfile and signup for simple user and for
>>>>>> anonimous
>>>>>> but i don't know how.
>>>>>> I tried to modify security.xml using intercept-url but after this i
>>>>>> receive
>>>>>> this error when after log in procedure i put this address in browser
>>>>>> http://localhost:8080/editProfile.html:
>>>>>>
>>>>>> Accipicchia!
>>>>>>
>>>>>> The Struts dispatcher cannot be found. This is usually caused by
>>>>>> using
>>>>>> Struts tags without the associated filter. Struts tags are only
>>>>>> usable
>>>>>> when
>>>>>> the request has passed through its servlet filter, which initializes
>>>>>> the
>>>>>> Struts dispatcher needed for this tag. - [unknown location]
>>>>>> at
>>>>>> org.apache.struts2.views.jsp.TagUtils.getStack(TagUtils.java:60)
>>>>>> at
>>>>>> org.apache.struts2.views.jsp.StrutsBodyTagSupport.getStack(StrutsBodyTagSupport.java:52)
>>>>>> at
>>>>>> org.apache.struts2.views.jsp.ComponentTagSupport.doStartTag(ComponentTagSupport.java:49)
>>>>>> ...
>>>>>>
>>>>>> Any ideas or help? I didn't find any tutorial about this. Thanks a
>>>>>> lot.
>>>>>> Regards.
>>>>>> Ema :-)
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/Disable-editProfile-and-signup-tp19143463s2369p19143463.html
>>>>>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Disable-editProfile-and-signup-tp19143463s2369p19143946.html
>>>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Disable-editProfile-and-signup-tp19143463s2369p19162483.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
