On 10/10/05, Ben Alex <[EMAIL PROTECTED]> wrote:
> Acegi Security provides authorization via AOP. So you need a way of
> introducing security advice to the object you create. Generally people
> do this declaratively via the application context.
I'd love to see an example of how the application context can be used
to declaratively provide access control.
Here is how I am trying to use the Spring configuration file:
My decision manager:
<bean id='accessDecisionManager'
class='net.sf.acegisecurity.vote.UnanimousBased'>
<property name='decisionVoters'>
<list>
<ref bean='roleVoter'/>
</list>
</property>
</bean>
<bean id='roleVoter' class='net.sf.acegisecurity.vote.RoleVoter'/>
My authentication manager:
<bean id='authenticationManager'
class='net.sf.acegisecurity.providers.ProviderManager'>
<property name='providers'>
<list>
<ref bean='authenticationProvider'/>
</list>
</property>
</bean>
<bean id='authenticationProvider'
class='net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider'>
<property name='authenticationDao'>
<ref bean='authenticationDao'/>
</property>
</bean>
<bean id='authenticationDao'
class='net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl'>
<property name='userMap'>
<value>
userA=userA,ROLE_PRESIDENT
userB=userB,ROLE_FIELD_OPS,ROLE_DIRECTOR
userC=userC,disabled,ROLE_FIELD_OPS
</value>
</property>
</bean>
My method interceptor:
<bean id='securityInterceptor'
class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
<property
name="validateConfigAttributes"><value>true</value></property>
<property name='authenticationManager'><ref
bean='authenticationManager'/></property>
<property name='accessDecisionManager'><ref
bean='accessDecisionManager'/></property>
<property name='objectDefinitionSource'>
<value>
BeanA.setValue=ROLE_PRESIDENT
BeanA.getValue=ROLE_FIELD_OPS,ROLE_DIRECTORY,ROLE_PRESIDENT
</value>
</property>
</bean>
My proxy creator:
<bean id='autoProxyCreator'
class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>
<property name='interceptorNames'>
<list>
<value>securityInterceptor</value>
</list>
</property>
<property name='beanNames'>
<list>
<value>beanA</value>
</list>
</property>
</bean>
And finally, my bean:
<bean id='beanA' class='BeanA'/>
My java code does the following:
ApplicationContext ctx = new
ClassPathXmlApplicationContext("spring.xml");
IBeanA a = (IBeanA) ctx.getBean("beanA");
System.out.println("a: " + a);
When logging is turned on, the following messages are displayed:
2005-10-12 09:31:42,062 INFO
net.sf.acegisecurity.providers.dao.memory.UserMap - Adding user
[EMAIL PROTECTED]: Username: userC;
Password: [PROTECTED]; Enabled: false; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_FIELD_OPS]
2005-10-12 09:31:42,078 INFO
net.sf.acegisecurity.providers.dao.memory.UserMap - Adding user
[EMAIL PROTECTED]: Username: userB;
Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_FIELD_OPS, ROLE_DIRECTOR]
2005-10-12 09:31:42,078 INFO
net.sf.acegisecurity.providers.dao.memory.UserMap - Adding user
[EMAIL PROTECTED]: Username: userA;
Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_PRESIDENT]
2005-10-12 09:31:42,125 DEBUG
net.sf.acegisecurity.intercept.method.MethodDefinitionMap - Adding
secure method [BeanA.setValue] with attributes [[ROLE_PRESIDENT]]
2005-10-12 09:31:42,125 INFO
net.sf.acegisecurity.intercept.method.MethodDefinitionMap - Adding
secure method [public void BeanA.setValue(java.lang.String)] with
attributes [[ROLE_PRESIDENT]]
2005-10-12 09:31:42,125 DEBUG
net.sf.acegisecurity.intercept.method.MethodDefinitionMap - Adding
secure method [BeanA.getValue] with attributes [[ROLE_FIELD_OPS,
ROLE_DIRECTORY, ROLE_PRESIDENT]]
2005-10-12 09:31:42,140 INFO
net.sf.acegisecurity.intercept.method.MethodDefinitionMap - Adding
secure method [public java.lang.String BeanA.getValue()] with
attributes [[ROLE_FIELD_OPS, ROLE_DIRECTORY, ROLE_PRESIDENT]]
2005-10-12 09:31:42,156 INFO
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor - Validated
configuration attributes
2005-10-12 09:31:42,328 DEBUG
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor - Public
object - authentication not attempted
a: [EMAIL PROTECTED]
You'll notice the second to last line:
2005-10-12 09:31:42,328 DEBUG
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor - Public
object - authentication not attempted
So the obvious question is: How can a private object be created? I see
not Spring or ACEGI documentation regarding private vs pubic objects.
If you can help, I'd be grateful.
thanks,
david
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
