[Acegisecurity-developer] Method-level access problem

Angel Martínez González Tue, 14 Mar 2006 05:05:15 -0800

Hello,

I want secure method invocations with Acegi.

I have an interface file: IFormEnvioDocumentoController.java, with this code:

package com.acotelsa.galileo.webframework.plantilla.controller.documento;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;

public interface IFormEnvioDocumentoController {

public ModelAndView enviar(HttpServletRequest request, HttpServletResponse response, Object comando, BindException errors) throws Exception;

}

The implementation file is: FormEnvioDocumentoController.java, with this code:

public class FormEnvioDocumentoController extends MultiFormController implements IFormEnvioDocumentoController{

    public ModelAndView enviar(HttpServletRequest request, HttpServletResponse response, Object comando, BindException errors) throws Exception {

        ModelAndView resultado = new ModelAndView(new RedirectView(getSuccessView()));

        // Tratamos el documento que nos ha sido enviado
        if (!errors.hasErrors()) {
            FormEnvioDocumento documentoEnviado = (FormEnvioDocumento) comando;

            // Obtenemos el nombre del documento
            MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
            CommonsMultipartFile file = (CommonsMultipartFile) multipartRequest.getFile("documento");

            // Almacenamos el documento
            CDocumento documento = new CDocumento();
            documento.setDocumento(documentoEnviado.getDocumento());
            documento.setFechaRecepcion(new Date());
            documento.setNombre(file.getOriginalFilename());
            documento.setAlmacenado("N");
            managerDocumento.insertDocumento(documento);
        }

        return resultado;
    }

}

The configuration in my xml file is the following:

<list>

<value>methodSecurityInterceptor</value>

</list>

</property>

</bean>

</property>

</property>

</property>

<value>

com.acotelsa.galileo.webframework.plantilla.controller.documento.IFormEnvioDocumentoController.enviar=ROLE_SUPERVISOR

</value>

</property>

</bean>

<property name="sessionForm"><value>false</value></property>

<property name="commandName"><value>fDocumento</value></property>

<property name="commandClass"><value>com.acotelsa.galileo.webframework.plantilla.form.documento.FormEnvioDocumento</value></property>

<property name="formView"><value>documento/formDocumento</value></property>

<map>

<entry key="enviar"><value>listar.do?accion=&modulo=documento</value></entry>

</map>

</property>

<map>

</map>

</property>

</property>

</bean>

But, the problem is that any user can use this method. I don´t get limit the access to this method. Only the users with role "ROLE_SUPERVISOR" must access.

What is the problem?. What I do wrong?.

Thanks.

Regards.

*****************************************************
Ángel Martínez González
Delivery Service - Acotel S.A
e-mail:[EMAIL PROTECTED] - Tlf:(+34)983440273
Oficina 201 - Edificio Galileo, Módulo Rojo
Parque Tecnológico de Boecillo
47151 Boecillo (Valladolid) - España
*****************************************************

[Acegisecurity-developer] Method-level access problem

Reply via email to