|
Hi. I’m currently new with acegi. We develop our application using webwork+free marker, and
acegi for the security. It’s deal with NTLM. I have a problem with FilterSecurityInterceptor bean. I’m try to secure my application URLs by entering
filtering pattern on ObjectDefinition source property. Here is my filter <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref bean="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref bean="accessDecisionManager"/> </property> <!-- <property
name="runAsManager"> <ref
bean="runAsManager"/>
</property> --> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/index.jsp=ANONYMOUS,USER
/hello.htm=ANONYMOUS,USER
/logoff.jsp=ANONYMOUS,USER
/acegilogin.jsp*=ANONYMOUS,USER
/kimap/**=HBI_ADMIN
/location/**=HBI_ADMIN, ADMIN
/user/**=ADMIN
/**=USER </value> </property>
</bean> Well it works well when there is just one role
specified for the package. For example on package /kimap, it works well. The
user that not in role HBI_ADMIN is rejected when the are trying to access the URL
under /kimap package. But the problem arise when the role that specified
for some package or URL more than one. For example package location. I specify that
URL allowed for user that have role HBI_ADMIN or ADMIN. But it’s not work. It will reject the user that just have role HBI_ADMIN or just ADMIN. It only accept user with
both ROLE. Does anyone ever deal with this problem? Please tell me in which part the mistake that I made. Regards, gede sutarsa |
[Acegisecurity-developer] problem with FilterSecurityInterceptor
I Gede Putu Sutarsa Giri Putra Wed, 05 Apr 2006 04:38:14 -0700
- [Acegisecurity-developer] problem with Filt... I Gede Putu Sutarsa Giri Putra
- Re: [Acegisecurity-developer] problem ... Vikas Sasidharan
