Hello Ben ! I am using AffirmativeBased AccessDecisionManager. and I have also tried printing out details from loadUserByUserName from subclass of JdbcDaoImpl, and its giving me correct details. I still cannot understand that why ROLE_SUPERVISOR can log in and with ROLE_ABC its giving 403 error. By the way on console I get an Authentication success msg, so it means that the framework is recognizing my user, but somehow someway my new user cannto access the resource. and If I try to change that ROLE_ABC to ROLE_TELLER, everything works fine again. and I have also noticed that when I log in from ROLE_SUPERVISOR ; the authentication works fine and then secureIndexController is called which proceeds further but in case of ROLE_ABC its says that authentication successful but it nevers calls the secureIndexController, any advise , as your advise is always very helpful.
Regards, Sami Ather -------------------------------------------------- System Developer Product Development & Engineering AUSTAR Communications Pty Ltd Ph : 02 9394 9511 > Hi Sami The standard Contacts sample uses AffirmativeBased (AccessDecisionManager) which grants access if _any_ AccessDecisionVoter votes to grant access. Thus if you simply added ROLE_ABC to the security interceptor section (BTW, which one, the MethodSecurityInterceptor or FilterSecurityInterceptor?) it should still work with your user who holds ROLE_SUPERVISOR as the presence of ROLE_ABC is a "bonus" which is never checked. I'd therefore tip you've either chosen to use a different AccessDecisionManager (like UnanimousBased, although that should still work as the user has both roles!) or perhaps your JdbcDaoImpl has not been correctly subclassed. I would expect it's the latter. Try writing a unit test for your JdbcDaoImpl subclass (or good old System.out.println or logger.debug) to check the UserDetails object it returns does indeed contain all the roles you'd expect via UserDetails.getAuthorities(). Ben ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
