[EMAIL PROTECTED] wrote:
The AbstractIntegrationFilter subclass (typically AutoIntegrationFilter) is responsible for setting up a ContextHolder, populating it with any Authentication object from a container-provided location (eg HttpSession) and setting it to null at the end of the request.I am using my own JdbcDaoImpl for authentication of user from database. When i run the program with my own roles say ROLE_ABC, I get a 404 ( resources access forbidden ) error. I have been advised to diable the userchaching so that DaoAuthenticationProvider will always get UserDetail from database. I have done that, but even after that I have noticed if in filterInvocationInterceptor I have \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER line then my ROLE_ABC cannot log in. I've also tried removing that line, now user can be authenticated and can properly navigate the pages, but If I run the application without any user logged in, it gives me a exception in SecureIndexController, as it cannot find any SecureContext Object. any hints as to how the sample.contact application finds the SecureContext Object every time container receives the request.
If you have \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER in filterInvocationInterceptor, it is entirely correct that a user only holding ROLE_ABC should receive a 404 error. Add a comma and the ROLE_ABC if you want to allow users holding ROLE_ABC to access the /secure URIs. If that doesn't work, I'd suggest turning on debugging to see what ContextHolder.getContext().getAuthentication().getAuthorities() actually contains.
You are receiving an exception via SecureIndexController as it expects the user will have been logged in via the filterInvocationInterceptor before the SecureIndexController gets called. You really need to sort out why your ROLE_ABC isn't working and not worry about SecureIndexController at this point (it's a legitimate design requirement for SecureIndexController to expect ContextHolder is populated, due to it being behind a protected URI).
Ben
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
