Lionel,
Could you please check my web.xml configuration for the security
implementation?
I tried changing the <url-pattern> .*action in my web.xml but the issue
remains same. Do you have any idea about common mistake that I can come
across on security configuration?
<filter>
<description>
Provides essential configuration and request processing services
for the Stripes framework.
</description>
<display-name>Stripes Security Filter</display-name>
<filter-name>StripesSecurityFilter</filter-name>
<filter-class>net.sourceforge.stripes.security.controller.StripesSecurityFilter</filter-class>
<init-param>
<param-name>SecurityManager.Class</param-name>
<param-value>au.com.aim.base.stripes.security.SimpleSecurityManager</param-value>
</init-param>
<init-param>
<param-name>UnauthorizedResolutionURL</param-name>
<param-value>/notAuthorised.jsp</param-value>
</init-param>
<init-param>
<param-name>LocalePicker.Locales</param-name>
<param-value>en_AU</param-value>
</init-param>
<!-- Handling File upload exception.-->
<init-param>
<description>Stripes exception handler</description>
<param-name>ExceptionHandler.Class</param-name>
<param-value>net.sourceforge.stripes.exception.DelegatingExceptionHandler</param-value>
</init-param>
<init-param>
<description>Stripes exception resolver filter</description>
<param-name>DelegatingExceptionHandler.UrlFilters</param-name>
<param-value>WEB-INF/classes</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>StripesSecurityFilter</filter-name>
*<url-pattern>*.jsp</url-pattern>*
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>StripesSecurityFilter</filter-name>
<servlet-name>StripesDispatcher</servlet-name>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
On Tue, Jul 8, 2008 at 11:37 PM, Lionel <[EMAIL PROTECTED]> wrote:
> Following the same scenario, I don't face this issue...
>
> Lionel
>
> "Tissen" <[EMAIL PROTECTED]<[EMAIL PROTECTED]>>
> a écrit dans le message de news:
> [EMAIL PROTECTED]
>
> Dear All,
>
> I have ACL based Secuity in my application and the security works fine in
> all the happy flows. But I found an issue while testing the security.
>
> I have two roles in my application that are Administrator and User. I can
> control the access level in the JSP using <ss:secure
> roles=""></ss:secure> tag. Even I have used @secure annotation at method
> level.
>
> * (I refered,
> http://www.stripesframework.org/display/stripes/Securing+Stripes+With+ACLs
> )*
>
> The senario I have tested is below.
>
> 1. Logged in as Administrator and executed a secure method.
>
> 2. Copy the URL from the browser after execution.
>
> 3. Open a new browser and login as a User.
>
> 4. After successful authentication past the URL that is copied from
> Administrator user and press enter.
>
> 5. The Result is, The user can also do the same action which can only
> be performed by administrator.
>
> Ideally user should take to notAuthorized.jsp as I specified this in
> web.xml but it is not happening
>
> Did anybody encountered this issue previously? I am just thinking of
> writing an Interceptor to check the roles just before executing the action.
> Is it a right way to do this?
>
> Could anybody suggest a solution to solve this issue?
>
> Cheers,
>
> Tissen Sebasian
>
>
> -------------------------------------------------------------------------
> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> Studies have shown that voting for your favorite open source project,
> along with a healthy diet, reduces your potential for chronic lameness
> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> _______________________________________________
> Stripes-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
--
Cheers,
Tissen Sebastian
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
