One thing we did in the latest version of AppFuse is to rename
applicationContext-security.xml to security.xml and explicitly load it
in web.xml. This is so it loads *after*
applicationContext-service.xml. I don't know if it will help, but it
might.
Matt
On 12/19/06, nutanc <[EMAIL PROTECTED]> wrote:
Hi,
I want to set up permissions for roles so that only certain roles can access
certain methods in an object. In applicationContext-security.xml I found
<!-- Override 'userManager' bean definition to add userManagerSecurity
interceptor -->
<bean id="userManager" parent="txProxyTemplate">
<property name="target">
<bean class="org.appfuse.service.impl.UserManagerImpl">
<property name="userDAO" ref="userDAO"/>
</bean>
</property>
<!-- Override default transaction attributes b/c of
UserExistsException -->
<property name="transactionAttributes">
<props>
<prop
key="save*">PROPAGATION_REQUIRED,-UserExistsException</prop>
<prop key="remove*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_REQUIRED,readOnly</prop>
</props>
</property>
<property name="preInterceptors">
<list>
<ref bean="userSecurityInterceptor"/>
<ref bean="userManagerSecurity"/>
</list>
</property>
</bean>
<bean id="userManagerSecurity"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
org.appfuse.service.UserManager.getUsers=admin
org.appfuse.service.UserManager.removeUser=admin
</value>
</property>
</bean>
So if I want to setup permissions for Obj1,I did as given below
<bean id="obj1Manager" parent="txProxyTemplate">
<property name="target">
<bean class="org.appfuse.service.impl.Obj1ManagerImpl">
<property name="obj1DAO" ref="obj1DAO"/>
</bean>
</property>
<property name="preInterceptors">
<list>
<ref bean="obj1ManagerSecurity"/>
</list>
</property>
</bean>
<bean id="obj1ManagerSecurity"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
org.appfuse.service.Obj1Manager.getObj1s=admin
org.appfuse.service.Obj1Manager.removeObj1=admin
</value>
</property>
</bean>
But it is not working.Any help is appreciated.Thank you.
-Chaitanya
--
View this message in context:
http://www.nabble.com/Role-permissions-tf2846828s2369.html#a7949837
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
http://raibledesigns.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
