Here's a more full stack trace - still getting the problem - but only with
Users, not Groups.
Caused by: javax.faces.el.EvaluationException: Bean:
com.openlogic.blueglue.webapp.action.UserList, property: users
at
org.apache.myfaces.el.PropertyResolverImpl.getProperty(PropertyResolverImpl.java:442)
at
org.apache.myfaces.el.PropertyResolverImpl.getValue(PropertyResolverImpl.java:82)
at
com.sun.facelets.el.LegacyELContext$LegacyELResolver.getValue(LegacyELContext.java:141)
at com.sun.el.parser.AstValue.getValue(AstValue.java:117)
at
com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
at
com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
at
com.sun.facelets.el.LegacyValueBinding.getValue(LegacyValueBinding.java:56)
... 97 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.apache.myfaces.el.PropertyResolverImpl.getProperty(PropertyResolverImpl.java:438)
... 103 more
Caused by: org.acegisecurity.AccessDeniedException: Access is denied
at
org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
at
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:276)
at
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:63)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:104)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:652)
at
com.openlogic.blueglue.server.service.impl.UserManagerImpl$$EnhancerByCGLIB$$123aa7cc.getUsers(<generated>)
at
com.openlogic.blueglue.webapp.action.UserList.getUsers(UserList.java:79)
tonyl wrote:
>
> I already made User.getAuthorities() call User.getAllAuthorities() and
> that's what allowed me to log in and have the mainMenu.xhtml display the
> links to the admin secured areas. It's just that when I then click to view
> the Users List - I get the access denied error.
>
> I'll try it.
>
>
> mraible wrote:
>>
>> What if you change User.getAllAuthorities to be User.getAuthorities -
>> does that work?
>>
>> Matt
>>
>> On 2/26/07, tonyl <[EMAIL PROTECTED]> wrote:
>>>
>>> I get the following error:
>>>
>>> Caused by: org.acegisecurity.AccessDeniedException: Access is denied
>>> at
>>> org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
>>> at
>>> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:276)
>>> at
>>> org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:63)
>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
>>> at
>>> org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:104)
>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
>>> at
>>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
>>> at
>>> org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:652)
>>> at
>>> com.openlogic.blueglue.server.service.impl.UserManagerImpl$$EnhancerByCGLIB$$dd3afb5a.getUsers(<generated>)
>>> at
>>> com.openlogic.blueglue.webapp.action.UserList.getUsers(UserList.java:80)
>>>
>>> So, the transaction advice is getting called before the getUsers() call
>>> but
>>> I don't think it's calling UserSecurityAdvice since I put some printlns
>>> in
>>> the before method and nothing is coming out in the console or the log.
>>>
>>> Unfortunately, my laptop won't let me run tests - I have some
>>> configuration
>>> problem with my database, but the application runs totally fine.
>>>
>>>
>>>
>>> mraible wrote:
>>> >
>>> > On 2/26/07, tonyl <[EMAIL PROTECTED]> wrote:
>>> >>
>>> >> The following code got me a whole lot farther than I expected. I'm
>>> >> getting an
>>> >> Access Denied Error however. The code that checks for that is in
>>> >> UserSecurityAdvice - correct?
>>> >
>>> > It depends on when you get the access denied error. You might try
>>> > running and manipulating UserSecurityAdviceTest.
>>> >
>>> > Matt
>>> >
>>> >>
>>> >>
>>> >> public GrantedAuthority[] getAuthorities()
>>> >> {
>>> >> /*
>>> >> List<GrantedAuthority> authorities = new
>>> >> LinkedList<GrantedAuthority>();
>>> >> authorities.addAll( roles );
>>> >> for ( Iterator iter = roles.iterator(); iter.hasNext(); )
>>> >> {
>>> >> RoleDB role = (RoleDB) iter.next();
>>> >> authorities.addAll( role.getPermissions() );
>>> >> }
>>> >> return authorities.toArray(new GrantedAuthority[0]);
>>> >> */
>>> >> return getAllAuthorities();
>>> >> }
>>> >>
>>> >> public GrantedAuthority[] getAllAuthorities()
>>> >> {
>>> >> List<GrantedAuthority> authorities = new
>>> >> LinkedList<GrantedAuthority>();
>>> >> authorities.addAll( roles );
>>> >> for ( Iterator iter = roles.iterator(); iter.hasNext(); )
>>> >> {
>>> >> RoleDB role = (RoleDB) iter.next();
>>> >> authorities.addAll( role.getPermissions() );
>>> >> }
>>> >>
>>> >> for ( Iterator giter = groups.iterator(); giter.hasNext(); )
>>> >> {
>>> >> GroupDB group = (GroupDB) giter.next();
>>> >> Set roles = group.getRoles();
>>> >> for ( Iterator riter = roles.iterator(); riter.hasNext();
>>> )
>>> >> {
>>> >> RoleDB role = (RoleDB) riter.next();
>>> >> authorities.addAll( role.getPermissions() );
>>> >> }
>>> >> }
>>> >>
>>> >> return authorities.toArray(new GrantedAuthority[0]);
>>> >> }
>>> >>
>>> >>
>>> >>
>>> >> tonyl wrote:
>>> >> >
>>> >> > Matt,
>>> >> >
>>> >> > I checked out the JIRA issue, and it redirects to
>>> >> >
>>> >> > http://opensource.atlassian.com/projects/spring/browse/SEC-272
>>> >> >
>>> >> > which is still open. I'll check the sample apps, too.
>>> >> >
>>> >> >
>>> >> >
>>> >> > mraible wrote:
>>> >> >>
>>> >> >> Apparently, Acegi security supports groups now, but I couldn't
>>> find
>>> >> >> any documentation on it. You might want to check one of their
>>> sample
>>> >> >> apps.
>>> >> >>
>>> >> >> http://opensource.atlassian.com/projects/spring/browse/SEC-325
>>> >> >>
>>> >> >> Matt
>>> >> >>
>>> >> >> On 2/26/07, tonyl <[EMAIL PROTECTED]> wrote:
>>> >> >>>
>>> >> >>> So, we are adding groups of users to the base application
>>> generated
>>> >> by
>>> >> >>> AppFuse, and we have set up the groups to accept Roles, just like
>>> >> Users.
>>> >> >>> The
>>> >> >>> issue that I am having is how to have the session recognize the
>>> >> >>> amalgamation
>>> >> >>> of roles from both the User and the Groups that the User belongs
>>> to.
>>> >> >>>
>>> >> >>> For example, create a user that has the default User role. Then
>>> >> create a
>>> >> >>> group that contains the user. The group has the role of Admin.
>>> When I
>>> >> >>> log in
>>> >> >>> as the user, I want the session to recognize that the user now
>>> has
>>> >> Admin
>>> >> >>> privileges because of the group.
>>> >> >>>
>>> >> >>> I've tried various things in the UserSecurityAdvice class, but
>>> >> nothing
>>> >> >>> seems
>>> >> >>> to work. I have implemented a getAllAuthorities method that does
>>> the
>>> >> >>> amalgamation but I can't figure out where to pass it into the
>>> context
>>> >> to
>>> >> >>> get
>>> >> >>> it to recognize that all the permissions.
>>> >> >>>
>>> >> >>> Thanks,
>>> >> >>>
>>> >> >>> Tony
>>> >> >>>
>>> >> >>>
>>> >> >>> --
>>> >> >>> View this message in context:
>>> >> >>>
>>> >>
>>> http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9170681
>>> >> >>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>> >> >>>
>>> >> >>>
>>> ---------------------------------------------------------------------
>>> >> >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> >> >>> For additional commands, e-mail: [EMAIL PROTECTED]
>>> >> >>>
>>> >> >>>
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> http://raibledesigns.com
>>> >> >>
>>> >> >>
>>> ---------------------------------------------------------------------
>>> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >
>>> >> >
>>> >>
>>> >> --
>>> >> View this message in context:
>>> >>
>>> http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9171560
>>> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > http://raibledesigns.com
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> > For additional commands, e-mail: [EMAIL PROTECTED]
>>> >
>>> >
>>> >
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9172123
>>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>
>>
>> --
>> http://raibledesigns.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Implementing-Groups-with-Roles-tf3296597s2369.html#a9207915
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
