Look for the bean called "methodSecurityInterceptor" in security.xml - it is configured to only allow administrators to access the user list. If you want ordinary users to access this method you need to change the configuration of this bean. Please note that displaying the list of users to all application users could be considered a security risk.
Mike On 11/13/07, Ding, Qin <[EMAIL PROTECTED]> wrote: > > > Appfuse 1.9.4/DB2/JSF > > I need to build a dropdown for all the users. Follow the CountryModel > sample, to build a UserModel. When login as admin, it is fine. When I > Login as user, userModel.getUsers() got error: > > "org.acegisecurity.AccessDeniedException: Access is denied". > > My UserModel does not throw such an error. It just builds a list of all > users from database like countryModel. Where does the error come from? > Please advice. > > Thank you. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
