Hi,
I'm using appfuse 2.0 with struts 2.
I cannot understand because requesting a url like
http://...8080/patient/list.html, logged with a user with only "ROLE_USER"
the security layer give me an ExceptionPage (
org.acegisecurity.AccessDeniedException: Access is denied ). It not block
user with ADMIN_ROLE.
My security.xml file reporting the follow ANT_PATHs:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/admin/*=ROLE_ADMIN
/passwordHint.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER
/signup.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER
/a4j.res/*.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER <!--
APF-737, OK to remove if not using JSF -->
/**/*.html*=ROLE_ADMIN,ROLE_USER
/patient/list.html*=ROLE_ADMIN,ROLE_USER
</value>
</property>
</bean>
Can some one help me ?
Thanks
Stefano
--
View this message in context:
http://www.nabble.com/Security-configuration-tf4849572s2369.html#a13875515
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
