Hi Stefano,
Campa wrote:
Hi,
I'm using appfuse 2.0 with struts 2.
I cannot understand because requesting a url like
http://...8080/patient/list.html, logged with a user with only "ROLE_USER"
the security layer give me an ExceptionPage (
org.acegisecurity.AccessDeniedException: Access is denied ). It not block
user with ADMIN_ROLE.
My security.xml file reporting the follow ANT_PATHs:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/admin/*=ROLE_ADMIN
/passwordHint.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER
/signup.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER
/a4j.res/*.html*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER <!--
APF-737, OK to remove if not using JSF -->
/**/*.html*=ROLE_ADMIN,ROLE_USER
/patient/list.html*=ROLE_ADMIN,ROLE_USER
Firstly, I'm no expert, but I believe that the "/**/*.html *=..." would
overrule your "/patient/list.html ..." because it comes before it. But
that wouldn't cause your problem.
Have you checked your struts.xml file to see if there's an interceptor
that covers your URL? I have some in my struts.xml file - like
"<interceptor-ref name="adminCheck" />"
HTH,
Rob Hills
Waikiki, Western Australia
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
