On 1/7/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi Micheal,
>
>
>
> I think it's a fault on my part. There's probably something I haven't done
> right, but cannot put my finger on it.
>
>
>
> Here's what I want it to do: Whenever I log in (as any user), it should
> take me to a menu page. The way I've coded it, I should see an admin menu
> item (with it's sub-items) when logged in as admin, support. However, when
> logged in as ToolAdmin, ToolUser, this item shouldn't show up.
>
>
>
> Here's what's happening: Say the admin menu item has a sub-item that links
> to page1. So, I log in as admin/support and I go to 'page1'. Now I log out
> and log back in as a ToolAdmin/ToolUser. Instead of taking me to their menu,
> I'm taken straight to an AccessDenied page.
>
Have you added ToolAdmin and ToolUser to the filterInvocationInterceptor in
security.xml?
<bean id="filterInvocationInterceptor" class="
org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/admin/*=ROLE_ADMIN
...
/**/*.html*=ROLE_ADMIN,ROLE_ToolUser, ROLE_ToolAdmin
</value>
</property>
</bean>
Mike
> You can look at this as the being right and yet being wrong. It's right,
> because they don't have access to this page. It's wrong because each
> different user should have their own session, in that…….the tool shouldn't
> hang on to the last page accessed by the previous user logged in.
>
>
>
>
>
> Vanessa Pacheco
> Programmer
> Bowman Systems L.L.C
> 318.213.8780x307
>
>
>
> ======================================
>
> IMPORTANT WARNING: This message is intended for the use of the person or
> entity to which it is addressed and may contain information that is
> privileged and confidential, the disclosure of which is governed by
> applicable law. If the reader of this message is not the intended recipient,
> or the employee or agent responsible to deliver it to the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this information is strictly prohibited. If you have received
> this message in error, please notify the sender immediately and arrange for
> the return or destruction of these documents.
> ------------------------------
>
> *From:* Michael Horwitz [mailto:[EMAIL PROTECTED]
> *Sent:* Monday, January 07, 2008 9:36 AM
> *To:* [email protected]
> *Subject:* Re: [appfuse-user] session question
>
>
>
>
>
> On 1/7/08, [EMAIL PROTECTED] <[EMAIL PROTECTED] >
> wrote:
>
> I'm having some session problem or so I think. I'll explain:
>
>
>
> I have 4 users (listed in order of privileges from highest to lowest) ---
> admin, support, ToolAdmin, ToolUser.
>
>
>
> I log in as admin, support and go to pages that only they have access to
> and it works fine. Then I log in as a ToolUser who has the least privileges
> (and does not have access to those pages) and the tool just shows me the
> AccessDenied page. Looks like some kind of session problem to me.
>
>
>
> Is this not the expected behaviour? How are you expecting the application
> to behave when logged in as ToolUser and an attempt is made to access an
> illegal page?
>
>
>
> Mike
>
>
>
>
>
> Please, if anyone could give me some real basic explanation and possibly
> some hints on how to solve this, I'd be really grateful.
>
>
>
> NOTE: All my POJO's do implement 'java.io.Serializable'. (Appfuse v.
> 1.9.4with Struts framework)
>
>
>
> Thanks in advance for any help.
>
> Vanessa Pacheco
> Programmer
> Bowman Systems L.L.C
> 318.213.8780x307
>
>
>
> ======================================
>
> IMPORTANT WARNING: This message is intended for the use of the person or
> entity to which it is addressed and may contain information that is
> privileged and confidential, the disclosure of which is governed by
> applicable law. If the reader of this message is not the intended recipient,
> or the employee or agent responsible to deliver it to the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this information is strictly prohibited. If you have received
> this message in error, please notify the sender immediately and arrange for
> the return or destruction of these documents.
>
>
>
>
>
