Hello,
Im using Tapestry Spring Security 2.1.0 and I try to add a custom voter to
allow an user to edit only himself.
So on my UserManager I will add an @Secured(HIMSELF) on the save(User
user) method.
I found a code working with acegi security doing this, the problem is when
I add a new Voter, it isnt taken in account
Heres what I added to my SecurityModule :
public final void contributeAccessDecisionManager(
final OrderedConfiguration<AccessDecisionVoter> configuration) {
configuration.add("HimselfVoter", new
HimselfVoter(Authorities.HIMSELF));
}
When debugging, I see that my voter is properly added and when the
buildAccessDecisionManager(final List<AccessDecisionVoter> voters) {
}
method is called I can see that the voters param contains my HimselfVoter
instance.
But when trying to call my secured method, the HimselVoter isnt in the list
anymore (and then not called).
Still when debugging the method decide of AffirmativeBased class I see
that the list of voter it is iterating on contains 2 voters :
- a standard RoleVoter
- an AuthenticatedVoter
Normally there shouldnt be this AuthenticatedVoter but a HimselfVoter.
One last thing I noticed is that it looks like I have 2 instances of
AffirmativeBased because the debugger run twice in its initialization. Once
with the RoleVoter and AuthenticatedVoter as parameters (on server statup)
and once with a RoleVoter and an HimselfVoter (on the first call to my
secured method). Despit it seems that the wrong access decision manager is
intercepting the method call
So do I have to do to add one simple voter to my access decision manager ?
What am I missing ?
Thanks for any input.
Nicolas.
<http://www.market-ip.com/> www.market-ip.com
Nicolas Gillet
Market-IP
Chaussée de Marche, 774
BELGIUM - 5100 Naninne
<mailto:nicolas.gil...@market-ip.com> nicolas.gil...@market-ip.com
tel:
fax:
+32 81 33 11 11
+32 81 33 11 10
