T5: help needed with tapestry-acegi

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

T5: help needed with tapestry-acegi

Thiago H de Paula Figueiredo-3
Hi!

I'm using the wonderful tapestry5-acegi integration but I need some help.

I have an user that has a number of roles (GrantedAuthority instances),  
one of them named "Admin". When I annotate a page class with  
@Secured("Admin"), Acegi denies access to the page. I have just tried the  
same page, with the same annotation, now with an user with just one  
GrantedAuthority, "Admin". Now Acegi happily gives me access to the page.

Does that mean that each user must have exactly one role (aka  
GrantedAuthority) in order to use the @Secured annotation?

Thank you!

--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: T5: help needed with tapestry-acegi

Robin Helgelin
On 9/17/07, Thiago H de Paula Figueiredo <[hidden email]> wrote:
> I have an user that has a number of roles (GrantedAuthority instances),
> one of them named "Admin". When I annotate a page class with
> @Secured("Admin"), Acegi denies access to the page. I have just tried the
> same page, with the same annotation, now with an user with just one
> GrantedAuthority, "Admin". Now Acegi happily gives me access to the page.
>
> Does that mean that each user must have exactly one role (aka
> GrantedAuthority) in order to use the @Secured annotation?

No, you should be able to have an arbitrary length of roles. How does
your public GrantedAuthority[] getAuthorities() from your user
UserDetails look?

--
        regards,
        Robin

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: T5: help needed with tapestry-acegi

Thiago H de Paula Figueiredo
On Mon, 17 Sep 2007 16:35:13 -0300, Robin Helgelin <[hidden email]>  
wrote:

> No, you should be able to have an arbitrary length of roles. How does
> your public GrantedAuthority[] getAuthorities() from your user
> UserDetails look?

I can't post the code here (and it wouldn't help much, as it's written in  
Portuguese), but I have this architecture:

class User {
        private List<Groups> groups;
        ...
}

class Group {
        private List<Permission> permissions;
        ...
}

class Permission {
        private String name; // name of the role/authority
}

I created an UserDetails implementation which getGrantedAuthorities()  
method returns all the permissions of all the groups some user belongs to.  
I'm using the GrantedAuthorityImpl class that comes with Acegi.

--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: T5: help needed with tapestry-acegi

Thiago H de Paula Figueiredo
In reply to this post by Thiago H de Paula Figueiredo-3
On Mon, 17 Sep 2007 16:13:03 -0300, Thiago H de Paula Figueiredo  
<[hidden email]> wrote:

> I have an user that has a number of roles (GrantedAuthority instances),  
> one of them named "Admin".

After some hours trying to figure out what mistake I have been doing, I've  
found it! Using the default configuration, Acegi only takes into account  
roles prefixed with "ROLE_"!!! Acegi's Javadoc states that here:
http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/RoleVoter.html.  
Now everything works like a charm! It's amazingly simple to just add or  
change an annotation, reload the page and being allowed or denied to view  
the page! Kudos to Howard (for Tapestry 5) and Robin (tapestry5-acegi) for  
such amazing work and support!!! :)

Robin: what about having a warning in tapestry5-acegi docs about this  
error I've had?

--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: T5: help needed with tapestry-acegi

Robin Helgelin
On 9/17/07, Thiago H de Paula Figueiredo <[hidden email]> wrote:
> After some hours trying to figure out what mistake I have been doing, I've
> found it! Using the default configuration, Acegi only takes into account
> roles prefixed with "ROLE_"!!! Acegi's Javadoc states that here:
> http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/RoleVoter.html.

Great!

> Now everything works like a charm! It's amazingly simple to just add or
> change an annotation, reload the page and being allowed or denied to view
> the page! Kudos to Howard (for Tapestry 5) and Robin (tapestry5-acegi) for
> such amazing work and support!!! :)

Thanks, and I also thank Ivan that wrote most of the initial code.

> Robin: what about having a warning in tapestry5-acegi docs about this
> error I've had?

Yeah, that might be a good idea, I'll take a mental note about it :)

--
        regards,
        Robin

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]