Nicolas,
Are you sure you want another AccessDecisionVoter?
This sounds more like you want instance-based security, available through
the spring-security-acl package. I can't help you much on code, because
what I have is using 2.0, with deprecated interfaces and classes, from my
evolution from Acegi. Specifically, my work involved custom implementations
of AclProvider. I do have an AclAuthorize component that I use in my
personal copy of tapestry-spring-security that could easily be adapted if
you wanted that.
Regards,
Jonathan
On Mon, May 10, 2010 at 8:28 AM, Nicolas Gillet - MARKET-IP <
nicolas.gil...@market-ip.com> wrote:
> Hello,
>
>
>
> I’m using Tapestry Spring Security 2.1.0 and I try to add a custom voter to
> allow an user to edit only himself.
>
> So on my UserManager I will add an @Secured(“HIMSELF”) on the save(User
> user) method.
>
> I found a code working with acegi security doing this, the problem is when
> I add a new Voter, it isn’t taken in account …
>
>
>
> Here’s what I added to my SecurityModule :
>
>
>
> public final void contributeAccessDecisionManager(
>
> final OrderedConfiguration<AccessDecisionVoter> configuration) {
>
> configuration.add("HimselfVoter", new
> HimselfVoter(Authorities.HIMSELF));
>
> }
>
>
>
> When debugging, I see that my voter is properly added and when the
>
>
>
> buildAccessDecisionManager(final List<AccessDecisionVoter> voters) { … }
>
>
>
> method is called I can see that the “voters” param contains my HimselfVoter
> instance.
>
> But when trying to call my secured method, the HimselVoter isn’t in the
> list
> anymore (and then not called).
>
>
>
> Still when debugging the method “decide” of AffirmativeBased class I see
> that the list of voter it is iterating on contains 2 voters :
>
> - a standard RoleVoter
>
> - an AuthenticatedVoter
>
>
>
> Normally there shouldn’t be this AuthenticatedVoter but a HimselfVoter.
>
>
>
> One last thing I noticed is that it looks like I have 2 instances of
> AffirmativeBased because the debugger run twice in its initialization. Once
> with the RoleVoter and AuthenticatedVoter as parameters (on server statup)
> and once with a RoleVoter and an HimselfVoter (on the first call to my
> secured method). Despit it seems that the wrong access decision manager is
> intercepting the method call …
>
>
>
> So do I have to do to add one simple voter to my access decision manager ?
> What am I missing ?
>
>
>
> Thanks for any input.
>
>
>
> Nicolas.
>
>
>
>
>
>
>
>
>
> <http://www.market-ip.com/> www.market-ip.com
>
>
>
>
>
> Nicolas Gillet
>
> Market-IP
> Chaussée de Marche, 774
> BELGIUM - 5100 Naninne
>
>
> <mailto:nicolas.gil...@market-ip.com> nicolas.gil...@market-ip.com
>
>
>
> tel:
> fax:
>
> +32 81 33 11 11
> +32 81 33 11 10
>
>
>
>
>
>
>
>
--
Jonathan Barker
ITStrategic
