It's really strange that you are seeing the "default" access manager, as
well as one you are trying to define. Could you post your web.xml and
application.xml files?
On Tue, May 11, 2010 at 3:26 AM, Nicolas Gillet - MARKET-IP <
nicolas.gil...@market-ip.com> wrote:
> Hello,
>
> Thank you for your answer Jonathan.
>
> I have never tried the instance-based security so I don't know which
> solution would suit the best.
> BTW my investigation lead me to wonder if the way I enabled the security on
> method was right.
>
> I tried to use a new voter of mine to secure a page and this worked fine
> ...
>
> Then I remembered that I had to enable myself security on method. With a
> standard configuration of TSS I could not put an @Secure annotation
> anywhere
> else than on a method of a page or component.
> If I tried to put one on a method it did nothing at all. No error but no
> security either.
> So after loads of searches and trials I could have it working adding those
> 3
> line in the applicationContext.xml
>
> <security:authentication-manager alias="providerManager" />
> <security:authentication-provider user-service-ref="userDao" />
> <security:global-method-security secured-annotations="enabled" />
>
> So far I could add an @Secure("ROLE_...") annotation on any method of my
> application.
>
> Then came the problem of DWR that was specifically excluded from Tapestry
> context. Here again, I had to solve it adding one more filter in the
> web.xml
> with a reference to a bean in the applicationContext.xml :
>
> <bean id="dwrFilterChainProxy"
> class="org.springframework.security.util.FilterChainProxy">
> <property name="filterInvocationDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
> /**=httpSessionContextIntegrationFilter
> </value>
> </property>
> </bean>
>
> <bean id="httpSessionContextIntegrationFilter"
>
> class="org.springframework.security.context.HttpSessionContextIntegrationFil
> ter" />
>
> So now I can secure everything with @Secure("ROLE_...") in my application
> but I am not sure it his handled the right way ; especially because of the
> two instance do the AcessDecisionManager I saw and realized that the
> instance that was handling the security in the non-tapestry methods of my
> application looks like to be the one "dedicated to authentication" (the one
> containing a AuthenticatedVoter and a RoleVoter)
>
> I thought I found a solution using the "access-decision-manager-ref"
> property of the tag "security:global-method-security" used before but the
> reference to the AccessDecisionManager declared by TSS look unreachable.
> It is declared in the SecurityModule class like
>
> @Marker(SpringSecurityServices.class)
> public final AccessDecisionManager buildAccessDecisionManager {...}
>
> But when I write
>
> <security:global-method-security secured-annotations="enabled"
> access-decision-manager-ref="accessDecisionMnager" />
>
> I get a
> "NoSuchBeanDefinitionException :No bean named
> 'accessDecisionManager' is defined"
>
> This really starts annoy me :-( ...
>
> So has anyone ever secured a method out of a page/component (like in a
> class
> of a Service/Dao layer) with TSS and how ?
> Is there a way to configure the thing I had to put in XML in an appModule
> like the rest of TSS configuration ?
>
> Thanks for any input.
>
> Nicolas
>
> ----- original message -----
> > From : Jonathan Barker
> > To : Tapestry users
> > Objet : Re: TSS add custom voter
>
> > Nicolas,
>
> > Are you sure you want another AccessDecisionVoter?
>
> > This sounds more like you want instance-based security, available through
> > the spring-security-acl package. I can't help you much on code, because
> > what I have is using 2.0, with deprecated interfaces and classes, from my
> > evolution from Acegi. Specifically, my work involved custom
> implementations
> > of AclProvider. I do have an AclAuthorize component that I use in my
> > personal copy of tapestry-spring-security that could easily be adapted if
> > you wanted that.
>
> > Regards,
>
> > Jonathan
>
> Jonathan Barker
> ITStrategic
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Jonathan Barker
ITStrategic
