You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Thiago H de Paula Figueiredo <th...@eteg.com.br> on 2007/09/17 21:13:03 UTC
T5: help needed with tapestry-acegi
Hi!
I'm using the wonderful tapestry5-acegi integration but I need some help.
I have an user that has a number of roles (GrantedAuthority instances),
one of them named "Admin". When I annotate a page class with
@Secured("Admin"), Acegi denies access to the page. I have just tried the
same page, with the same annotation, now with an user with just one
GrantedAuthority, "Admin". Now Acegi happily gives me access to the page.
Does that mean that each user must have exactly one role (aka
GrantedAuthority) in order to use the @Secured annotation?
Thank you!
--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: help needed with tapestry-acegi
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
On Mon, 17 Sep 2007 16:35:13 -0300, Robin Helgelin <lo...@gmail.com>
wrote:
> No, you should be able to have an arbitrary length of roles. How does
> your public GrantedAuthority[] getAuthorities() from your user
> UserDetails look?
I can't post the code here (and it wouldn't help much, as it's written in
Portuguese), but I have this architecture:
class User {
private List<Groups> groups;
...
}
class Group {
private List<Permission> permissions;
...
}
class Permission {
private String name; // name of the role/authority
}
I created an UserDetails implementation which getGrantedAuthorities()
method returns all the permissions of all the groups some user belongs to.
I'm using the GrantedAuthorityImpl class that comes with Acegi.
--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: help needed with tapestry-acegi
Posted by Robin Helgelin <lo...@gmail.com>.
On 9/17/07, Thiago H de Paula Figueiredo <th...@eteg.com.br> wrote:
> I have an user that has a number of roles (GrantedAuthority instances),
> one of them named "Admin". When I annotate a page class with
> @Secured("Admin"), Acegi denies access to the page. I have just tried the
> same page, with the same annotation, now with an user with just one
> GrantedAuthority, "Admin". Now Acegi happily gives me access to the page.
>
> Does that mean that each user must have exactly one role (aka
> GrantedAuthority) in order to use the @Secured annotation?
No, you should be able to have an arbitrary length of roles. How does
your public GrantedAuthority[] getAuthorities() from your user
UserDetails look?
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: help needed with tapestry-acegi
Posted by Robin Helgelin <lo...@gmail.com>.
On 9/17/07, Thiago H de Paula Figueiredo <th...@gmail.com> wrote:
> After some hours trying to figure out what mistake I have been doing, I've
> found it! Using the default configuration, Acegi only takes into account
> roles prefixed with "ROLE_"!!! Acegi's Javadoc states that here:
> http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/RoleVoter.html.
Great!
> Now everything works like a charm! It's amazingly simple to just add or
> change an annotation, reload the page and being allowed or denied to view
> the page! Kudos to Howard (for Tapestry 5) and Robin (tapestry5-acegi) for
> such amazing work and support!!! :)
Thanks, and I also thank Ivan that wrote most of the initial code.
> Robin: what about having a warning in tapestry5-acegi docs about this
> error I've had?
Yeah, that might be a good idea, I'll take a mental note about it :)
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: help needed with tapestry-acegi
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
On Mon, 17 Sep 2007 16:13:03 -0300, Thiago H de Paula Figueiredo
<th...@eteg.com.br> wrote:
> I have an user that has a number of roles (GrantedAuthority instances),
> one of them named "Admin".
After some hours trying to figure out what mistake I have been doing, I've
found it! Using the default configuration, Acegi only takes into account
roles prefixed with "ROLE_"!!! Acegi's Javadoc states that here:
http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/RoleVoter.html.
Now everything works like a charm! It's amazingly simple to just add or
change an annotation, reload the page and being allowed or denied to view
the page! Kudos to Howard (for Tapestry 5) and Robin (tapestry5-acegi) for
such amazing work and support!!! :)
Robin: what about having a warning in tapestry5-acegi docs about this
error I've had?
--
Thiago H. de Paula Figueiredo
Desenvolvedor, Instrutor e Consultor de Tecnologia
Eteg Tecnologia da Informação Ltda.
http://www.eteg.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org