Security interceptors with a custom service
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2008 10:05 AM
Hi everybody,
I'm defining a new service to manage document lifecycle. Everything is working perfectly until I want to manage security on the methods of my custom service class.
I defined :
- a custom aspect : adding some custom properties to a node
- a lifecycle service : managing the custom properties of the node
- an action executer : adding the new aspect to a node and initializing the properties
- a ressource bundle : displaying custom messages
Here is my configuration context file :
I also defined a custom action to add the custom aspect to a node. This custom action is displaying a list of available lifecycles. I used the add-features.jsp as a base for my add-lifecycle.jsp.
In my custom config, when there is no section about LifeCycleService_security, everything is working fine. But if I had this section, the OK button on the JSP is not working anymore. The following error is displayed :
javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.isGuest == false && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean
I don't understand why there is a relation between the security interceptors and the NavigationBean. Someone can help me ?
Thanks
I'm defining a new service to manage document lifecycle. Everything is working perfectly until I want to manage security on the methods of my custom service class.
I defined :
- a custom aspect : adding some custom properties to a node
- a lifecycle service : managing the custom properties of the node
- an action executer : adding the new aspect to a node and initializing the properties
- a ressource bundle : displaying custom messages
Here is my configuration context file :
<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <beans> <bean id="extension.dictionaryBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap"> <property name="models"> <list> <value>alfresco/extension/lifecycle-model.xml</value> </list> </property> </bean> <bean id="lifeCycleService" class="org.alfresco.sample.LifeCycle.LifeCycleServiceImpl"> <property name="nodeService"> <ref bean="nodeService" /> </property> </bean> <bean id="LifeCycleService" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <list> <value>org.alfresco.sample.LifeCycle.LifeCycleService</value> </list> </property> <property name="target"> <ref bean="lifeCycleService"/> </property> <property name="interceptorNames"> <list> <idref local="LifeCycleService_transaction"/> <idref local="LifeCycleService_security"/> </list> </property> </bean> <bean id="LifeCycleService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor"> <property name="transactionManager"> <ref bean="transactionManager"/> </property> <property name="transactionAttributes"> <props> <prop key="get*">${server.transaction.mode.readOnly}</prop> <prop key="*">${server.transaction.mode.default}</prop> </props> </property> </bean> <bean id="LifeCycleService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property> <property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> org.alfresco.sample.LifeCycle.LifeCycleService.nextState=ACL_NODE.0.sys:base.WriteProperties org.alfresco.sample.LifeCycle.LifeCycleService.previousState=ACL_NODE.0.sys:base.WriteProperties org.alfresco.sample.LifeCycle.LifeCycleService.exception=ACL_NODE.0.sys:base.WriteProperties org.alfresco.sample.LifeCycle.LifeCycleService.init=ACL_NODE.0.sys:base.WriteProperties </value> </property> </bean> <bean id="addlifecycle" class="org.alfresco.sample.LifeCycle.LifeCycleActionExecuter" parent="action-executer"> <property name="lifeCycleService"> <ref bean="lifeCycleService" /> </property> </bean> <bean id="lifecycle-msg" class="org.alfresco.i18n.ResourceBundleBootstrapComponent"> <property name="resourceBundles"> <list> <value>org.alfresco.sample.LifeCycle.lifecycle-msg</value> </list> </property> </bean> </beans>I also defined a custom action to add the custom aspect to a node. This custom action is displaying a list of available lifecycles. I used the add-features.jsp as a base for my add-lifecycle.jsp.
In my custom config, when there is no section about LifeCycleService_security, everything is working fine. But if I had this section, the OK button on the JSP is not working anymore. The following error is displayed :
javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.isGuest == false && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean
I don't understand why there is a relation between the security interceptors and the NavigationBean. Someone can help me ?
Thanks
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-27-2008 11:59 AM
I found the solution
To avoid this problem, it's mandatory to define security on each method. Use ACL_ALLOW for the methods with no security requirements.
I still don't understand why the NavigationBean is linked to security interceptors but at least my code works fine.
To avoid this problem, it's mandatory to define security on each method. Use ACL_ALLOW for the methods with no security requirements.
I still don't understand why the NavigationBean is linked to security interceptors but at least my code works fine.
