Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Security interceptors with a custom service
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Security interceptors with a custom service
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2008 10:05 AM
Hi everybody,
I'm defining a new service to manage document lifecycle. Everything is working perfectly until I want to manage security on the methods of my custom service class.
I defined :
- a custom aspect : adding some custom properties to a node
- a lifecycle service : managing the custom properties of the node
- an action executer : adding the new aspect to a node and initializing the properties
- a ressource bundle : displaying custom messages
Here is my configuration context file :
I also defined a custom action to add the custom aspect to a node. This custom action is displaying a list of available lifecycles. I used the add-features.jsp as a base for my add-lifecycle.jsp.
In my custom config, when there is no section about LifeCycleService_security, everything is working fine. But if I had this section, the OK button on the JSP is not working anymore. The following error is displayed :
javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.isGuest == false && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean
I don't understand why there is a relation between the security interceptors and the NavigationBean. Someone can help me ?
Thanks
I'm defining a new service to manage document lifecycle. Everything is working perfectly until I want to manage security on the methods of my custom service class.
I defined :
- a custom aspect : adding some custom properties to a node
- a lifecycle service : managing the custom properties of the node
- an action executer : adding the new aspect to a node and initializing the properties
- a ressource bundle : displaying custom messages
Here is my configuration context file :
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="extension.dictionaryBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap">
<property name="models">
<list>
<value>alfresco/extension/lifecycle-model.xml</value>
</list>
</property>
</bean>
<bean id="lifeCycleService" class="org.alfresco.sample.LifeCycle.LifeCycleServiceImpl">
<property name="nodeService">
<ref bean="nodeService" />
</property>
</bean>
<bean id="LifeCycleService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<list>
<value>org.alfresco.sample.LifeCycle.LifeCycleService</value>
</list>
</property>
<property name="target">
<ref bean="lifeCycleService"/>
</property>
<property name="interceptorNames">
<list>
<idref local="LifeCycleService_transaction"/>
<idref local="LifeCycleService_security"/>
</list>
</property>
</bean>
<bean id="LifeCycleService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManager">
<ref bean="transactionManager"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="get*">${server.transaction.mode.readOnly}</prop>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="LifeCycleService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.alfresco.sample.LifeCycle.LifeCycleService.nextState=ACL_NODE.0.sys:base.WriteProperties
org.alfresco.sample.LifeCycle.LifeCycleService.previousState=ACL_NODE.0.sys:base.WriteProperties
org.alfresco.sample.LifeCycle.LifeCycleService.exception=ACL_NODE.0.sys:base.WriteProperties
org.alfresco.sample.LifeCycle.LifeCycleService.init=ACL_NODE.0.sys:base.WriteProperties
</value>
</property>
</bean>
<bean id="addlifecycle" class="org.alfresco.sample.LifeCycle.LifeCycleActionExecuter" parent="action-executer">
<property name="lifeCycleService">
<ref bean="lifeCycleService" />
</property>
</bean>
<bean id="lifecycle-msg" class="org.alfresco.i18n.ResourceBundleBootstrapComponent">
<property name="resourceBundles">
<list>
<value>org.alfresco.sample.LifeCycle.lifecycle-msg</value>
</list>
</property>
</bean>
</beans>
I also defined a custom action to add the custom aspect to a node. This custom action is displaying a list of available lifecycles. I used the add-features.jsp as a base for my add-lifecycle.jsp.
In my custom config, when there is no section about LifeCycleService_security, everything is working fine. But if I had this section, the OK button on the JSP is not working anymore. The following error is displayed :
javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.isGuest == false && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean
I don't understand why there is a relation between the security interceptors and the NavigationBean. Someone can help me ?
Thanks
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-27-2008 11:59 AM
I found the solution
To avoid this problem, it's mandatory to define security on each method. Use ACL_ALLOW for the methods with no security requirements.
I still don't understand why the NavigationBean is linked to security interceptors but at least my code works fine.
To avoid this problem, it's mandatory to define security on each method. Use ACL_ALLOW for the methods with no security requirements.
I still don't understand why the NavigationBean is linked to security interceptors but at least my code works fine.
Related Content
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- Elasticsearch Frequently Asked Question in Alfresco Blog
- Alfresco Dockerfiles Bakery: Streamlining Container Builds for Alfresco Products in Alfresco Blog
- this.commandExecutor is null when calling process instance api in Alfresco Forum
- JavaScript Console Not Working - Alfresco 7.2.1 in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
