File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Other Application Frameworks and the fly likes Can't use spring security authorize Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Other Application Frameworks
Bookmark "Can Watch "Can New topic
Author

Can't use spring security authorize

Ergin Er
Ranch Hand

Joined: Sep 06, 2005
Posts: 60
We've just impelmented spring security (with spring 2.5) in our web app where I'm struggling with some things.
I'm trying to do a redirect (from within a loginsuccess.jsp) according to the role of a user.
I've put the following in the jsp (this is from spring security tutorial) to test out:


Somehow I never pass this test even if the user has granted authority of ROLE_SOC

If I retrieve the sessionScope in this jsp, I can see the role:
{javax.servlet.jsp.jstl.fmt.request.charset=ISO-8859-1, SPRING_SECURITY_LAST_USERNAME=user@somemail.com, SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@a9a3fb41: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken@a9a3fb41: Principal: org.springframework.security.userdetails.User@0: Username: user@somemail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SOC; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1128102A01AC8D176926A91795BF2B7A; Granted Authorities: ROLE_SOC}

Am I missing something here?
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

What happens if you, just for testing purposes. Not have the loginsuccess.jsp page redirect. First try forwarding to see what happens. Then as the last test, just put a link on that loginsuccess.jsp page that sends you to the last page to see if the security works.

As far as using the tag library in your page, it is correct.

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

Just out of curiosity. That last page URL, is it in your intercept-url as being intercepted for security?

Mark
Ergin Er
Ranch Hand

Joined: Sep 06, 2005
Posts: 60
I think I've found the problem. It's indeed the intercept-url configuration that caused the problem.


Without any filtering there was no security activity inside the loginsuccess.jsp
After I added the access parameter for my roles:

I was able to use the security inside the screen. Thanks for your pointer ;-)
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

Cool beans. er Cool Spring Beans.

Mark
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Can't use spring security authorize