aspose file tools*
The moose likes Spring and the fly likes global-method-security in spring roo and @ PreAuthorized Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "global-method-security in spring roo and @ PreAuthorized" Watch "global-method-security in spring roo and @ PreAuthorized" New topic
Author

global-method-security in spring roo and @ PreAuthorized

Luis Parente
Ranch Hand

Joined: Jan 17, 2012
Posts: 39
Hi all,


After read some documentation, I have put <global-method-security> tag in the webmvc-config.xml, but I think is better in applicationContext.xml, no?

I have an amazing side effect if I put the @ PreAuthorized in a method of my controller (createFrom), while the css disappears.

If you have ever had this problem thank you kindly tell me how to solve.

(sorry for my bad English)

Thanks!

Luis Parente
Ranch Hand

Joined: Jan 17, 2012
Posts: 39
OK

I forgot

But now I do handle the exception:




thanks
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1680
    
    7

Luis Parente wrote:
After read some documentation, I have put <global-method-security> tag in the webmvc-config.xml, but I think is better in applicationContext.xml, no?


Yes, typically but if you are going to annotate your controllers, you have to either do that or the only other option is to move the below to your application context.



This would in essence scope your controllers to your root context.

In any event where is that exception being thrown? What is the complete stack trace? Do you have an access-denied-page configured?

If you need more granular control you can have a look at Exception Translation Filter


[How To Ask Questions][Read before you PM me]
Luis Parente
Ranch Hand

Joined: Jan 17, 2012
Posts: 39
Hi thanks one again more


well, at the moment I have the following:


In webmvc_config.xml






In applicationContext-security.xml






In AccessDeniedHandlerApp.java



and in AccessDeniedController.java




and views.xml I have added



Its 'do anything... and the

throws the exeption: this is the full stack trace:





thanks.







Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1680
    
    7

A full stack trace would typically start out with something like

org.springframework.security.access.AccessDeniedException: Access is denied

I assume it is an access denied exception. If you are not seeing that make sure your log is not getting truncated. If you are using STS right click in the console and go to preferences, there unclick the limit console output checkbox.


Have you tried setting a break point in your handle(...) method? You should be hitting it.

One possibility if you are hitting that breakpoint is that you have forgotten to set intercept URL's for your /securityAccessDenied. This would cause another exception to get thrown.





Luis Parente
Ranch Hand

Joined: Jan 17, 2012
Posts: 39
Hi,


It's doesn't work for me.....

I have read this explanation:

http://www.binrand.com/post/2742783-bean-access-prevent-method-call-without-exception-using-preauthorize.html, but I think is a little complicated.

Thanks in advance.
 
Consider Paul's rocket mass heater.
 
subject: global-method-security in spring roo and @ PreAuthorized