SpringSecurity 2.02 ,How to do url resource write in database

You are welcome :)

Quote:

---

Originally Posted by sousa1981

I would suggest to you look at spring documentation "org.springframework.security.vote.AffirmativeBase d" and "allowIfAllAbstainDecisions":

Code:

---

<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
                <property name="allowIfAllAbstainDecisions" value="false" />
                <property name="decisionVoters">
                        <list>
                                <bean class="org.springframework.security.vote.RoleVoter" >
                                        <property name="rolePrefix" value="" />       
                                </bean>
                                <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
                        </list>
                </property>
        </bean>

---

For example for procedure bellow work:

I did override the lookupAttributes() like this:
1) Check if the URL exists in my authorization tables
2) If the URL exists read the ROLES and populate the 'ConfigAttributeDefinition' object
3) If the URL does not exist then return NULL

I suggest to modify step 3 to be: If the URL does not exist then associate it with an ROLE without access, so it will be receive an AccessDenied message.

---

Hello, I have a strange trouble about this.

Code:

---

public class RoleVoterImp extends RoleVoter {

        public int vote(Authentication authentication, Object object,
                        ConfigAttributeDefinition config) {
                if(config.contains(new SecurityConfig("ROLE_NO_ACCESS"))){
                                return AccessDecisionVoter.ACCESS_DENIED;
                }
                return super.vote(authentication, object, config);
        }
}

---

Correctly, I can not display the url of the menu that are not in the db, but in practice I can get the url in my browser.
Example:
HomePage
<link>/admin/print.do</link> //invisible because i can't access

In my html homepage, I don't see the link /admin/print.do but if I put this url in the browser I do not obtain ACCESS DENIED !!

I do :

Code:

---

..
List roleNamesList = userManager.findRolessByUrl(trimmedUrl);
if(rolesNamesList == null){
configAttr.addConfigAttribute(new SecurityConfig("ROLE_NO_ACCESS"));
return configAttr
}
..

---

I resolved.
Passing from RC1 to final version:
ExceptionTranslationFilter no longer provides a sendAccessDenied() method. Use the new AccessDeniedHandler instead if custom handling is required.
http://www.acegisecurity.org/upgrade...e-090-100.html
Bye