Results 1 to 4 of 4

Thread: How to allow Method invocation when not yet authenticated?

  1. Feb 1st, 2005, 06:28 PM #1
    melinate
    melinate is offline Junior Member
    Join Date
    Jan 2005
    Posts
    13

    Default How to allow Method invocation when not yet authenticated?

    I have a UserManager class that I'm trying to enforce method invocation security on. So far it is working beautifully with only one exception... I can't have users create a new account any more [which limits the functionality somewhat ].

    The problem is two fold. The first issue I discovered was that if a user tried to run the signup action before the first user logged in, the SecureContext is not created, so the signup action throws an Exception with the error message "A valid SecureContext was not found in the RequestContext". This makes sense to me, and may be something that I just have to deal with.

    The second part of the problem is after the SecureContext has been created, when a user tries to singup, they get an Exception with this message:
    "Authentication credentials were not found in the SecureContext"

    I tried making an "AuthenticationVoter" that would grant access based on (authentication == null ^ isAuthenticationRequired()), but it seems to be returning the exception prior to my AccessDecisionVoter.

    Any suggestions about how I should approach this?

    Nathan
  2. Feb 4th, 2005, 03:19 AM #2
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    Would it be possible to simply remove the configuration attributes from your UserManager.createNewUser() method? Then it becomes a public method and anyone can call it who needs to.

    In the Contacts sample, ContactManager.getRandomContact() is a public method. See the applicationContext-common-authorization.xml file.
  3. Feb 4th, 2005, 11:23 AM #3
    melinate
    melinate is offline Junior Member
    Join Date
    Jan 2005
    Posts
    13

    Default

    Weird.. that sample is was what I used as a starting point for adding authorization to my app. I simplified it a bit by removing the ACL stuff, so everything is role based in mine, but other than that I don't remember changing much of anything.

    The very first thing I tried was to not include an entry in the objectDefinitionSource for saveNewUser(), but when that failed I tried to get more creative [and so far have walked down a few dead ends]. But if it should have worked by just not having a listing for that method in objectDefinitionSource, then there must be something more fundamentally wrong with my config.

    I have been tied up the past couple of days and have not had a chance to try more stuff. But I'll look again at that sample app and see why it works [and mine doesn't]

    Thanks Ben.

    [I hate this awkward newbie stage ]
  4. Feb 5th, 2005, 12:12 AM #4
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    We all have to start sometime - don't worry about it.. :-)
« Previous Thread | Next Thread »

Similar Threads

  1. Order of Bean definitions matters?
    By cfuser in forum Container
    Replies: 2
    Last Post: Oct 21st, 2005, 10:29 AM
  2. Spring container fails with no exception
    By naor in forum Container
    Replies: 9
    Last Post: Oct 1st, 2005, 03:39 PM
  3. EHCaching Hibernate
    By dencamel in forum Data
    Replies: 3
    Last Post: Sep 6th, 2005, 09:03 PM
  4. PerformanceMonitorInterceptor
    By tnist in forum AOP
    Replies: 3
    Last Post: Aug 24th, 2005, 01:39 PM
  5. Method call why not be intercepted by MethodSecurityIntercep
    By aaron8tang in forum Security
    Replies: 8
    Last Post: Dec 7th, 2004, 06:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules