RoleVoter issues
Hi, it's been a while since I've setup a spring sec project. I'm trying to get this running. I'm not going to use a traditional approach here. The idea is to secure REST endpoints with tokens, no sessions, usernamepasswords or remember_me's here.
Everything seems to be fine, I'm using method annotations. And all the filters seems to be kicking at the right time:
Code:@PreAuthorize("hasRole('ROLE_USER')") public Tag find(String value);But, the role voter and authenticatedvoter are always returning 0. I've debugged them, but I believe that due some proxying I'm not getting the right lines, but I can tell this:Code:<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd"> <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/**" filters="securityContextPersistenceFilter, tokenAuthenticationFilter, hmacFilter, anonymousAuthenticationFilter, filterSecurityInterceptor" /> </security:filter-chain-map> </bean> <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" /> <bean id="tokenAuthenticationFilter" class="com.furiousbob.security.TokenAuthenticationFilter"> <property name="provider" ref="tokenAuthenticationProvider"></property> </bean> <bean id="hmacFilter" class="com.furiousbob.security.HMACFilter"></bean> <bean id="anonymousAuthenticationFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter"> <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" /> <property name="key" value="BF93JFJ091N00Q7HF" /> </bean> <security:global-method-security pre-post-annotations="enabled" access-decision-manager-ref="affirmativeBased"> </security:global-method-security> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="customAuthenticationManager"></property> <property name="accessDecisionManager" ref="affirmativeBased"></property> <property name="securityMetadataSource"> <security:filter-security-metadata-source> <security:intercept-url pattern="/services/*"/> </security:filter-security-metadata-source> </property> </bean> <bean id="tokenAuthenticationProvider" class="com.furiousbob.security.TokenAuthenticationProvider"> <constructor-arg index="0" ref="tokenRepository"></constructor-arg> </bean> <bean id="tokenRepository" class="com.furiousbob.security.ESTokenRepository"></bean> <!-- support beans --> <bean class="org.springframework.security.access.vote.AffirmativeBased" id="affirmativeBased"> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> <ref bean="authenticatedVoter" /> </list> </property> </bean> <bean class="org.springframework.security.access.vote.RoleVoter" id="roleVoter" /> <bean class="org.springframework.security.access.vote.AuthenticatedVoter" id="authenticatedVoter" /> <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider"> <constructor-arg index="0" value="BF93JFJ091N00Q7HF"></constructor-arg> </bean> <bean id="customAuthenticationManager" class="org.springframework.security.authentication.ProviderManager"> <constructor-arg index="0"> <list> <ref local="anonymousAuthenticationProvider" /> <ref local="tokenAuthenticationProvider" /> </list> </constructor-arg> </bean> </beans>
At execution time, the authorites value is [ROLE_STREAMING, ROLE_USER] the attribute: [authorize: 'hasRole('ROLE_USER')', filter: 'null', filterTarget: 'null'] type: PreInvocationTypeAttribute, but for some reason this.supports(attribute) is returning false, even with the method being:Code:public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { int result = ACCESS_ABSTAIN; Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { result = ACCESS_DENIED; // Attempt to find a matching granted authority for (GrantedAuthority authority : authorities) { if (attribute.getAttribute().equals(authority.getAuthority())) { return ACCESS_GRANTED; } } } } return result; }
Does anyone has any idea why this voter is not voting 1 for the given authorization?Code:public boolean supports(Class<?> clazz) { return true; }
Regards
Reply With Quote
