Results 1 to 2 of 2

Thread: With invalid privilege also user is able to login.

  1. Jun 1st, 2006, 04:40 AM #1
    Vinayak
    Vinayak is offline Junior Member
    Join Date
    Jun 2006
    Posts
    2

    Default With invalid privilege also user is able to login.

    Currently am integrating my application with Spring Security acegi framework.

    I need to authenticate the login page.
    So, Iam using the MethodSecurityInterceptor and setting the login method to objectDefinitionSource property.
    But actually, the user has ROLE_ADMIN privilege and to the objectDefinitionSource level I have given the authority as ROLE_USER, in this case the user is able to login.

    Since the user and method privileges are different, the user should not be allowed to login and an exception should be thorwn.

    Iam attaching my source code(Spring ApplicationContext.xml file)

    Can I know whether am doing any thing wrong over here.

    thanks in advance,
    Vinayak
    Attached Files Attached Files
  2. Jun 1st, 2006, 04:44 AM #2
    Vinayak
    Vinayak is offline Junior Member
    Join Date
    Jun 2006
    Posts
    2

    Default

    In addition to previous post.

    Just swap the privileges. i.e, User has ROLE_USER and method ROLE_ADMIN.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules