not possible to secure implementation methods?

[nomeez]

Hi forum,

I' m trying to use acegi to protect method calls in my spring controllers (spring MVC).

I write a unit-test for it and it works fine, if I am declaring secured methods for an interface, but it's not working at all if I'm declaring security for the implementation class.

It looks like I'm getting null for configAttributeDefinition attr in the methodSecurityInterceptor (AbstractSecurityInterceptor):
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes( object);


How can I protect my controllers?

[gregturn]

If you are proxying an interface, I believe all Acegi will see via the proxy bean are the interface methods, and not the implementation's methods. If you are actually proxying (CGLIB, I think?) a concrete class, this may be possible. You can read more at http://static.springframework.org/sp...p.html#d0e4507.

The other option is to extract the methods you want to secure into the interface or possible subinterface, and then Acegi will secure that without batting an eyelash.