TransactionProxyFactoryBean postInterceptors are not called
I'm integrating Acegi Spring Security into an existing web application (which I didn't wrote).
Up to the moment I implemented everything concerned with authentication and I try to secure methods invocations.
I added a postInterceptor to my TransactionProxyFactoryBean (everything according to ACEGI reference manual).
When I start my application, spring configuration files are loaded, singletons are pre-instantiated, filter invocations are configured, then secure methods are added, connections to databeses (using hibernate) are established and then DispatcherServlet initializes my servlet.
I have the following configuration:
In first versions of the above there was no 'depends-on', 'proxyInterfaces', and 'proxyTargetClass' - of course it did not worked. And, of course, I added the postInterceptors...Code:<bean id="lossBO" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean" depends-on="myMethodSecurityInterceptor"> <property name="transactionManager" ref="transactionManager"/> <property name="target"><ref local="lossBOImpl" /></property> <property name="transactionAttributes"> <props> <prop key="*">PROPAGATION_REQUIRED</prop> </props> </property> <property name="proxyInterfaces"><value>my.package.bo.LossBO</value></property> <property name="postInterceptors" ref="myMethodSecurityInterceptor"/> <property name="proxyTargetClass" value="true"/> </bean>
Below applicationContext-acegi-security.xml file:
Code:<bean id="myMethodSecurityInterceptor" singleton="true" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"> <ref bean="myAuthenticationManager"/> </property> <property name="accessDecisionManager"> <bean class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> </property> <property name="objectDefinitionSource"> <value> my.package.MyClassOne.*=ROLE_DUPA,IS_AUTHENTICATED_REMEMBERED my.package.MyClassTwo.*=ROLE_DUPA,IS_AUTHENTICATED_REMEMBERED <!-- and so on... --> </value> </property> </bean>
I tried many different cofigurations, but nothing seems to work.
When I start my app on Tomcat, and go to the page, then after authentication I can freely call all "secured" methods. Everything looks like no postInterceptor was configured.
I even tried to modify Petclinic application, to use my authentication and my authorisation mechanism and everything worked fine there, i.e. methods were secured (and I only added postInterceptors property to TransactionProxy).
I also googled for this kind of problem, but none of the provided solutions worked.
Below code from web.xml (maybe it would be helpful).
Code:<servlet> <servlet-name>recognition</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>2</load-on-startup> </servlet> <servlet-mapping> <servlet-name>recognition</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/conf/cbs-config.xml, /WEB-INF/recognition-service.xml, /WEB-INF/conf/modules-config.xml, /WEB-INF/conf/application-config.xml, classpath:/my/bc/ogz/conf/ogz-objects.xml, classpath:/my/slowniki/conf/slowniki-objects.xml, classpath:/my/bc/zpr/conf/zpr-objects.xml, classpath:/my/bc/zgp/conf/zgp-objects.xml, classpath:/my/bc/ogz/conf/swieta-objects.xml, classpath:/my/bc/ssw/conf/ssw-objects.xml, classpath:/my/bc/wwl/conf/wwl-objects.xml, classpath:/my/core/conf/core-objects.xml, classpath:/my/core/conf/cache-objects.xml, classpath:/my/bc/eps/conf/eps-objects.xml, classpath:/my/core/conf/oscache-objects.xml, classpath:/my/bc/prm/conf/prm-objects.xml, classpath:/my/bc/zgl/conf/zgl-objects.xml, classpath:/my/bc/kon/conf/kon-objects.xml, classpath:/my/bc/szk/conf/szk-objects.xml, classpath:/my/selektor/conf/selektor-objects.xml, classpath:/my/bc/gpr/conf/gpr-objects.xml, classpath:/my/bc/ogz/conf/wnio-objects.xml, classpath:/my/bc/eko/conf/eko-objects.xml, /WEB-INF/conf/rep-objects.xml, /WEB-INF/conf/test/mycache-config.xml, /WEB-INF/conf/cbs-objects.xml, /WEB-INF/conf/application-ds.xml, /WEB-INF/conf/app-menus-dist.xml, /WEB-INF/conf/common-objects.xml, /WEB-INF/conf/loss-recognition-objects.xml, classpath:/my/cc/pdm/conf/pdm-objects.xml, classpath:/my/cc/adr/conf/adr-objects.xml, classpath:/my/cc/mim/conf/mim-objects.xml, classpath:/my/cc/poj/conf/poj-objects.xml, classpath:/my/bc/lmz/conf/lmz-objects.xml, classpath:/my/cc/lmz/conf/lmz-objects.xml, classpath:/my/cc/pol/conf/pol-objects.xml, classpath:/my/cc/war/conf/war-objects.xml, classpath:applicationContext-acegi-security.xml </param-value> </context-param> <filter> <filter-name>Acegi</filter-name> <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>org.acegisecurity.util.FilterChainProxy</param-value> </init-param> </filter> <filter> <filter-name>filters.SetCharacterEncodingFilter</filter-name> <filter-class>filters.SetCharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>contentType</param-name> <param-value>text/html;charset=utf-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>Acegi</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>filters.SetCharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
As you can see there are a lot of config files in this application. All files defined in contextConfigLocation are spring config files.
Would be grateful for any help.
Reply With Quote
Originally Posted by dwaszak
