Results 1 to 4 of 4

Thread: Configuring AOP MethodSecurityInterceptor

  1. May 14th, 2008, 03:28 AM #1
    justinw
    justinw is offline Junior Member
    Join Date
    May 2008
    Location
    Cape Town
    Posts
    2

    Default Configuring AOP MethodSecurityInterceptor

    Hi,

    I'd like to configure an AOP Alliance (MethodInvocation) Security Interceptor as per section 22.1 of the reference guide.

    (I realise that I can use the global-method-security element, but I need to customise the interception at a later stage.)

    Code:
    <bean id="objectDefinitionSource"
class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
   <property name="attributes"><ref local="attributes"/></property>
</bean>

<bean id="bankManagerSecurity"
class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
   <property name="validateConfigAttributes"><value>false</value></property>
   <property name="authenticationManager"><ref bean="authenticationManager"/></property>
   <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
   <property name="runAsManager"><ref bean="runAsManager"/></property>
   <property name="objectDefinitionSource"><ref bean="objectDefinitionSource"/></property>
</bean>
    When I run this, I get:
    Code:
    org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.annotation.Securit
yAnnotationAttributes] for bean with name 'attributes' defined in ServletContext resource [/WEB-INF/applicationContext-security.xm
l]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.annotation.SecurityAnnotationAttributes
Caused by:
java.lang.ClassNotFoundException: org.springframework.security.annotation.SecurityAnnotationAttributes
    The class org.springframework.security.annotation.SecurityAn notationAttributes seems to have been removed from the codebase and the documentation has not been updated. There is an unresolved JIRA issue for this (http://jira.springframework.org/browse/SEC-800).

    Could someone please show me the correct way to configure a MethodSecurityInterceptor?

    Thanks,
    Justin
  2. May 14th, 2008, 08:55 AM #2
    andrei.tudose
    andrei.tudose is offline Junior Member
    Join Date
    Nov 2007
    Posts
    25

    Default

    If you want to use Java 5 annotations...

    Code:
    <bean id="objectDefinitionSource" class="org.springframework.security.annotation.SecuredMethodDefinitionSource" />

<bean id="bankManagerSecurity"
class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
   <property name="validateConfigAttributes"><value>false</value></property>
   <property name="authenticationManager"><ref bean="authenticationManager"/></property>
   <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
   <property name="runAsManager"><ref bean="runAsManager"/></property>
   <property name="objectDefinitionSource"><ref bean="objectDefinitionSource"/></property>
</bean>
  3. Jun 11th, 2008, 09:05 AM #3
    anthavio
    anthavio is offline Junior Member
    Join Date
    Mar 2007
    Posts
    23

    Default

    I was solving same puzzle, but after looking at GlobalMethodSecurityBeanDefinitionParser source, this is working result. Enjoy
    Code:
    <!--
	<security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />
-->


	<bean id="_delegatingMethodDefinitionSource" class="org.springframework.security.intercept.method.DelegatingMethodDefinitionSource">
		<property name="methodDefinitionSources">
			<list>
				<bean class="org.springframework.security.intercept.method.MapBasedMethodDefinitionSource" />
				<bean class="org.springframework.security.annotation.SecuredMethodDefinitionSource" />
				<bean class="org.springframework.security.annotation.Jsr250MethodDefinitionSource" />
			</list>
		</property>
	</bean>
	
	<bean id="_methodDefinitionSourceAdvisor" class="org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor">
		<constructor-arg value="_methodSecurityInterceptor" />
		<constructor-arg ref="_delegatingMethodDefinitionSource" />
	</bean>

	<bean id="_methodSecurityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
		<property name="validateConfigAttributes" value="false" />
		<property name="authenticationManager" ref="_authenticationManager"/>
		<property name="accessDecisionManager" ref="_accessManager"/>
		<property name="objectDefinitionSource" ref="_delegatingMethodDefinitionSource" />
	</bean>
	
	<bean id="_accessManager" class="org.springframework.security.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions" value="false"/>
		<property name="decisionVoters">
			<list>
				<bean class="org.springframework.security.vote.RoleVoter">
					<property name="rolePrefix" value=""/>
				</bean>
				<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
			</list>
		</property>
	</bean>
  4. Feb 12th, 2009, 09:56 PM #4
    freak182
    freak182 is offline Junior Member
    Join Date
    Feb 2009
    Posts
    21

    Default Weird error when implementing @Secured at Services

    Hello,
    I experience some strange error when using spring-security. the configuration i have is the same configuration from anthavio and works fine for only one Class. But when I added @Secured at other Class where i want to be secured it throws an error/exception:

    Error creating bean with name '_methodSecurityInterceptor' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'daoAuthenticationProvider' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Initialization of bean failed; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.doCreateBean(AbstractAu towireCapableBeanFactory.java:480)
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory$1.run(AbstractAutowireC apableBeanFactory.java:409)
    at java.security.AccessController.doPrivileged(Native Method)
    -----------------------------
    im my config file:

    <!-- configuration dao provider -->

    <bean id="daoAuthenticationProvider"
    class="org.springframework.security.providers.dao. DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userService" />
    </bean>

    <!-- Authentication Manager -->
    <bean id="authenticationManager"
    class="org.springframework.security.providers.Prov iderManager">
    <property name="providers">
    <list>
    <ref local="daoAuthenticationProvider" />
    </list>
    </property>
    </bean>
    ----------------------
    at org.codehaus.classworlds.Launcher.main(Launcher.ja va:375)
    Caused by: org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_methodSecurityInterceptor' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'daoAuthenticationProvider' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Initialization of bean failed; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.support.BeanDefi nitionValueResolver.resolveReference(BeanDefinitio nValueResolver.java:275)
    at org.springframework.beans.factory.support.BeanDefi nitionValueResolver.resolveValueIfNecessary(BeanDe finitionValueResolver.java:104)
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.applyPropertyValues(Abs tractAutowireCapableBeanFactory.java:1245)
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.populateBean(AbstractAu towireCapableBeanFactory.java:1010)
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.doCreateBean(AbstractAu towireCapableBeanFactory.java:472)
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory$1.run(AbstractAutowireC apableBeanFactory.java:409)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.springframework.beans.factory.support.Abstract AutowireCapableBeanF

    -----------------------------
    ...in my service impl layer i used:

    @Service("driverService")
    public class DriverServiceImpl extends ...

    private DriverDao driverDao;

    @Autowired
    public DriverServiceImpl(DriverDao driverDao)
    {
    this.driverDao = driverDao;
    }
    ---------------------

    Error creating bean with name '_methodSecurityInterceptor' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'daoAuthenticationProvider' defined in ServletContext resource [/WEB-INF/web-config/spring-security.xml]: Initialization of bean failed; nested exception is java.lang.NullPointerException:
    java.lang.NullPointerException
    at org.springframework.security.intercept.method.aopa lliance.MethodDefinitionSourceAdvisor$MethodDefini tionSourcePointcut.matches(MethodDefinitionSourceA dvisor.java:120)
    at org.springframework.aop.support.AopUtils.canApply( AopUtils.java:214)
    at org.springframework.aop.support.AopUtils.canApply( AopUtils.java:253)
    at org.springframework.aop.support.AopUtils.findAdvis orsThatCanApply(AopUtils.java:287)
    at org.springframework.aop.framework.autoproxy.Abstra ctAdvisorAutoProxyCreator.findAdvisorsThatCanApply (AbstractAdvisorAutoProxyCreator.java:113)
    at org.springframework.aop.framework.autoproxy.Abstra ctAdvisorAutoProxyCreator.findEligibleAdvisors(Abs tractAdvisorAutoPro

    When I apply the security to one Class it works perfectly.But when I added it to other another it throws error during startup.Does the spring-security can only be applied once? How can apply it to another class I want to be secured?

    Thanks a lot.
    Cheers.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules