Results 1 to 4 of 4

Thread: Run-As configuration

  1. Jun 9th, 2010, 03:56 AM #1
    kai.moritz
    kai.moritz is offline Junior Member
    Join Date
    May 2009
    Posts
    12

    Default Run-As configuration

    Hi Folks!

    I'm migrating from 2.0.5 to 3.0.2.

    Encouraged by the documentation, I'm trying to switch my old beans-style configuration to the new namespace-approach.

    But I'm not able, to get the run-as part of the configuration back to work.
    I always get this error:
    Code:
    Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [RUN_AS_SMALLADS]
    Here is my new namespace-configuration:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

  <global-method-security run-as-manager-ref="runAsManager"/>

  <http use-expressions="false">
    <intercept-url pattern="/kleinanzeigen/**/merken/*.html" access="ROLE_USER,RUN_AS_SMALLADS" requires-channel="https"/>
    <form-login />
    <logout />
    <remember-me key="XX"/>
  </http>

  <beans:bean id="runAsManager" class="org.springframework.security.access.intercept.RunAsManagerImpl">
    <beans:property name="key" value="XX"/>
  </beans:bean>
  <beans:bean id="runAsAuthenticationProvider" class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
    <beans:property name="key" value="XX"/>
  </beans:bean>

  <authentication-manager alias="authenticationManager">
    <authentication-provider ref="daoAuthenticationProvider"/>
    <authentication-provider ref="runAsAuthenticationProvider"/>
  </authentication-manager>

</beans:beans>
    For clearity, I deleted all intercept-url rules except the one, which is causing the error.

    In the old bean-style configuration the notation:
    Code:
    /kleinanzeigen/**/merken/*.html*=ROLE_ADMIN,ROLE_USER,RUN_AS_SMALLADS
    did the same job.

    I found this thread, with a solution, but they don't have my problem, because they are only using the run-as manager at the method-level.

    The thread also points to the issue-entry SEC-1118, but I'm not sure, if that fix made it into 3.0.2, because I can't find the mentioned "run-as-manager-ref" in the XSD-file for Spring-Security 3.0.x

    I hope, someone can give me a hint on this problem, because I'm working on this problem for two days now and I'm totally lost!
  2. Jun 9th, 2010, 09:32 AM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    There isn't any RunAs support in the namespace.

    The RunAs functionality isn't used by many people and it's something I'd like to refactor and probably remove from the security interceptor hierarchy to make it more flexible.

    You can always modify the FilterSecurityInterceptor using a BeanPostProcessor and inject your RunAsManager in that. There's a FAQ entry on how to do stuff this kind of thing.
    Spring - by Pivotal
    twitter @tekul
  3. Jun 12th, 2010, 08:24 AM #3
    kai.moritz
    kai.moritz is offline Junior Member
    Join Date
    May 2009
    Posts
    12

    Default

    Thank you for that quick answer.

    I decided to switch back to bean-style configuration, because in my opinion, it is more convenient to have all configuration in one place, rather than have it scatterd across source-code (the BeanPreProcessor) and configuration.

    I would suggest to add notes in the documentation, that explicitly say, which parts could not be configured using the new namespace configuration approach. That would have saved me a lot of time, trying to convert my old configuration to the new namspace-style and than back to the old bean-style.

    I will post my resulting configuration as an example, because I wasn't able to find an example for the old bean-style configuration in the new documentation. (Or is it somewhere there or in the sample code and just not referenced from the core-documentation?)

    It would have saved me a lot of time, if I had a configuration examle that I could have boiled down to fit my needs
  4. Jun 12th, 2010, 08:30 AM #4
    kai.moritz
    kai.moritz is offline Junior Member
    Join Date
    May 2009
    Posts
    12

    Default

    Here is my configuration. Not perfect, but it works for me. I patched it up from my old configuration, the small bits in the HTML-documentation and your excellent Blog post: Behind the Spring Security Namespace.

    I didn't check the RememberMe-Feature yet. But the run-as stuff works

    Configuring the channelProccessingFilter by creating the SecurityConfig-instances by hand looks very awkward to me. But I didn't found another way to get it working!


    I would like to see comments and improvements!
    Attached Files Attached Files
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules