|

»

»

»

»

Appfuse Access denied error

View: New views

4 Messages — Rating Filter: Alert me

	Appfuse Access denied error by ChrisSleeman :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi all, Am quite new to appfuse and still trying to understand the various layers. While testing the default struts2 maven archetype I faced a peculiar problem - if i access an admin protected page like - http://localhost:9090/admin/editUser.html?id=1 - i get a nested access denied error page. I understand that the actual url should be http://localhost:9090/editUser.html?id=1, but was just curious to know what caused an access denied page to be nested inside another one, if i try using the wrong url Regards, Chris
	Re: Appfuse Access denied error by alibehzadian :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Chris, "editUser" action is inside admin package (struts.xml). All actions in this package have "admin" prefix. So the exact url of "editUser" action is "http://your.domain.com/admin/editUser.html?...". All actions are -by default- secure. So you can not access any action without logging into application. If you want to have a public action (an action that guest users can access), you should go to security.xml file and add your action there and make it available to ROLE_ANONYMOUS as below: ... <intercept-url pattern="/index.html" access="ROLE_ANONYMOUS*,ROLE_ADMIN,ROLE_USER"/> ... Ali Behzadian Nejad.
	Re: Appfuse Access denied error by ChrisSleeman :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I am sorry - i was not quite clear with my query.... I understand that the editUser action is secured and only an admin user can access it. The edit user action is btw, in the default package and not admin package, but has an admin-check interceptor. So i need to access it with http://your.domain.com/editUser.html, using an admin user. However, even if i use http://your.domain.com/admin/editUser.html, with the admin namespace, I am able to access it, although i was expecting a "page not found error". Why is this happening? Also, if a non-admin user tries to access http://your.domain.com/admin/editUser.html, with the admin namespace, I get a strange acces denied error embedded inside another access denied error (Have attached an image). Also wondering why is that happening. I understand its not a major issue, but was just curious to understand the cause for this behaviour. Thanks, Chris alibehzadian wrote: Hi Chris, "editUser" action is inside admin package (struts.xml). All actions in this package have "admin" prefix. So the exact url of "editUser" action is "http://your.domain.com/admin/editUser.html?...". All actions are -by default- secure. So you can not access any action without logging into application. If you want to have a public action (an action that guest users can access), you should go to security.xml file and add your action there and make it available to ROLE_ANONYMOUS as below: ... <intercept-url pattern="/index.html" access="ROLE_ANONYMOUS*,ROLE_ADMIN,ROLE_USER"/> ... Ali Behzadian Nejad.
	Re: Appfuse Access denied error by ChrisSleeman :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message oops..i forgot to add the error attachment - appfuse-access-denied-error.rar Also a minor correction, the strange nested access denied error comes only when i access a url like http://<domain>/admin/editUser.html?id=-2, i.e. an editUser action, with query parameters, using a non-admin user and wrongly adding an admin namespace..!! I am sorry - i was not quite clear with my query.... I understand that the editUser action is secured and only an admin user can access it. The edit user action is btw, in the default package and not admin package, but has an admin-check interceptor. So i need to access it with http://your.domain.com/editUser.html, using an admin user. However, even if i use http://your.domain.com/admin/editUser.html, with the admin namespace, I am able to access it, although i was expecting a "page not found error". Why is this happening? Also, if a non-admin user tries to access http://your.domain.com/admin/editUser.html, with the admin namespace, I get a strange acces denied error embedded inside another access denied error (Have attached an image). Also wondering why is that happening. I understand its not a major issue, but was just curious to understand the cause for this behaviour. Thanks, Chris alibehzadian wrote: Hi Chris, "editUser" action is inside admin package (struts.xml). All actions in this package have "admin" prefix. So the exact url of "editUser" action is "http://your.domain.com/admin/editUser.html?...". All actions are -by default- secure. So you can not access any action without logging into application. If you want to have a public action (an action that guest users can access), you should go to security.xml file and add your action there and make it available to ROLE_ANONYMOUS as below: ... <intercept-url pattern="/index.html" access="ROLE_ANONYMOUS*,ROLE_ADMIN,ROLE_USER"/> ... Ali Behzadian Nejad.

LightInTheBox - Buy quality products at wholesale price