Re: Appfuse Access denied error

by ChrisSleeman :: Rate this Message:

oops..i forgot to add the error attachment - appfuse-access-denied-error.rar

Also a minor correction, the strange nested access denied error comes only when i access a url like http://<domain>/admin/editUser.html?id=-2, i.e. an editUser action, with query parameters, using a non-admin user and wrongly adding an admin namespace..!!

I am sorry - i was not quite clear with my query....

I understand that the editUser action is secured and only an admin user can access it. The edit user action is btw, in the default package and not admin package, but has an admin-check interceptor. So i need to access it with http://your.domain.com/editUser.html, using an admin user. However, even if i use http://your.domain.com/admin/editUser.html, with the admin namespace, I am able to access it, although i was expecting a "page not found error". Why is this happening?

Also, if a non-admin user tries to access http://your.domain.com/admin/editUser.html, with the admin namespace, I get a strange acces denied error embedded inside another access denied error (Have attached an image). Also wondering why is that happening. I understand its not a major issue, but was just curious to understand the cause for this behaviour.

Thanks,
Chris

alibehzadian wrote:

Hi Chris,

"editUser" action is inside admin package (struts.xml). All actions in this package have "admin" prefix. So
the exact url of "editUser" action is "http://your.domain.com/admin/editUser.html?...".

All actions are -by default- secure. So you can not access any action without logging into application.
If you want to have a public action (an action that guest users can access), you should go to security.xml file and add your action there and make it available to ROLE_ANONYMOUS as below:

...
<intercept-url pattern="/index.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
...

Ali Behzadian Nejad.

« Return to Thread: Appfuse Access denied error

LightInTheBox - Buy quality products at wholesale price!