A robust starter web application to ease Java webapp development.

Home | Tutorials | Demos | Issues
Software
 » 
Java Software
 » 
Java.net
 » 
AppFuse
 » 
AppFuse - User

security concern

View: New views
2 Messages — Rating Filter:   Alert me  

security concern

by Anshu Dhamija :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

Hi All,

            I am facing a security problem

I am accessing my application through url say .http:localhost:8080/userdata/1/xyz

I have specified

 

<bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">

        <property name="channelDecisionManager" ref="channelDecisionManager"/>

        <property name="filterInvocationDefinitionSource">

            <value>

                PATTERN_TYPE_APACHE_ANT

                /admin/**=REQUIRES_SECURE_CHANNEL

                /login*=REQUIRES_SECURE_CHANNEL

                /j_security_check*=REQUIRES_SECURE_CHANNEL

                /userdata=REQUIRES_SECURE_CHANNEL

 

 

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

        <property name="authenticationManager" ref="authenticationManager"/>

        <property name="accessDecisionManager" ref="accessDecisionManager"/>

        <property name="objectDefinitionSource">

            <value>

                PATTERN_TYPE_APACHE_ANT

                /admin/*=ROLE_ADMIN

                /userdata *=ROLE_ADMIN

 

In security.xml               

 

But now if I copy this same url to some other browser then ideally it should take me to login screen but it is not happening it takes me to the same screen

 

Please help.

 

Thanx n Regards

Anshu

 

Re: security concern

by Allan Ang :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Not too sure what you are trying to accomplish here.

If you just want your URL to be protected by a login page, you merely need to specify it in the "filterInvocationInterceptor" bean. You can leave it out from the "channelProcessingFilter".

Make sure that you enter the pattern properly.
 e.g
/userdata/*=ROLE_ADMIN

and not
/userdata *=ROLE_ADMIN

allan


Anshu Dhamija wrote:
Hi All,

            I am facing a security problem

I am accessing my application through url say
.http:localhost:8080/userdata/1/xyz

I have specified

 

<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">

        <property name="channelDecisionManager"
ref="channelDecisionManager"/>

        <property name="filterInvocationDefinitionSource">

            <value>

                PATTERN_TYPE_APACHE_ANT

                /admin/**=REQUIRES_SECURE_CHANNEL

                /login*=REQUIRES_SECURE_CHANNEL

                /j_security_check*=REQUIRES_SECURE_CHANNEL

                /userdata=REQUIRES_SECURE_CHANNEL

 

 

<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

        <property name="authenticationManager" ref="authenticationManager"/>

        <property name="accessDecisionManager" ref="accessDecisionManager"/>

        <property name="objectDefinitionSource">

            <value>

                PATTERN_TYPE_APACHE_ANT

                /admin/*=ROLE_ADMIN

                /userdata *=ROLE_ADMIN

 

In security.xml                

 

But now if I copy this same url to some other browser then ideally it should
take me to login screen but it is not happening it takes me to the same
screen

 

Please help.

 

Thanx n Regards

Anshu

 
Free Forum Powered by Nabble Forum Help