AnsweredAssumed Answered

Security interceptors with a custom service

Question asked by acis on Mar 14, 2008
Latest reply on Mar 27, 2008 by acis
Hi everybody,

I'm defining a new service to manage document lifecycle. Everything is working perfectly until I want to manage security on the methods of my custom service class.

I defined :
- a custom aspect : adding some custom properties to a node
- a lifecycle service : managing the custom properties of the node
- an action executer : adding the new aspect to a node and initializing the properties
- a ressource bundle : displaying custom messages

Here is my configuration context file :


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
    <bean id="extension.dictionaryBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap">
        <property name="models">
            <list>
                <value>alfresco/extension/lifecycle-model.xml</value>
            </list>
        </property>
    </bean>
   
    <bean id="lifeCycleService" class="org.alfresco.sample.LifeCycle.LifeCycleServiceImpl">
       <property name="nodeService">
            <ref bean="nodeService" />
       </property>
    </bean>
   
    <bean id="LifeCycleService" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="proxyInterfaces">
            <list>
                <value>org.alfresco.sample.LifeCycle.LifeCycleService</value>
            </list>
        </property>
        <property name="target">
            <ref bean="lifeCycleService"/>
        </property>
         <property name="interceptorNames">
            <list>
            <idref local="LifeCycleService_transaction"/>
            <idref local="LifeCycleService_security"/>
            </list>
        </property>
    </bean>
   
    <bean id="LifeCycleService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
        <property name="transactionManager">
            <ref bean="transactionManager"/>
        </property>
        <property name="transactionAttributes">
            <props>
                <prop key="get*">${server.transaction.mode.readOnly}</prop>
                <prop key="*">${server.transaction.mode.default}</prop>
            </props>
        </property>
    </bean>
   
    <bean id="LifeCycleService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
        <property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
        <property name="objectDefinitionSource">
            <value>
               org.alfresco.sample.LifeCycle.LifeCycleService.nextState=ACL_NODE.0.sys:base.WriteProperties
               org.alfresco.sample.LifeCycle.LifeCycleService.previousState=ACL_NODE.0.sys:base.WriteProperties
               org.alfresco.sample.LifeCycle.LifeCycleService.exception=ACL_NODE.0.sys:base.WriteProperties
               org.alfresco.sample.LifeCycle.LifeCycleService.init=ACL_NODE.0.sys:base.WriteProperties
            </value>
        </property>
    </bean>
   
    <bean id="addlifecycle" class="org.alfresco.sample.LifeCycle.LifeCycleActionExecuter" parent="action-executer">
      <property name="lifeCycleService">
         <ref bean="lifeCycleService" />
      </property>
   </bean>
  
   <bean id="lifecycle-msg" class="org.alfresco.i18n.ResourceBundleBootstrapComponent">
      <property name="resourceBundles">
         <list>
            <value>org.alfresco.sample.LifeCycle.lifecycle-msg</value>
         </list>
      </property>
   </bean>
         
</beans>

I also defined a custom action to add the custom aspect to a node. This custom action is displaying a list of available lifecycles. I used the add-features.jsp as a base for my add-lifecycle.jsp.

In my custom config, when there is no section about LifeCycleService_security, everything is working fine. But if I had this section, the OK button on the JSP is not working anymore. The following error is displayed :

javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.isGuest == false && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean


I don't understand why there is a relation between the security interceptors and the NavigationBean. Someone can help me ?

Thanks

Outcomes