AnsweredAssumed Answered

Service permission definition problem (ACEGI)

Question asked by clincks on Apr 22, 2007
Latest reply on Sep 17, 2007 by andy
Hi,

I have a question about the security definition.
Let me explain the context:

<permissionSet type="ci:parent" expose="selected">
<permissionGroup name="myPerm" expose="true" allowFullControl="false" />
</permissionSet>

<permissionSet type="ci:child1" expose="selected">
<permissionGroup name="Admin1" expose="true" allowFullControl="false" requiresType="true">
        <includePermissionGroup type="ci:parent" permissionGroup="myPerm"/>
      </permissionGroup>
</permissionGroup>
<permissionSet type="ci:child2" expose="selected">
<permissionGroup name="Admin2" expose="true" allowFullControl="false" requiresType="true">
        <includePermissionGroup type="ci:parent" permissionGroup="myPerm"/>
      </permissionGroup>
</permissionGroup>

ci:child1 & ci:child2 inherit from ci:parent (in the model)

I had an aspect "ci:child1" to a node.

Now, when I define my security on my service accessing this node:

<bean id="PersonService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
    <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
    <property name="objectDefinitionSource">
      <value>        my.company.MyService.getNodeInfo=ACL_NODE.1.ci:parent.myPerm
</value>
    </property>
  </bean>

When I try to access, I get an "BAD CREDENTIAL EXCEPTION".

–> The node I try to access has ci:child1 aspect (who inherit from ci:parent) but i looks like the ACEGI security doesn't know about the inheritance.

What is wrong in my approach???

Thanks a lot for help.

Stephane

Outcomes