AnsweredAssumed Answered

Security interceptors

Question asked by tcaiati on Feb 12, 2008
Latest reply on Feb 13, 2008 by tcaiati
Hi,

I'm trying to use security interceptors with our services (like "public-services-security-context.xml" file).

I have :

1- add interceptor in file : "knowings-resource-services-context.xml" :

   <bean id="TaxonService"
      class="org.springframework.aop.framework.ProxyFactoryBean">
      <property name="proxyInterfaces">
         <list>
            <value>
               com.knowings.kmsj.repo.taxonomy.ITaxonService
            </value>
         </list>
      </property>
      <property name="target">
         <ref bean="taxonService" />
      </property>
      <property name="interceptorNames">
         <list>
            <idref local="ITaxonService_transaction" />
            <idref bean="AuditMethodInterceptor" />
            <idref bean="exceptionTranslator"/> 
            <idref bean="ITaxonService_security"/>
         </list>
      </property>
   </bean>

2- add in file "knowings-resource-services-security-context.xml" :

    <bean id="ITaxonService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor" >
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
        <property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
        <property name="objectDefinitionSource">
            <value>
               com.knowings.kmsj.repo.taxonomy.ITaxonService.getAvailableTaxons=ACL_ALLOW
               com.knowings.kmsj.repo.taxonomy.ITaxonService.getTemporaryTaxons=ACL_ALLOW
           </value>
        </property>
    </bean>
  


Here the problem :

This service calls an other custom service (no problem), and this last service call NodeService (with big N)
And, I have this error :

exception : net.sf.acegisecurity.BadCredentialsException: Bad credentials presented
Bad credentials presented
net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider - authenticate - 290
net.sf.acegisecurity.providers.ProviderManager - doAuthentication - 159
net.sf.acegisecurity.AbstractAuthenticationManager - authenticate - 49
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor - beforeInvocation - 372
net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor - invoke - 77
org.springframework.aop.framework.ReflectiveMethodInvocation - proceed - 176
org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor - invoke - 49
org.springframework.aop.framework.ReflectiveMethodInvocation - proceed - 176
org.alfresco.repo.audit.AuditComponentImpl - audit - 241
org.alfresco.repo.audit.AuditMethodInterceptor - invoke - 69
org.springframework.aop.framework.ReflectiveMethodInvocation - proceed - 176
org.springframework.transaction.interceptor.TransactionInterceptor - invoke - 107
org.springframework.aop.framework.ReflectiveMethodInvocation - proceed - 176
org.springframework.aop.framework.JdkDynamicAopProxy - invoke - 210

Tests :

If I put "nodeService" (little n), it's ok, but it is not the solution for us and software craches later.

If in file "knowings-resource-services-security-context.xml", I put :

    <!– to test it –>
      <bean id="ITaxonService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor"

It's Ok with using NodeService and I have the rights.

=> I think I made mistakes in security rules :

com.knowings.kmsj.repo.taxonomy.ITaxonService.getAvailableTaxons=ACL_ALLOW
com.knowings.kmsj.repo.taxonomy.ITaxonService.getTemporaryTaxons=ACL_ALLOW

Have you any idea ?

Regards,

Outcomes