filterSecurityInterceptor and metadatasource implementation spring-security

Posted by Mike on Stack Overflow See other posts from Stack Overflow or by Mike
Published on 2010-05-11T10:32:05Z Indexed on 2010/05/11 11:24 UTC
Read the original article Hit count: 384

Filed under:

Hi! I created a class that implements the FilterInvocationSecurityMetadataSource interface.

I implemented it like this:

public List<ConfigAttribute> getAttributes(Object object) {
    FilterInvocation fi = (FilterInvocation) object;
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    Long companyId = ((ExtenededUser) principal).getCompany().getId();
    String url = fi.getRequestUrl();
    // String httpMethod = fi.getRequest().getMethod();
    List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
    FilterSecurityService service = (FilterSecurityService) SpringBeanFinder.findBean("filterSecurityService");
    Collection<Role> roles = service.getRoles(companyId);
    for (Role role : roles) {
        for (View view : role.getViews()) {
            if (view.getUrl().equalsIgnoreCase(url))
                attributes.add(new SecurityConfig(role.getName() + "_" + role.getCompany().getName()));
        }
    }
    return attributes;
}

when I debug my application I see it reaches this class, it only reaches getAllConfigAttributes method, that is empty as I said, and return null. after that it prints this warning: Could not validate configuration attributes as the SecurityMetadataSource did not return any attributes from getAllConfigAttributes().

My aplicationContext- security is like this:

<beans:bean id="filterChainProxy"
        class="org.springframework.security.web.FilterChainProxy">
        <filter-chain-map path-type="ant">
            <filter-chain filters="sif,filterSecurityInterceptor"
                pattern="/**" />
        </filter-chain-map>
    </beans:bean>    
<beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
        <beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" />
    </beans:bean>
<beans:bean id="filterSecurityMetadataSource"
        class="com.mycompany.filter.FilterSecurityMetadataSource">
    </beans:bean>

what could be the problem?

© Stack Overflow or respective owner

Related posts about spring-security