Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Spring Security @PreAuthorize is not working(Spring Security @PreAuthorize is not working when we are refering a service)
Spring Security @PreAuthorize is not working [message #903371] Thu, 23 August 2012 07:46
damoder reddy is currently offline damoder reddy
Messages: 2
Registered: August 2012
Junior Member
Hi,

I am using OSGi with spring annotation based security. I have a Interface in which one method is annotated with @PreAuthorize(...). I registered this Interface as OSGi Service and referring the same in another bundle as OSGi Service Reference.

The problem is when I am calling this method on the Service reference it is throwing AccessDeniedException with the following logs.

o.s.s.access.prepost.PrePostAnnotationSecurityMetadataSource Looking for Pre/Post annotations for method 'save' on target class 'class $Proxy360'
[2012-08-09 17:24:49.691] DEBUG http-bio-8080-exec-8 o.s.s.access.prepost.PrePostAnnotationSecurityMetadataSource @org.springframework.security.access.prepost.PreAuthorize(value=hasPermission(#user, 'write') or hasRole('ROLE_ACCOUNT_USER_CRUD')) found on specific method: public final User $Proxy360.save(User)
[2012-08-09 17:24:49.691] DEBUG http-bio-8080-exec-8 o.s.s.access.method.DelegatingMethodSecurityMetadataSource Adding security method [CacheKey[$Proxy360; public abstract User UserService.save(User)]] with attributes [[authorize: 'hasPermission(#user, 'write') or hasRole('ROLE_ACCOUNT_USER_CRUD')', filter: 'null', filterTarget: 'null']]
[2012-08-09 17:24:49.692] DEBUG http-bio-8080-exec-8 o.s.s.access.intercept.aopalliance.MethodSecurityInterceptor Secure object: ReflectiveMethodInvocation: public abstract User UserService.save(User); target is of class [$Proxy360]; Attributes: [[authorize: 'hasPermission(#user, 'write') or hasRole('ROLE_ACCOUNT_USER_CRUD')', filter: 'null', filterTarget: 'null']]
[2012-08-09 17:24:49.692] DEBUG http-bio-8080-exec-8 o.s.s.access.intercept.aopalliance.MethodSecurityInterceptor Previously Authenticated:
[2012-08-09 17:24:49.694] TRACE http-bio-8080-exec-8 org.springframework.osgi.util.BundleDelegatingClassLoader Looking for resource $Proxy360.class
[2012-08-09 17:24:49.695] DEBUG http-bio-8080-exec-8 o.e.gemini.web.tomcat.internal.loading.BundleWebappClassLoader getResource($Proxy360.class)
[2012-08-09 17:24:49.695] TRACE http-bio-8080-exec-8 org.springframework.osgi.util.BundleDelegatingClassLoader Looking for resource $Proxy360.class
[2012-08-09 17:24:49.696] TRACE http-bio-8080-exec-8 o.e.virgo.web.tomcat.support.FindResourceDelegatingClassLoader > protected java.net.URL org.eclipse.virgo.web.tomcat.support.FindResourceDelegatingClassLoader.findResource(java.lang.String)
[2012-08-09 17:24:49.702] TRACE http-bio-8080-exec-8 o.e.virgo.web.tomcat.support.FindResourceDelegatingClassLoader < protected java.net.URL org.eclipse.virgo.web.tomcat.support.FindResourceDelegatingClassLoader.findResource(java.lang.String)
[2012-08-09 17:24:49.703] DEBUG http-bio-8080-exec-8 o.e.gemini.web.tomcat.internal.loading.BundleWebappClassLoader --> Resource not found, returning null
[2012-08-09 17:24:49.703] DEBUG http-bio-8080-exec-8 o.springframework.core.LocalVariableTableParameterNameDiscoverer Cannot find '.class' file for class [class $Proxy360] - unable to determine constructors/methods parameter names
[2012-08-09 17:24:49.703] WARN http-bio-8080-exec-8 o.s.s.access.expression.method.MethodSecurityEvaluationContext Unable to resolve method parameter names for method: public final User $Proxy360.save(User). Debug symbol information is required if you are using parameter names in expressions.


Please help what could be wrong here. We are using the following bean definition for Security Expression Handler

<bean id="expressionHandler"
class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="aclPermissionEvaluator"/>
</bean>
Previous Topic:NoClassDefFoundError problem
Next Topic:Spring Security @PreAuthorize is not working
Goto Forum:
  


Current Time: Sat Aug 23 13:29:59 EDT 2014

Powered by FUDForum. Page generated in 0.03263 seconds