hivemind-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jean-Francois Poilpret" <>
Subject RE: Hivetranse Lock: User is in specified role but access is still denied
Date Mon, 28 Aug 2006 15:42:37 GMT
Hi Aleksej,

I don't know Tapestry very well so it will be hard for me to give you a
sample code that will work.
Yes, HiveLockFilter depends on HiveMindFilter to work correctly.
Now your way to fix the problem will depend on how Tapestry can give you
access to the Registry:

1. if Tapestry uses a ServletFilter (something like HiveMindFilter but
different) to setup the Registry and to give access to it (through
HttpRequest, HttpSession or whatever...), then I would say that your best
option would be to derive from HiveLockFilter and override the
initSecurityService() method to get the HiveMind Registry with the "tapestry
way" and get the hivelock.SecurityService out of it.

2. if Tapestry instantiates the Registry directly in its Servlet (no
Filter), then you'll have to find a Tapestry way (listener or something
equivalent) to be notified just before and just after a request gets
processed by Tapestry, in your "listener" you'll have to get access to
hivelock.SecurityService (I believe you would have injection possibilities
here) and call setCurrentUser/clearCurrentUser methods of SecurityService
(take a look at the code in HiveLockFilter, but you can let aside the
additional specific code that manages HttpSessions lifecycle).

Let me know about your results!



-----Original Message-----
From: Aleksej [] 
Sent: Monday, August 28, 2006 2:55 PM
Subject: Re: Hivetranse Lock: User is in specified role but access is still

Hi Jean!
Thanks for answer. I am using HiveLock with Tapestry4. I was looking in 
javadocs about HiveLockFilter
but it is still unclear for me which filters I need to use. According to 
HiveLockFilter javadocs I need to use
org.apache.hivemind.servlet.HiveMindFilter but i think that Tapestry 
already implements required functionality.

Jean-Francois Poilpret wrote:
> Hello Aleksej,
> One important point for the AuthorizationInterceptor to work correctly is
> make sure to call SecurityService.setCurrentUser() at some point (early)
> the calls stack.
> If you use the HiveLockFilter (ServletFilter) according to the way it is
> documented (in the javadco of this class), then you have nothing special
> do here (the filter will call SecurityService.setCurrentUser()
> automatically), and everything should be fine. If you do not use it, then
> you have to replace it in some way.
> Can you provide more detail about your configuration (web.xml,
> hivemodule.xml)?
> How do you manage authentication on the server side?
> A practical usage example of HiveLock is in the sample code that comes
> HiveMind Utilities, you might consider taking a look at it.
> Don't hesitate to ask if you have questions (although normally the
> users list is not supposed to be used for support on HiveMind Utilities, I
> hope that subscribers to this list don't feel bored about these messages,
> please talk if you cannot stand HiveMind Utilities mails in this list).
> Cheers
> Jean-Francois
> -----Original Message-----
> From: Aleksej [] 
> Sent: Friday, August 25, 2006 3:44 PM
> To:
> Subject: Hivetranse Lock: User is in specified role but access is still
> denied
> Hi, list!
> I got Service which have moveNodeUp method.
> When I running code which calls to that method I got
> Unregistered user cannot access method 
> myPackage.StructureLogic.moveNodeUp exception,
> but I am sure that user IS in structure-admin role ( I tested it ).
> Here is my service definition:
> -----
> <service-point id="Logic" interface="StructureLogic">
>         <invoke-factory model="threaded">
>             <construct class="impl.StructureLogicImpl">
>             </construct>
>         </invoke-factory>
>         <interceptor service-id="hivelock.core.AuthorizationInterceptor">
>             <method pattern="moveNodeUp" roles="structure-admin" />
>             <method pattern="*" roles="*" />
>         </interceptor>       
> </service-point>
> -----
> Maybe I forgot something?

View raw message