pkdevboxy / google-web-toolkit-incubator

Automatically exported from code.google.com/p/google-web-toolkit-incubator
0 stars 0 forks source link

Annotation security not working #325

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I'm using GWT 1.7 and incubator 1.0.1

At the moment I'm only testing in the hosted browser.

The DispatchHandler picks up the RPC call and it filters through the
GWTSecureHandler, but it never throws a Spring Security Exception.

Can someone please point out what I'm doing wrong please.

I've pasted the relevant code snippets below.

SERVICE
--------

@RemoteServiceRelativePath("rpc/authentication")
@GWTRequestMapping("art/rpc/authentication")
public interface AuthenticationService extends RemoteService {

    /**
     * @param aRequest
     * @return
     */
    @Secured({"ROLE_ANONIMOUS"})
    public BaseResponseDto login(LoginRequestDto aRequest); 

    /**
     * @return
     * @throws ApplicationSecurityException
     */
    @Secured({"ROLE_USER"})
    public BaseResponseDto logout() throws ApplicationSecurityException;

WEB.XML

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class
>
    </filter>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping> 

    <servlet>
        <servlet-name>spring-lobanet-art-rpc</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring-lobanet-art-rpc</servlet-name>
        <url-pattern>/art/rpc/*</url-pattern>
    </servlet-mapping>  

SPRING
------

    <global-method-security secured-annotations="enabled"
jsr250-annotations="disabled" />

    <http auto-config="true">
<!--        <intercept-url pattern="/Art.html" access="ROLE_USER" /> -->

    <!-- 
        <intercept-url pattern="/gwt/**" access="ROLE_USER" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
         -->
    </http>

    <authentication-provider>
        <user-service>
            <user name="rod" password="koala" authorities="ROLE_SUPERVISOR,
ROLE_USER, ROLE_TELLER" />
            <user name="dianne" password="emu" authorities="ROLE_USER,ROLE_TELLER" />
            <user name="scott" password="wombat" authorities="ROLE_USER" />
            <user name="peter" password="opal" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>

    <context:component-scan base-package="com.lobanet.art.server" />

    <bean id="urlMapping"
class="com.gwtincubator.security.server.GWTSecuredHandler">
        <property name="mappings">
            <map>
                <entry key="/authentication" value-ref="authenticationService" />
            </map>
        </property>
    </bean>

    <bean id="authenticationService"
class="com.lobanet.art.server.AuthenticationServiceImpl"/>

Original issue reported on code.google.com by solution...@gmail.com on 12 Nov 2009 at 10:20