MethodSecurityInterception: method calls don't get intercepted without, already, details, methods, errors

amy

Hello there,

I seem to have some issues with securing method invocation.
My setup (details below) is already trimmed of all extra's,  just one (multiaction) controllerbean, with three methods (two are secured)

Deploying the webapp goes without any errors, and logs show the MethodSecurityInterceptor was configured (at least it found the secured method)Code:
2006-09-11 15:43:56,636 DEBUG [org.acegisecurity.intercept.method.MethodDefinitionMap] Adding secure method [tmg.webtools.tool.Controller.doSomeOtherThing] with attributes [[ROLE_ADMIN]]
2006-09-11 15:43:56,636 INFO  [org.acegisecurity.intercept.method.MethodDefinitionMap] Adding secure method [public org..web.servlet.ModelAndView tmg.webtools.tool.Controller.doSomeOtherThing(javax.servlet.from.fromServletRequest,javax.servlet.from.fromServletResponse)] with attributes [[ROLE_ADMIN]]
When deployed, however, i can invoke asy method i want without authorization...

I'm probably just missing something obvious, but i cant seem to identify what is missing exactly... Hope you guys can help me out...

mons.CommonsAttributesquot;/gt;

lt;bean id=quot;objectDefinitionSourcequot; class=quot;org.acegisecurity.intercept.method.MethodDefinitionAttributesquot;gt; lt;property name=quot;attributesquot;gt;lt;ref local=quot;attributesquot;/gt;lt;/propertygt;
lt;/beangt;
--gt;
lt;bean id=quot;methodSecurityInterceptorquot; class=quot;org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptorquot;gt; lt;property name=quot;validateConfigAttributesquot;gt;lt;valuegt;truelt;/valuegt;lt;/propertygt; lt;property name=quot;authenticationManagerquot;gt;lt;ref bean=quot;authenticationManagerquot;/gt;lt;/propertygt; lt;property name=quot;accessDecisionManagerquot;gt;lt;ref bean=quot;accessDecisionManagerquot;/gt;lt;/propertygt;
lt;!--lt;property name=quot;objectDefinitionSourcequot;gt;lt;ref bean=quot;objectDefinitionSourcequot;/gt;lt;/propertygt; --gt;   lt;property name=quot;objectDefinitionSourcequot;gt;     lt;valuegt;       tmg.webtools.tool.Controller.doSomeOtherThing=ROLE_ADMIN     lt;/valuegt;   lt;/propertygt;
lt;/beangt;   

lt;/beansgt;
Web.xml

Code:
lt;?xml version=quot;1.0quot;?gt;
lt;!DOCTYPE web-app PUBLIC  quot;-//Sun Microsystems, Inc.//DTD Web Application 2.3//ENquot;  quot;dtd/web-app_2_3.dtdquot;gt;

lt;web-appgt;   lt;filtergt;       lt;filter-namegt;Acegi Filter Chain Proxylt;/filter-namegt;       lt;filter-classgt;org.acegisecurity.util.FilterToBeanProxylt;/filter-classgt;       lt;init-paramgt;lt;param-namegt;targetClasslt;/param-namegt;lt;param-valuegt;org.acegisecurity.util.FilterChainProxylt;/param-valuegt;       lt;/init-paramgt;   lt;/filtergt;
   lt;filter-mappinggt;     lt;filter-namegt;Acegi Filter Chain Proxylt;/filter-namegt;     lt;ucl-patterngt;/*lt;/ucl-patterngt;   lt;/filter-mappinggt;    lt;context-paramgt; lt;param-namegt;contextConfigLocationlt;/param-namegt; lt;param-valuegt; /WEB-INF/tool-servlet.xml lt;/param-valuegt; lt;/context-paramgt;  lt;listenergt; lt;listener-classgt;org..web.context.ContextLoaderListenerlt;/listener-classgt; lt;/listenergt;
lt;servletgt;    lt;servlet-namegt;toollt;/servlet-namegt;   lt;servlet-classgt;org..web.servlet.DispatcherServletlt;/servlet-classgt;   lt;load-on-startupgt;1lt;/load-on-startupgt; lt;/servletgt;
lt;servlet-mappinggt;   lt;servlet-namegt;toollt;/servlet-namegt;   lt;ucl-patterngt;/lt;/ucl-patterngt; lt;/servlet-mappinggt;  lt;welcome-file-listgt;   lt;welcome-filegt;    tool   lt;/welcome-filegt; lt;/welcome-file-listgt;
lt;/web-appgt;
Controller class:

Code:
public class Controller extends MultiActionController {

public ModelAndView test(fromServletRequest request, fromServletResponse response) {
HashMap context = new HashMap();
return new ModelAndView(quot;toolViewquot;,quot;ctxquot;,context);
}

public ModelAndView doSomething(fromServletRequest request, fromServletResponse response) {
HashMap context = new HashMap();
return new ModelAndView(quot;toolView2quot;,quot;ctxquot;,context);
}

public ModelAndView doSomeOtherThing(fromServletRequest request, fromServletResponse response) {
HashMap context = new HashMap();
return new ModelAndView(quot;toolView3quot;,quot;ctxquot;,context);
}

}