menu option + screen access + object level security

[huwtrimet.org]

Hi there, I figured out that menu option is controlled by JI-menu.xml, object level security could be set by the administrator using the GUI property.  What about the screen access, where do I set that?  Thanks in advance.

Menu options
Menu options appear depending on the user's roles. Normal users do not have access to administrative
functions. This can be modified through reconfiguration. See the Developer's Guide for details.
· Screen access
Individual screens can be blocked for access by people with given roles. For example, the default
security framework only allows administrators access to repository maintenance screens. This
configuration of what screens are available for what roles is done in configuration files. Assigning
appropriate roles to individual users through the administrative user interface configures the precise
screen access for users.
· Object level security
Objects in the repository and folders can have permissions set on them so that users without sufficient
rights cannot see and access those resources. For example, you may have management reports that
are not for all users. Permissions can be set to block access for only users with a management role.
This filtering capability is used regardless of whether the user is going through the Web user interface or
Web Services. See Setting Permissions below.

[swood]

Have a look at WEB-INF/applicationContext-security.xml.

 

In there are two bean defintions - filterInvocationInterceptor and flowVoter.

filterInvocationInterceptor allows you to lock down whole screens with full URLs to users with given roles. You probably don't need to touch this.

 

flowVoter secures JasperServer's Spring Web Flow screens. This is probably what you want to configure. You will see the flow names in the URLs - the "_flow" parameter.

 

Sherman

Jaspersoft

[huwtrimet.org]

I have created a brand new role called ROLE_REPORTSONLY.

I wanted to lock down the menu to Home, View->Reports, Logout only.  I was able to accomplish this by modifying the ji-menu.xml file.

I tried to give the /loginsuccess.html=ROLE_REPORTSONLY access in the filterInvocationInterceptor, but instead I got a unsupported argument error message when trying to start the Tomcat.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterInvocationInterceptor' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [role_reportsonly]
Caused by:
java.lang.IllegalArgumentException: Unsupported configuration attributes: [role_reportsonly]
    at org.acegisecurity.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:213)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1118)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1085)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:429)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:250)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:141)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:247)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:161)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:273)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:346)
    at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
    at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3763)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4211)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
    at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
    at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
    at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
    at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
    at org.apache.catalina.core.StandardService.start(StandardService.java:450)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)

[swood]

This is an Acegi Security level issue.

Can you show us your applicationContext-security.xml?

 

Sherman

Jaspersoft