Hello all,
has anyone used Strutsmenu with Acegi for a permission-based menu in a webapplication deployed on JBoss?
My situation is this: i have a webapplication which uses acegi
security framework and struts menu, and i decided to use permissions
for my menu.
I followed what was suggested me on the acegi mailing list, to use
ContextHolderAware filter and to use acegi implementation classes for
JBoss..
I then moved to modify my menu-config.xml and the jsp which display my menu.
Situation is as follows:
i have 2 users in the database
User1 has ROLE_USER and ROLE_SUPERVISOR
User2 has ROLE_USER
My Menu has 4 submenu:
submenu1,2 and 3 is available to ROLE_USER
submenu4 is available only to ROLE_SUPERVISOR
If i log in to my app using User1, i can see all 4 menus.
If i log in to my app using User2, i see no menu at all
i tried with different options, by making all menu available to ROLE_USER and
some of the menu available to ROLE_SUPERVISOR only, but it looks like
as long as there is a ROLE_SUPERVISOR somewhere (either in an item or
in a submenu, a user with ROLE_USER cannot see any menu at all,
looking like ROLE_SUPERVISOR overrides everything..
I have tried to remove permissions from my menu, to check if Acegi
filters etc were working correctly... acegi was fine, in fact when i
log in as User1 or User2, by calling isUserInRole for each of roles
associated to the user return true.
So, to me it looks like there's a problem either with the Menu or with
the RolesAdapter used by STruts Menu...
can anyone help me? how can i test if the rolesAdapter is workng fine
programmatically? can i write some java code within my application
that tests which of the menu/submenu/items should be displayed?
thanks in advance and regards
marco