5 Replies Latest reply on Oct 18, 2004 1:55 PM by lcb

    Module access

    pedrojosemartins
    pedrojosemartins Oct 18, 2004 6:44 AM

      I have a jboss-service.xml file that runs as follows:

      <?xml version="1.0" encoding="UTF-8"?>
<server>
<mbean
 code="org.jboss.nukes.addons.modules.empresas.EmpresasModule"
 name="nukes.modules:name=empresas"
 xmbean-dd=""
 xmbean-code="org.jboss.nukes.component.NukesMBean">
 <xmbean>
 <attribute name="Security">
 <security>
 <permission group="Admins" pattern="::" level="READ"/>
 </security>
 </attribute>
 <attribute name="Configuration">
 <module>
 <operation name="main" display-name="Empresas" description="Mostra empresas" image="" hint=""/>
 </module>
 </attribute>
 <depends>nukes.modules:name=core</depends>
 <attribute name="DisplayName">Modulo empresas</attribute>
 <attribute name="Description">Modulo que mostra empresas</attribute>
 </xmbean>
</mbean>
</server>


      However, if i log in as a user, not admin, i can still access the module via the url

      http://localhost:8080/index.html?module=empresas

      Why does this occur?

      Thanks,
      Pedro Martins

      • 3802 Views
      • Tags:
        • 1. Re: Module access
          lcb
          lcb Oct 18, 2004 7:10 AM (in response to pedrojosemartins)

          Do you have some security check in your Modules main method?
          Somthing like this:

           if(secGetLevel("::").lesser(Level.READ))
 {
 page.sendError("ACCESS DENIED");
 }


            • Actions
          • 2. Re: Module access
            pedrojosemartins
            pedrojosemartins Oct 18, 2004 8:26 AM (in response to pedrojosemartins)

            This solution creates another problem. Including the code you gave me,

            if(secGetLevel("::").lesser(Level.ACCESS_READ))
 {
 page.sendError("ACCESS DENIED");
 }


            not Level.READ (i think it was a mistake from you, am i right?), and changing the xml file to 

            <permission group="Users" pattern="::" level="READ"/>


            when i log in as a user i cannot access the module! What's going on?

              • Actions
            • 3. Re: Module access
              lcb
              lcb Oct 18, 2004 8:58 AM (in response to pedrojosemartins)

              Yes your are rigth, Level.READ was a mistake, sorry. Level.ACCESS_READ is correct.

              For me everything looks fine now, so i don't understand why you have no access.
              Can you please check some settings.
              First, is the user you logged in realy in the Users group?
              Check the permisson settings of your module. Is the rule you defined in the jboss-service.xml the only one for this module?

                • Actions
              • 4. Re: Module access
                pedrojosemartins
                pedrojosemartins Oct 18, 2004 12:48 PM (in response to pedrojosemartins)

                OK. I've sorted that out but rather than changing the xml file, which was fruitless, i used the permission module, changing the group to 'All'. One last issue (i hope): i can only display this module in the modules menu if logged in as admin. Why is this happening?

                  • Actions
                • 5. Re: Module access
                  lcb
                  lcb Oct 18, 2004 1:55 PM (in response to pedrojosemartins)

                  Take a look at the permisson settings for menu block. You must add there a rule for you module.

                    • Actions