Posted in July 2009

Jul 22 2009
4 Comments
Java, Spring

AccessDecisionManager does not support secure object class…

This post will be short and sweet, but for those of you using Spring Security and come across this exception, hopefully this post will be of some help to you. Here is the exception:

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_filterSecurityInterceptor' while setting bean property 'filters' with key [3]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterSecurityInterceptor': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.intercept.web.FilterInvocation 
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275) 
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104) 
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:287) 
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:126)

I received this exception today when I began to add some http/web level security into my application which already had some pre-existing custom configuration for my own AuthenticationManager, AccessDecisionManager (w/ custom voters) and AuthenticationProvider. When I added the following configuration to my Spring configuration the above exception was thrown on the next Maven test run:


... custom auth provider, auth manager, voters above....

<!-- my custom accessDecisionManager config -->
<bean id="accessDecisionManager" 
	class="org.springframework.security.vote.AffirmativeBased">
	<property name="decisionVoters">
		<list>
			<ref bean="myCustomAccessVoter"/>
		</list>
	</property>
</bean>

<!-- the NEW entry I added which triggered the exception -->
<security:http access-decision-manager-ref="accessDecisionManager">
    	<security:intercept-url pattern="/**" access="ROLE_USER" />
    	<security:form-login/>
</security:http>

The reason for the above exception is because my AffirmativeBased AccessDecisionManager did not have any decisionVoters who responded with “true” when passed a “FilterInvocation” object to their supports(Class clazz) method.

If you have a custom AccessDecisionVoter like I did above, you need to begin returning true in calls to support(Class clazz) when passed instances of “FilterInvocation” objects, while still only returning true for only the ConfigAttributes you care about when support(ConfigAttribute attr) is called on your voter. Secondly you should add an RoleVoter to your list of decisionVoters for your AccessDecisionManager configuration.

There is more to it than just the quick fix listed above, however that is for you to implement in your application. I just wanted to post this to give people a pointer in the right direction as to what is causing this exception. Hope it helped!

Tagged ,
Jul 15 2009
Leave a comment
PHP, Reviews

Review: Wicked Cool PHP

wikcoolThis is a review of “Wicked Cool PHP” by William Steinmetz and Brian Ward

Ok, let me sum this book up quickly: This book is for beginners.

To be more specific, this book would be absolutely perfect if your job (as a beginner) was to create a PHP website with some interactivity however you were locked in a room with a computer with PHP/Apache/Mysql installed, but zero Internet access to get further help online. This book would likely give you everything you need to get that website built using PHP. You could walk out of that room with a working website, using ONLY this book as a reference to get it done. (assuming your Apache/Mysql installs are good to go)

That said, I don’t think that is a knock on the book. The book is excellent, it is just for folks who are new to PHP. It covers a ton of topics with a “cookbook” like feel. The book is short at 181 pages so it has just enough info to get you going with very common everyday PHP tasks that someone needs to do when creating a PHP web app. It covers file access, sending email, working with forms, text/html, user/session tracking, and using cURL to talk to web services. It also gives 3 mini project examples (a poll system, greeting card system, blog system).

My recommendation. If you have zero experience with PHP, purchase this book today. I recommend it for beginners.

If you have some php experience, or have built a system in other langs and can get around online documentation… I would skip it.

Tagged
Follow

Get every new post delivered to your Inbox.