Spring Authorization not kicking off

I have the following spring security xml file, which has authentication and authorization configuration. The problem here is the authentication works fine but the authorization is not kicking off, its not even retrieving role. I have worked on similar kind of scenario earlier but had no problems. The only difference was I was using spring 3 that time now this is with spring 4. Any thing that I am missing here or something I am doing wrong.

<security:authentication-manager alias="preAuthManager">  
  <security:authentication-provider ref="preAuthProvider" />  
</security:authentication-manager>

<bean id="preAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">  
  <property name="preAuthenticatedUserDetailsService" ref="frfPreAuthUserDetailsService" />  
</bean>  

 <bean id="frfPreAuthProcessingFilter" class="*.*.*.ws.infra.FRFPreAuthenticatedProcessingFilter">  
    <property name="authenticationManager" ref="preAuthManager" />  
    <property name="stripDomain" value="true" />  
    <property name="toLowerCase" value="true" />
</bean>  

<bean id="preAuthEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" /> 

<bean id="frfPreAuthUserDetailsService" class="*.*.*.ws.infra.FRFPreAuthenticatedUserDeatilsService">  
   <!-- Configure the Role Service ... 1) InMemoryRoleRetriever 2) Arrow2RoleRetriver; This configuration is shown below...-->  
   <property name="roleService" ref="arrow2RoleServiceImpl" />  
</bean> 


<bean id="arrow2RoleServiceImpl" class="*.*.*.ws.arrowrest.ArrowRoleRetriever">
       <constructor-arg index="0" value="${arrow.rest.endPoint}" />
       <constructor-arg index="1" value="authorized-function-names" />       
       <constructor-arg>
            <map>
                 <entry key="CallerName" value="${arrow.appName}"></entry>
                 <entry key="ApplicationName" value="${arrow.appName}"></entry>
            </map>
       </constructor-arg>
 </bean>

 <!-- <global-method-security pre-post-annotations="enabled"/> -->
 <security:global-method-security secured-annotations="enabled"/>

<security:http pattern="/WEB-INF/jsp/access_denied.jsp" security="none"/>

<security:http  pattern = "/app/*" create-session="never" use-expressions="false" auto-config="false" entry-point-ref="preAuthEntryPoint" 
authentication-manager-ref="preAuthManager"
access-decision-manager-ref="accessDecisionManager"  
xmlns="http://www.springframework.org/schema/security">  

    <security:custom-filter ref="frfPreAuthProcessingFilter" before="PRE_AUTH_FILTER" /> 

    <security:intercept-url pattern="/app/3a4/rules" method="GET" access="ROLE_ADMIN"/> 

</security:http>

<!-- Allows access if principal has the proper granted authority -->
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans"> 
    <constructor-arg> 
      <list> 
        <bean class="org.springframework.security.access.vote.RoleVoter" /> 
      </list> 
    </constructor-arg> 
    <property name="allowIfAllAbstainDecisions" value="false" /> 
</bean> 

Leave a Reply

avatar
  Subscribe  
Notify of