Author: kevin

Posted on

PlayB3yond.com – Sony is ramping up the hype ready for the Nov 17 launch of the PS3

Sony have an awesome promotional site for the upcoming P3 – www.playb3yond.com. The site has two currently available videos covering the processing power of the Cell processor and the storage capacility of the BluRay disk. More videos coming are under the titles of ‘Control’, ‘Higer Definition’, ‘Multi-dimensional’, and ‘Games’.

If I can find one on day one will I be buying one? Heck, yeah.

Posted on

Hours wasted with Acegi’s FilterSecurityInterceptor & CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON

Sometimes the answer to a problem is staring you right in your face. Across several evenings I spent a number of hours trying to work out why my URL based security using Acegi for my Grails application I am working on would not work. I though I was misunderstanding how to specify the wildcards using Ant syntax, and so kept trying many different variations of patterns to try and match the URLs I was trying to protect.

It finally dawned on me that the CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON instruction defined with the FilterSecurityInterceptor was causing all my problems. Some of my URLs contain mixed case, and I had blindly copied them into my configuration file, and forgot all about this setting to convert all URLs to lower case before comparing. Wow, that seems so obvious now, but I think it took me at least 6 hours of head scratching and reading many posts online before I worked out what was going wrong.

For an example of my configuration file and more details, see my other post here.

Posted on

Understanding Acegi’s FilterSecurityInterceptor and URL matching

The ‘CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON’ parameter to FilterSecurityInterceptor means exactly that – URLs are converted to lower case for comparison with the patterns that you define.

If you use CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON, then make sure all the URL patterns you specify are also in lower case, otherwise you will never get a match. This seems obvious, but it took me several hours of trial and error before I spotted what was not working in my configuration.

For example, take this snippet of configuration:

<code>
    &lt;bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt;
        &lt;property name="authenticationManager"&gt;
        &lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
        &lt;property name="accessDecisionManager"&gt;
        &lt;ref bean="accessDecisionManager"/&gt;&lt;/property&gt;
        &lt;property name="objectDefinitionSource"&gt;
            &lt;value&gt;
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /acegilogin.jsp*=ROLE_ANONYMOUS, ROLE_ADMIN
                /=ROLE_ANONYMOUS, ROLE_ADMIN
                /index.jsp=ROLE_ANONYMOUS, ROLE_ADMIN

                /item/show/**=ROLE_ANONYMOUS, ROLE_ADMIN
                /item/list/**=ROLE_ANONYMOUS, ROLE_ADMIN
                /item/doSomeOtherThing=ROLE_ANONYMOUS, ROLE_ADMIN
                ...
    &lt;/bean&gt;
</code>

The URL ‘/item/doSomeOtherThing’ is never going to be matched, since the incoming URLs for comparison are converted to lowercase by the CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON instruction.

Proudly powered by WordPress