[Security] Problème avec methodSecurityInterceptor & annotations

Bonjour, je crée une application web et j'utilise notamment spring. Dedans, je voulais gérer les appels de méthode d'après les roles. J'utilise la partie security et security-tiger notamment pour les annotations. J'ai configurer le fichier xml de spring et assigner une annotations sur une methode qui est associée à un bouton dans une de mes pages web. Cependant, il ne m'affiche aucune restriction, pourtant un accessDeniedException devrait surgir lors du click !?!!

pourriez-vous m'aider ?

voici le code :

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
spring
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
 
<beans>
 
	<!-- ========================= filter chain proxy  ========================= -->
 
	<bean id="filterChainProxy"
		class="org.springframework.security.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,logoutFilter,novellProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter
			</value>
		</property>
	</bean>
 
	<!-- ========================= les filtres  ========================= -->
 
	<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
 
	<bean id="logoutFilter" lass="org.springframework.security.ui.logout.LogoutFilter">
		<constructor-arg value="/logoutSuccess.jsp" />
		<constructor-arg>
			<list>
				<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
			</list>
		</constructor-arg>
	</bean>
 
	<bean id="novellProcessingFilter" class="be.toto.momo.ui.NovellProcessingFilter">
		<property name="authenticationManager"
			ref="authenticationManager" />
		<property name="headers">
			<list>
				<value>${novell.headers.firstname}</value>
				<value>${novell.headers.lastname}</value>
				<value>${novell.headers.mail}</value>
				<value>${novell.headers.cn}</value>
				<value>${novell.headers.employeenumber}</value>
				<value>${novell.headers.memberof}</value>
				<value>${novell.headers.departmentnumber}</value>
				<value>${novell.headers.description}</value>
				<value>${novell.headers.uid}</value>
			</list>
		</property>
		<property name="principalHeaderName" value="${novell.principal}" />
		<property name="profilHeaderName" value="${novell.memberof}" />
	</bean>
 
	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
 
	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
				<property name="loginFormUrl" value="/login.jsp" />
			</bean>
		</property>
		<property name="accessDeniedHandler">
			<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
				<property name="errorPage" value="/accessDenied.jsp" />
			</bean>
		</property>
	</bean>
 
	<!-- ========================= gestion des méthodes  ========================= -->
	<sec:global-method-security
      secured-annotations="enabled" jsr250-annotations="enabled">
   </sec:global-method-security>
 
	<!-- Bean post-processor for activating any advisors -->
 
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
 
	<!-- The advisor that creates secured proxies for beans using security annotations such as @Secured -->  
 
	<bean id="methodDefinitionSourceAdvisor" class="org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor">
		<constructor-arg>
			<ref bean="methodInterceptor"/>
			<ref bean="delegatingMethodDefinitionSource"/>
		</constructor-arg>
	</bean>
	<bean id="methodInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
		<property name="validateConfigAttributes" value="false"/>
		<property name="authenticationManager" ref="authenticationManager"/>
		<property name="accessDecisionManager" ref="accessDecisionManager"/>
		<property name="objectDefinitionSource" ref="delegatingMethodDefinitionSource"/>
	</bean>
 
	<bean id="serviceAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions">
			<value>false</value>
		</property>
		<property name="decisionVoters">
			<list>
				<ref bean="roleVoter"/>
				<ref bean="authVoter"/>
			</list>
		</property>
	</bean>
 
	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
		<property name="rolePrefix" value=""/>
	</bean>
 
	<bean id="authVoter" class="org.springframework.security.vote.AuthenticatedVoter"/>
 
 
	<bean id="delegatingMethodDefinitionSource" class="org.springframework.security.intercept.method.DelegatingMethodDefinitionSource">
		<property name="methodDefinitionSources">
			<list>
				<bean class="org.springframework.security.intercept.method.MapBasedMethodDefinitionSource" />
				<bean class="org.springframework.security.annotation.SecuredMethodDefinitionSource" />
				<bean class="org.springframework.security.annotation.Jsr250MethodDefinitionSource" />
			</list>
		</property>
	</bean>
	<!-- ========================= beans nécessaire aux filtres  ========================= -->
 
	<bean id="userDetailsService" class="be.toto.momo.providers.NovellUserDetailsService">
		<property name="novellConvertValueToCode">
			<ref local="novellConvertValueToCode" />
		</property>
	</bean>
 
	<bean id="novellConvertValueToCode" class="be.toto.momo.helpers.NovellConvertValueToCode">
		<property name="profilDao">
			<ref bean="profilDao"/>
		</property>
		<property name="profilConvertEngine">
			<ref bean="cfwbConvertProfilEngine"/>
		</property>
	</bean>
 
	<bean id="cfwbConvertProfilEngine" class="be.toto.security.profil.NovellConvertAttProfilLdapToList">
	</bean>
 
 	<bean id="novellAuthoritiesPopulator" class="be.toto.momo.providers.NovellAuthoritiesPopulator">
 		<property name="userDetailsService" ref="userDetailsService"/>
 	</bean>
 
	<bean id="novellAuthenticationProvider" class="be.toto.momo.providers.NovellAuthenticationProvider">
		<property name="novellAuthoritiesPopulator" ref="novellAuthoritiesPopulator"/>
 	</bean>
 
 	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="novellAuthenticationProvider" />
			</list>
		</property>
	</bean>
 
	<!-- <bean id="cfwbConvertProfilEngine" class="be.etnic.security.profil.HelperConvertAttProfilLdapToList">
	</bean>-->
 
 
		<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
	<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
 
</beans>

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
l'objet
 
public class TiersCreationBackBean extends AbstractBackBean {
	private static final long serialVersionUID = 4965502626702734614L;
	private String type;
	private Collection<SelectItem> types;
	public TiersCreationBackBean() {
		super();
	}
	public String getType() {
		return type;
	}
	public void setType(String type) {
		this.type = type;
	}
	public Collection<SelectItem> getTypes() {
		return types;
	}
	public void setTypes(Collection<SelectItem> types) {
		this.types = types;
	}
	public String create() {
		Tiers newTiers = new Tiers();
		newTiers.setNature(type);	
		newTiers.setComptesFinanciers((Set<CompteFinancier>)(new HashSet<CompteFinancier>()));
		newTiers.setCoordonneeCorrespondance(new Coordonnee());
		newTiers.setAdresseCorrespondance(new Adresse());
		GesspoDateTime currentGesspoDate = new GesspoDateTime(new Date());
		TiersMgtBackBean tiersMgtBackBean = new TiersMgtBackBean();
		tiersMgtBackBean.init(newTiers, currentGesspoDate);
		tiersMgtBackBean.setCreationMode();
		addRequestAttribute("tiersMgtBackBean", tiersMgtBackBean);
		return "tiers_csl"; // TODO: redirect regarding tiers nature
	}
	@Secured({"ROLE_LVL_2"})
	public String init() {
		this.type = "";
		this.types = new ArrayList<SelectItem>();
		for (Nature nature : Nature.values()) {
			this.types.add(new SelectItem(nature));
		}
		return ConstantsBackBean.SUCCESS;
	}
}

Merci d'avance ;-)