Announcement Announcement Module
Collapse
No announcement yet.
UserCredentialsDataSourceAdapter appears to be broken. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • UserCredentialsDataSourceAdapter appears to be broken.

    Looks like there is some sort of problem with this as any password at all is accepted as valid. I even edited the applicationContext-jdbc.xml file inside the UserCredentialsDataSourceAdapater bean to comment out the default username and password values, and it still takes any password as valid, so the UserCredentialsDataSourceAdapter must not be looked at at all!

    Here is what I tried (maybe it's my mistake). I set this up in my applicationContext-jdbc.xml file:

    Code:
    <!-- For non Sun App Servers, use java&#58;comp/env/sureweb -->	
        <bean id="targetDataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> 
            <property name="jndiName"><value>jdbc/myappname</value></property>
        </bean>
    
       <bean id="dataSource" class="org.springframework.jdbc.datasource.UserCredentialsDataSourceAdapter"> 
       	  <property name="targetDataSource"><ref bean="targetDataSource"/></property> 
       	  <property name="username"><value>MASTERUSERNAME</value></property> 
       	  <property name="password"><value>MASTERPASSWORD</value></property> 
       </bean>
    
        <!-- Transaction manager for Spring JDBC -->
        <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
            <property name="dataSource"><ref bean="dataSource"/></property>
        </bean>
    
        <bean id="userAccessDAO" class="com.mycompany.myproject.dao.jdbc.UserAccessDAOJdbc" singleton="false">
            <property name="dataSource"><ref bean="dataSource"/></property> 
        </bean>

    In my code I do this:

    Code:
    public String loginButton_action&#40;&#41;
        &#123;
            //TODO Will need to use Spring when it is working
            //but for now just test with static code
    
            //Get access to Spring
            ApplicationContext ctx = org.springframework.web.jsf.FacesContextUtils.getWebApplicationContext&#40;getFacesContext&#40;&#41;.getCurrentInstance&#40;&#41;&#41;;
    
            UserCredentialsDataSourceAdapter ds = &#40;UserCredentialsDataSourceAdapter&#41; ctx.getBean&#40;"dataSource"&#41;;
    
            boolean bAuthenticated = true;
    
            try
            &#123;
                log&#40;"Authenticating user " + userName.getValue&#40;&#41;&#41;;
    
                ds.setCredentialsForCurrentThread&#40;&#40;String&#41;userName.getValue&#40;&#41;, &#40;String&#41;password.getValue&#40;&#41;&#41;;
    
                //Get the UserAccess information to feed to the PatientDAOJdbc class
                UserAccessDAOJdbc userAccessDAO = &#40;UserAccessDAOJdbc&#41;ctx.getBean&#40;"userAccessDAO"&#41;;
    
                List userAccessList = userAccessDAO.getUserAccessList&#40;&#40;String&#41;userName.getValue&#40;&#41;&#41;;
            &#125;
            catch &#40;Exception ex&#41;
            &#123;
                log&#40;"User credentials for " + userName.getValue&#40;&#41; + " could not be authenticated"&#41;;
    
                bAuthenticated = false;
            &#125;
    
    
            if &#40;bAuthenticated&#41;
            &#123;
                //Perform needed operations for a successful logon
                handleSuccessTasks&#40;&#41;;
    
                return "loginSuccess";
            &#125;
            else
            &#123;
                return "loginFail";
            &#125;
        &#125;

    And my DAOJdbc code looks like this:

    Code:
    public class UserAccessDAOJdbc extends JdbcDaoSupport implements UserAccessDAO
    &#123;
        
        public List getUserAccessList&#40;String retrievalID&#41; 
        &#123;
    	List userAccessList = new UserAccessQuery&#40;getDataSource&#40;&#41;&#41;.execute&#40;new Object&#91;&#93;&#123;retrievalID&#125;&#41;;
            
            if &#40;userAccessList.isEmpty&#40;&#41;&#41; 
            &#123;
                throw new ObjectRetrievalFailureException&#40;UserAccess.class, retrievalID&#41;;  
            &#125;
    
            return userAccessList;
        &#125;
        
        
        class UserAccessQuery extends MappingSqlQuery
        &#123;
            public UserAccessListQuery&#40;DataSource ds&#41;
            &#123;
                super&#40;ds, "SELECT * FROM UserAccess WHERE EmailAddress=?"&#41;;
                declareParameter&#40;new SqlParamter&#40;Types.VARCHAR&#41;&#41;;
                compile&#40;&#41;;
            &#125;
            
            protected Object mapRow&#40;java.sql.ResultSet resultSet, int param&#41; throws java.sql.SQLException 
            &#123;
                UserAccess userAccess = new UserAccess&#40;&#41;;
                userAccess.setEmailAddress&#40;resultSet.getString&#40;"EMailAddress"&#41;&#41;;
                userAccess.setAllAccess&#40;resultSet.getInt&#40;"AllAccess"&#41;&#41;;
                
                return userAccess;
            &#125;
            
        &#125;
        
    &#125;
    Now, it does fail if I give it the wrong username (Email address) because of the failed (empty) retrieve, but any password at all allows this to work. It acts like it is using the username/password set up in jndi datasource.

    Is this broken, or am I doing something wrong?

    THANKS!

  • #2
    JNDI datasource issue?

    I converted from JNDI to use a DriverManagerDataSource and now that seems to work as expected.

    Now my question is, what is wrong with using a JNDI datasource?

    I verified that the datasource I was using that was configured in the app server does not have a username or password set up so it wasn't like that was overiding what the UserCredentialsDataSourceAdapter was doing.

    I even tried adding bogus values for user and password in the connection pool (used by the JDBC resource) and that still worked (allowed any password at all).

    I'm really confused here.

    Any ideas?


    Thanks.

    Comment

    Working...
    X