Announcement Announcement Module
Collapse
No announcement yet.
Using Custom ObjectDefinitionSource Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Custom ObjectDefinitionSource

    Hi Everybody,

    I am trying to use Acegi for authentication and authorization. I want to have custom objectDefinitionSource which would retrieve values from database for authorization.

    I went through the threads regarding "custom objectdefinitionSource" as well as "dynamic Authorization".

    I did not quite understand the implementation that was given. So I tried implementing a class of mine. I wrote a sample class for my FilterSecurityInterceptor which would pick values from Properties file. This is my code:

    Code:
    public class MyDatabaseDrivenObjectDefinitionSource extends AbstractFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource{
    
    	//private ActionDao actionDao;
        private Properties prop;
    
        public MyDatabaseDrivenObjectDefinitionSource() throws Exception{
    //    	Create a hash table
        	prop = new Properties();
        	prop.load(new FileInputStream("properties file path"));
        	System.out.println("Properties present : " + prop.size());
        	
        }
    
       public ConfigAttributeDefinition lookupAttributes(String url) {
        	System.out.println("LookupAttributes URL: " + url);
        	ConfigAttributeEditor configAttrEditor=new ConfigAttributeEditor();
        	if (url == null)
                throw new NullPointerException("Parameter of url is null");
            try {
                url = prepareUrl(url);
                System.out.println("url : " + url);	
                    
                String rolesStr = prop.getProperty(url);
                System.out.println("rolesStr : " + rolesStr);
                if(rolesStr != null){
                	configAttrEditor.setAsText( rolesStr.toString().substring(0,rolesStr.length()-1) );
                	ConfigAttributeDefinition configAttrDef=(ConfigAttributeDefinition)configAttrEditor.getValue();
                	return configAttrDef;
                }
            }
            catch (IncorrectResultSizeDataAccessException ex) {
                return null;
            }
            return null;
        }
    
        private String prepareUrl(String url) {
            String actionName = "";
            url = url.toLowerCase();
    
            if (url.charAt(0) == '/')
                url = url.substring(1);
    
            if (url.indexOf(".") != -1)
              actionName = url.substring(0, url.indexOf("."));
            System.out.println("ActionName :" + actionName);
            if (prop.containsKey(actionName)) {
            	System.out.println("ContainsKey =  true");
                if (url.contains("?")) {
                    url = url.substring(0, url.indexOf("?"));
                }
            }
    
            if (url.contains("&"))
                url = url.substring(0, url.indexOf("&"));
            return url;
        }
    
        public Iterator getConfigAttributeDefinitions() {
    
    	return null;
       }
    }
    applicationContext.xml

    Code:
    <bean id="memoryAuthenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
        <property name="userMap">
            <value>
                user=pass,ROLE_USER,ROLE_SUPERVISOR
                user1=pass,ROLE_USER
                user2=pass,ROLE_USER
            </value>
        </property>
    </bean>
    	
    <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
         <property name="authenticationDao">
             <ref local="memoryAuthenticationDao"/>
         </property>
    </bean>
    
    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="daoAuthenticationProvider"/>
            </list>
        </property>
    </bean>
    
    <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="authenticationFailureUrl">
            <value>/login.jsp?error=1</value>
        </property>
        <property  name="defaultTargetUrl">
            <value>/</value>
        </property>
        <property name="filterProcessesUrl">
            <value>/j_acegi_security_check</value>
        </property>
    </bean>
    	
    <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.UnanimousBased">
        <property name="allowIfAllAbstainDecisions">
            <value>false</value>
        </property>
        <property name="decisionVoters">
            <list>
               <ref local="roleVoter"/>
            </list>
        </property>
    </bean>
    
    <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
          <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
          <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
    </bean>
    
    <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
          <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property>
    </bean>
    	
    <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl">
            <value>/login.jsp</value>
        </property>
    </bean>
    
    
    <bean id="myObjectDefinitionSource" class="com.voyager.MyDatabaseDrivenObjectDefinitionSource"/>
    	
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager">
            <ref bean="accessDecisionManager"/></property>
        <property name="objectDefinitionSource">
    	<ref local="myObjectDefinitionSource"/>
        </property>
    </bean>

    Using the above configuration, I am getting AccessDenied Exception
    after login.

    Any help regarding implementating objectDefinitionSource for FilterSecurityInterceptor, MethodSecurityInterceptor and ChannelProcessingFilter will also be helpful.

    Any suggestions regarding this problem will be helpfull...

    Thanks and Regards,
    Shweta

  • #2
    I can't see any issues with your configuration. Try adding debug messages to your MyDatabaseDrivenObjectDefinitionSource, or use an IDE debugger to see what's happening. Also try writing a unit test for MyDatabaseDrivenObjectDefinitionSource to ensure that it is behaving correctly in isolation from FilterSecurityInterceptor.

    Comment


    • #3
      Thanks Ben....I kind of solved the problem by looking at the source code of Acegi...got the exact flow and was able to trace the problem...

      Thanks again..

      Regards,
      Shweta

      Comment

      Working...
      X