Announcement Announcement Module
Collapse
No announcement yet.
ObjectDefinitionSource Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ObjectDefinitionSource

    Hi,

    I have a table ROLE_MASTER in my database which consists of roles such as
    ADMINISTRATOR, PC MEMBER, REQUESTER, PC CHAIRMAN.
    Now I want to assign these roles to the user instead of using the default roles such as ROLE_ADMIN etc.
    What changes do I need to make?
    Can anybody help me. Thanks.
    Code:
    <bean id="filterSecurityInterceptor"
    	class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    	<property name="authenticationManager">
    		<ref bean="authenticationManager" />
    	</property>
    	<property name="accessDecisionManager">
    		<ref bean="accessDecisionManager" />
    	</property>
    	<property name="objectDefinitionSource">
    		<value>
    			CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    			PATTERN_TYPE_APACHE_ANT
    			/**=
    		</value>
    	</property>
    	</bean>

  • #2
    My personal preference, would be to call JdbcDaoImpl.setRolePrefix("ROLE_"); This means all the roles that are retrieved from the database are prefixed with ROLE_ for you. You can then just work with the roles the same way as you did before. So PC CHAIRMAN becomes ROLE_PC CHAIRMAN. Otherwise it's a bit of a pain and there are more places to change.
    http://www.acegisecurity.org/multipr...bcDaoImpl.html

    Comment


    • #3
      &lt;property name = &quot;rolePrefix&quot; &gt;

      Hi,

      I tried something like this but it doesn't solve the problem.
      The error msg says :
      "Error creating bean with name 'filterSecurityInterceptor' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ADMINISTRATOR]
      Code:
      <!-- Application Context -->
      
      <bean id="filterSecurityInterceptor"
      	class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
      	<property name="authenticationManager">
      		<ref bean="authenticationManager" />
      	</property>
      	<property name="accessDecisionManager">
      		<ref bean="accessDecisionManager" />
      	</property>
      	<property name="objectDefinitionSource">
      		<value>
      			CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      			PATTERN_TYPE_APACHE_ANT
      			/**=ADMINISTRATOR
      		</value>
      	</property>
      	</bean>
      
      <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
      		<property name="rolePrefix">
      			<value>ROLE_</value>
      		</property> 
      	</bean>
      Code:
      <!-- CustomJdbcDaoImpl -->
      
      protected Object mapRow(ResultSet rs, int rownum) throws SQLException {
      		String roleName = getRolePrefix()+rs.getString(2);
      		GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
      
      		return authority;
      		}
      Last edited by Aprameya; Feb 27th, 2007, 04:30 AM.

      Comment


      • #4
        Whatever you do, you need to do it consitently. Therefore if you are using the ROLE_ prefix you need to ensure the entries in the objectSourceDefinition are all prefixed with ROLE_ as well. Could you post your complete applicationContext.xml and the JdbcDaoImpl code you've written?

        Comment


        • #5
          applicationContext.xml &amp; CustomJdbcDaoImpl.java

          Code:
          <!-- CustomJdbcDaoImpl.java -->
          
          public class CustomJdbcDaoImpl extends JdbcDaoImpl {	
          protected void initMappingSqlQueries() {
          this.usersByUsernameMapping = new CustomUsersByUsernameMapping(getDataSource());
          this.authoritiesByUsernameMapping = new AuthoritiesByUsernameMapping(getDataSource());
          	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
          		List users = usersByUsernameMapping.execute(username);
          	if (users.size()==0) { throw new UsernameNotFoundException("User not found"); }
          	UserInfo user = (UserInfo) users.get(0); 
          	List dbAuths = authoritiesByUsernameMapping.execute(user.getUsername());
          	if (dbAuths.size()==0) { throw new UsernameNotFoundException("User has no GrantedAuthority"); }
          	GrantedAuthority[] arrayAuths = {};
          	addCustomAuthorities(user.getUsername(), dbAuths);
          	arrayAuths = (GrantedAuthority[]) dbAuths.toArray(arrayAuths);
          	return new UserInfo(user.getUsername(), user.getPassword(), user.isEnabled(), user.getEmail(), arrayAuths);
          	}
          
          	protected class CustomUsersByUsernameMapping extends MappingSqlQuery {
          	protected CustomUsersByUsernameMapping(DataSource ds) {
          	super(ds, getUsersByUsernameQuery());
          	declareParameter(new SqlParameter(Types.VARCHAR));
          	compile();
          	}
          
          	protected Object mapRow(ResultSet rs, int rownum) throws SQLException {
          	String username = rs.getString(1);
          	String password = rs.getString(2);
          	boolean enabled = rs.getBoolean(3);
          	String email = rs.getString(4);
          	UserDetails user = new UserInfo(username, password, enabled, email, new GrantedAuthority[] {
          	new GrantedAuthorityImpl("HOLDER")
          	});
          	return user;
          	}
          	}
          	protected class AuthoritiesByUsernameMapping extends MappingSqlQuery {
          	protected AuthoritiesByUsernameMapping(DataSource ds) {
          	super(ds, getAuthoritiesByUsernameQuery());
          	declareParameter(new SqlParameter(Types.VARCHAR));
          	compile();
          	}
          	protected Object mapRow(ResultSet rs, int rownum) throws SQLException {
          		String roleName = getRolePrefix()+rs.getString(2);
          		GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
          
          		return authority;
          		}
          	}
          }
          Code:
          <beans>
          	<bean id="ppsds" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
          		<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
          		<property name="url"><value>jdbc:mysql://localhost:3306/pps</value></property>
          		<property name="username"><value>root</value></property>
          		<property name="password"><value>root</value></property>
          	</bean>
          	
          	<bean id="hibernateTemplate" class="org.springframework.orm.hibernate3.HibernateTemplate"> 
          		<property name="sessionFactory"><ref bean="sessionFactory"/></property> 		
          		<property name="jdbcExceptionTranslator"><ref bean="jdbcExceptionTranslator"/></property> 
          	</bean> 
          	
          	<bean id="jdbcExceptionTranslator" class="org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator"> 
          		<property name="dataSource"><ref bean="ppsds"/></property> 
          		
          	</bean> 
          	
          	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
          	<property name="dataSource"><ref bean="ppsds"/></property> 
          		<property name="mappingResources">
          			<list>	 			      
          
                                                             <value>com/i3l/ppsapplication/model/Login.hbm.xml</value>
                                    	            <value>com/i3l/ppsapplication/model/PRFDetails.hbm.xml</value>			                                      <value>com/i3l/ppsapplication/model/PRFStatusLov.hbm.xml</value>
          				<value>com/i3l/ppsapplication/model/PRFStatus.hbm.xml</value>
          				<value>com/i3l/ppsapplication/model/PRFVendorDetails.hbm.xml</value>
          				<value>com/i3l/ppsapplication/model/RoleMaster.hbm.xml</value>
          				<value>com/i3l/ppsapplication/model/RequestGroupLov.hbm.xml</value>
          				<value>com/i3l/ppsapplication/model/VendorMaster.hbm.xml</value>
          				<value>com/i3l/ppsapplication/audit/AuditLogRecord.hbm.xml</value>
          	</list>
          		</property>
          		<property name="hibernateProperties">
          		<props>
          		<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
          				<prop key="hibernate.connection.autocommit">false</prop>
          				<prop key="hibernate.cglib.use_reflection_optimizer">true</prop>
          				
          			</props>
          		</property>
          		
          	</bean>
          	
          	<bean id="myTransactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
          		<property name="sessionFactory"><ref bean="sessionFactory"/></property>		
          	</bean>
          
          <bean id="abstractTxDefinition" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean" lazy-init="true">
          		<property name="transactionManager"><ref bean="myTransactionManager"/></property>
          			
          		<property name="transactionAttributes">
          			<props>
          			<prop key="*">PROPAGATION_REQUIRED</prop>
          			</props>
          		</property>
          	<property name="target"><ref bean="userTarget"/></property> 
          		
          	</bean>
          	
          	<bean id="userDAO" class="com.i3l.ppsapplication.dao.impl.UserDAOImpl">
          		<property name="hibernateTemplate"><ref local="hibernateTemplate"/></property>
          	</bean>
          
          	<bean id="userService" parent="abstractTxDefinition">
          		<property name="target"><ref local="userTarget"/></property>
          		<property name="transactionAttributes">
          			<props>
          				<prop key="save*">PROPAGATION_REQUIRED</prop>
          				<prop key="update*">PROPAGATION_REQUIRED</prop>
          				<prop key="*">PROPAGATION_REQUIRED</prop>
          			</props>
          	</property>
          		
          								
          	</bean>
          	
          	<bean id="userTarget" class="com.i3l.ppsapplication.service.impl.UserServiceImpl">		
          				<property name="userDAO"><ref local="userDAO"/></property>
          	</bean>
          	
          	<bean id="orderDAO" class="com.i3l.ppsapplication.dao.impl.OrderDAOImpl">
          		<property name="hibernateTemplate"><ref local="hibernateTemplate"/></property>
          	</bean>
          
          	<bean id="orderService" parent="abstractTxDefinition">
          		<property name="target"><ref local="orderTarget"/></property>
          		<property name="transactionAttributes">
          			<props>
          				<prop key="save*">PROPAGATION_REQUIRED</prop>
          				<prop key="update*">PROPAGATION_REQUIRED</prop>
          				<prop key="*">PROPAGATION_REQUIRED</prop>
          			</props>
          	</property>
          </bean>
          	
          	<bean id="orderTarget" class="com.i3l.ppsapplication.service.impl.OrderServiceImpl">		
          				<property name="orderDAO"><ref local="orderDAO"/></property>
          				
          	</bean>	
          	
          
          	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
          	<property name="filterInvocationDefinitionSource">
          		<value>
          			CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          			PATTERN_TYPE_APACHE_ANT
          			/**=httpSessionContextIntegrationFilter,
          				formAuthenticationProcessingFilter,
          		exceptionTranslationFilter,filterSecurityInterceptor
          		</value>
          	</property>
          	</bean>
          	
          <bean id="formAuthenticationProcessingFilter"
          	class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          	<property name="filterProcessesUrl">
          		<value>/j_acegi_security_check</value>
          	</property>
          	<property name="authenticationFailureUrl">
          		<value>/Login.jsp</value>
          	</property>
          	<property name="defaultTargetUrl">
          		<value>/</value>
          	</property>
          	<property name="authenticationManager">
          		<ref bean="authenticationManager" />
          	</property>
          	</bean>
          	
          	<bean id="httpSessionContextIntegrationFilter"
                class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
          	</bean>
          	
          
          	<bean id="exceptionTranslationFilter"
                class="org.acegisecurity.ui.ExceptionTranslationFilter">
              <property name="authenticationEntryPoint">
                   <ref bean="formLoginAuthenticationEntryPoint" />
              </property>
          	</bean>
          	
          	<bean id="filterSecurityInterceptor"
          	class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
          	<property name="authenticationManager">
          		<ref bean="authenticationManager" />
          	</property>
          	<property name="accessDecisionManager">
          		<ref bean="accessDecisionManager" />
          	</property>
          	<property name="objectDefinitionSource">
          		<value>
          			CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          			PATTERN_TYPE_APACHE_ANT
          			/**=ADMINISTRATOR
          		</value>
          	</property>
          	</bean>
          	<!-- End Filters -->
          	
          	<bean id="formLoginAuthenticationEntryPoint"
          	class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          		<property name="loginFormUrl">
          			<value>/Login.jsp</value>
          		</property>
          		<property name="forceHttps">
          			<value>false</value>
          		</property>
          	</bean>
          	<!-- End Entry Point -->
          	
          	<bean id="authenticationManager"
          		class="org.acegisecurity.providers.ProviderManager">
          		<property name="providers">
          			<list>
          				<ref bean="daoAuthenticationProvider" />
          			</list>
          		</property>
          	</bean>
          	
          	<bean id="daoAuthenticationProvider"
          		class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
          		<property name="userDetailsService">
          			<ref bean="customJdbcDaoImpl" />
          		</property>
          	</bean>
          	
          	<bean id="customJdbcDaoImpl" class="com.i3l.ppsapplication.acegi.CustomJdbcDaoImpl">
          	<property name="dataSource"><ref bean="ppsds"/></property>
          	<property name="usersByUsernameQuery">
          		<value>SELECT UD_USERNAME,UD_PASSWORD,ENABLED as 'true',UD_EMAIL_ID FROM LOGIN WHERE UD_USERNAME = ?</value>
          	</property>
          	<property name="authoritiesByUsernameQuery">
          		<value>SELECT L.UD_USERNAME,R.RM_DESC FROM LOGIN L, ROLE_MASTER R  WHERE UD_USERNAME=? </value>
          	</property>
          </bean>
          
          	<bean id="accessDecisionManager"
          		class="org.acegisecurity.vote.UnanimousBased">
          		<property name="decisionVoters">
          			<list>
          				<ref bean="roleVoter" />
          			</list>
          		</property>
          	</bean>
          
          	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
          		<property name="rolePrefix">
          			<value>ROLE_</value>
          		</property> 
          	</bean>
          </beans>

          Comment


          • #6
            The problem here is that some things are using the ROLE_ prefix and some aren't. Personally I would get everywhere to use it, I think it's clearer what you are doing that way, IMHO. So at the minute, you need to add the prefix to the FilterSecurityInterceptor entries e.g. Administrator becomes ROLE_Administrator, RoleVoter already has the prefix set, CustomJdbcDaoImpl needs to have the rolePrefix injected. With those changes you shouldn't be very far away.

            Comment

            Working...
            X