Announcement Announcement Module
Collapse
No announcement yet.
Acegi usage questions Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi usage questions

    I have a working web application that is using the applicationContext.xml and the web.xml files from the quickstart WEB-INF directory. The only modification I have made is to use the JdbcDaoImpl instead of the InMemoryDaoImpl.

    I have a few questions.

    1. How to make additional properties in my users table accessible in addition to the username, password fields? Example: first and last name and email properties?

    2. How to access my users credentials from my Strut's action classes?

    3. How to perform password encryption/decryption?

    I have read through the documentation and plan to re-read it until I understand this better, however a few small examples would really be appreciated.

    Regards

  • #2
    You need to subclass JdbcDaoImpl to add additional properties to a subclass of User (or write your own UserDetails).

    Use ((SecureContext)ContextHolder.getContext()).getAut hentication().getPrincipal() to obtain the User/UserDetails your JdbcDaoImpl returned. You can do this from anywhere, including your views, controllers and services layer classes (it's a ThreadLocal).

    Password encryption and decryption is handled by a property on DaoAuthenticationProvider. See its JavaDocs.

    HTH

    Comment


    • #3
      help - subclassing JdbcDaoImpl

      Hi,

      Im trying to subclass JdbcDaoImpl and override the rowMapper so that the columns of my user select query can be mapped correctly (Ive added a lot more like email, address etc).

      What exactly am I to override to enable the UsersByUsernameMapping use my own (nested) rowMapper that will map the additional columns to my User bean??

      Secondly, I noticed that the user query select on user name only. When does the password match checking occur? And if i insert my passwords as SHA or MD5 using the password encoder, how/when does the acegi framework compare the user entered password (which has been encoded to SHA or MD5) with the one from the DB?

      would be grateful and very much appreciate a quick response as im little stuck. I must say Acegi is truly a superb piece of kit.


      Asif Akhtar

      Comment


      • #4
        I guess you would probably have to override loadUserByUsername since it return a plain User object and you'll want to return something more complicated with your extra data included:

        http://acegisecurity.org/multiprojec...oImpl.html#173

        If you're using DaoAuthenticationProvider, the password is checked here:

        http://acegisecurity.org/multiprojec...ovider.html#48

        Comment


        • #5
          Forwarding to URL other than the success login page

          thanks for your reply luke.

          just another question. instead of forwarding to a success login page I would like to forward to a struts Action (or any other controller class) to determine the actual role of the user via the ACEGI Contextholder and then from this determine which page to forward to (e.g. admin.jsp).

          How would this be achieved? Would I have to do manual programmatic login using UsernamePasswordAuthenticationToken, or can I specify the .do url so struts will pick it up?

          so if I add a path e.g. index.do will this be acceptable?

          hmm, not sure if what i said makes sense, but if u know what i mean please respond asap as im stuck once again!

          thanks guys

          Comment


          • #6
            Acegi has no knowledge of struts, it just deals in URLs, so you can use anything you want.

            If you want to make a decision about what page to show based on the user's role, you could set the defaultTargetUrl of AuthenticationProcessingFilter to point to your struts controller (something.do) and forward to whatever you want from there.

            Comment


            • #7
              Get NoSuchBeanDefinitionException !!

              Hi,

              Ive gone nuts. All im trying to do is to allow all users to access web pages that are not protected, but only allow ADMIN, and USER to access the secure pages via logging in.

              so heres my objectDefSource bit from app.xml:

              <property name="objectDefinitionSource">
              <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
              PATTERN_TYPE_APACHE_ANT
              /* = ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN
              /secure/admin* = ROLE_ADMIN
              /secure/** = ROLE_USER
              </value>
              </property>

              Now, when I href from an ordinary static page to my login page and hit submit (trying to log on) I get the following error:

              [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor25] Candidate is: '/j_acegi_security_check'; pattern is /**; matched=true
              [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor25] Candidate is: '/j_acegi_security_check'; pattern is /**; matched=true
              [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor25] Candidate is: '/j_acegi_security_check'; pattern is /**; matched=true
              [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor25] Candidate is: '/j_acegi_security_check'; pattern is /**; matched=true
              [ERROR,[default],http-8080-Processor25] Servlet.service() for servlet default threw exception
              org.springframework.beans.factory.NoSuchBeanDefini tionException: No bean named '' is defined: org.springframework.beans.factory.support.DefaultL istableBeanFactory defining beans [messageSou
              at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeanDefinition(DefaultListab leBeanFactory.java:351)
              at org.springframework.beans.factory.support.Abstract BeanFactory.getMergedBeanDefinition(AbstractBeanFa ctory.java:637)
              at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:195)
              at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:151)
              at org.springframework.context.support.AbstractApplic ationContext.getBean(AbstractApplicationContext.ja va:538)
              at org.acegisecurity.util.FilterChainProxy.obtainAllD efinedFilters(FilterChainProxy.java:253)
              at org.acegisecurity.util.FilterChainProxy.doFilter(F ilterChainProxy.java:169)
              at org.acegisecurity.util.FilterToBeanProxy.doFilter( FilterToBeanProxy.java:120)
              at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
              at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
              at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
              at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
              at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
              at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
              at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
              at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
              at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
              at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
              at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
              at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)


              It says - No bean named '' is defined. I dont get it.

              This is the value for my filterInvocationDefinitionSource defined in my filterChainProxy,

              <value>
              CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
              PATTERN_TYPE_APACHE_ANT
              /**=httpSessionContextIntegrationFilter,
              authenticationProcessingFilter,
              anonymousProcessingFilter,
              securityEnforcementFilter
              </value>

              Any ideas??

              Comment


              • #8
                You shouldn't need to have the line

                /* = ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN

                If there is no matching configuration then it should have public access by default.

                Post your configuration (preferrably updated for RC2 in which SecurityEnforcementFilter has been refactored) if you can't get it to work.

                Comment


                • #9
                  Wheh you are declaring anonymous filter you need to define it and also if you want all users to access the web pages which are not protected just
                  remove this line from your object definition source
                  /* = ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN
                  and then try

                  Comment

                  Working...
                  X