Announcement Announcement Module
Collapse
No announcement yet.
J2EE security context to Acegi context Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • J2EE security context to Acegi context

    Hello all,

    I want to translate my J2ee security context to Acegi.

    for that, I thought about modifiying my UserDetailsService implementation. Here is the applicationContext.xml.

    Code:
    <?xml version="1.0"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:aop="http://www.springframework.org/schema/aop"
    	xmlns:tx="http://www.springframework.org/schema/tx"
    	xsi:schemaLocation="
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
           http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
           http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
    
    	<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Data Source -->
    	<bean id="dataSource"
    		class="org.springframework.jndi.JndiObjectFactoryBean">
    		<property name="jndiName">
    			<value>java:/MySqlManifestationDS</value>
    		</property>
    	</bean>
    
    	<!--<bean id="transactionManager"
    		class="org.springframework.transaction.jta.JtaTransactionManager">
    		<property name="userTransactionName"><null></null></property>
    		<property name="transactionManagerName"><value>java:/TransactionManager</value></property>
    		</bean>
    		
    		<aop:config>
    		<aop:pointcut id="p" expression="execution(* org.acegisecurity.acls.MutableAclService.createAcl (..))" />
    		
    		<aop:advisor advice-ref="tx" pointcut-ref="p"/>
    		</aop:config>
    		
    		<tx:advice id="tx">
    		<tx:attributes>
    		<tx:method name="*" propagation="REQUIRED" read-only="false" />
    		</tx:attributes>
    		</tx:advice>-->
    
    	<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Acegi config-->
    	<!-- Aspect -->
    
    	<bean id="securityAspect" class="util.SecurityAspect"
    		factory-method="aspectOf">
    		<property name="securityInterceptor" ref="securityInterceptor" />
    	</bean>
    
    	<bean id="securityInterceptor" class="org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor">
    		<property name="authenticationManager"
    			ref="authenticationManager" />
    		<property name="accessDecisionManager"
    			ref="accessDecisionManager" />
    		<property name="afterInvocationManager"
    			ref="afterInvocationManager" />
    		<property name="objectDefinitionSource">
    			<value>
    				services.cyberProcedureServices.CpaManifInterface.getManifPersonne=ROLE_USER,AFTER_ACL_COLLECTION_READ
    			</value>
    		</property>
    	</bean>
    
    	<bean id="afterInvocationManager"
    		class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="afterAclCollectionRead" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="afterAclCollectionRead"
    		class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
    		<property name="processConfigAttribute">
    			<value>AFTER_ACL_COLLECTION_READ</value>
    		</property>
    		<property name="aclManager" ref="aclManager" />
    		<property name="requirePermission">
    			<list>
    				<ref
    					local="ADMINISTRATION" />
    			</list>
    		</property>
    	</bean>
    
    	<bean
    		id="ADMINISTRATION"
    		class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
    		<property name="staticField">
    			<value>org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value>
    		</property>
    	</bean>
    
    	<bean id="accessDecisionManager"
    		class="org.acegisecurity.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions">
    			<value>true</value>
    		</property>
    		<property name="decisionVoters">
    			<list>
    				<bean class="org.acegisecurity.vote.RoleVoter">
    					<property name="rolePrefix" value="ROLE" />
    				</bean>
    			</list>
    		</property>
    	</bean>
    
    
    	<bean id="aclManager"
    		class="org.acegisecurity.acl.AclProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="basicAclProvider" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="basicAclProvider"
    		class="org.acegisecurity.acl.basic.BasicAclProvider">
    		<property name="basicAclDao" ref="basicAclExtendedDao" />
    	</bean>
    
    	<bean id="basicAclExtendedDao"
    		class="org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl">
    		<property name="dataSource" ref="dataSource" />
    	</bean>
    
    	<bean id="authenticationManager"
    		class="org.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="authenticationProvider" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="authenticationProvider"
    		class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="userDetailsService"
    			ref="userDetailsJDBCDaoImpl" />
    	
    	</bean>
    
    	<bean id="userDetailsJDBCDaoImpl"
    		class="util.J2EEtoAcegiUserDetails">
    		<property name="dataSource" ref="dataSource" />
    	</bean>
    </beans>

    At its end, you will find that I don't call a classic acegi JDBCDaoImpl object, but a cutsom class I created. Here is the class:

    Code:
    /*
     * Projet : manifestation
     * Créé le 6 août 2007 par hussamil
     */
    package util;
    
    import org.acegisecurity.GrantedAuthority;
    import org.acegisecurity.GrantedAuthorityImpl;
    import org.acegisecurity.userdetails.*;
    import org.springframework.jndi.JndiObjectFactoryBean;
    
    public class J2EEtoAcegiUserDetails implements UserDetailsService {
    	
    	private JndiObjectFactoryBean dataSource;
    	
    	public UserDetails loadUserByUsername(String userName){
    		System.out.println("YO MAN, voilà le userNAme d'ACEGI" + userName);
    		
    		GrantedAuthority yo = new GrantedAuthorityImpl("ROLE_USER");
    		GrantedAuthority [] yoS = null;
    		
    		yoS[0] = yo;
    		UserDetails newContext = new User("Yo", "yo yo", true, true, true, true, yoS); 
    		return newContext;
    	}
    
    	public JndiObjectFactoryBean getDataSource()
    	{
    		return dataSource;
    	}
    
    	public void setDataSource(JndiObjectFactoryBean pDataSource)
    	{
    		dataSource = pDataSource;
    	}
    	
    
    }
    Now, the deployement, here is the exception I have:

    Code:
    ...
    nested exception is org.springframework.beans.PropertyBatchUpdateException; nested PropertyAccessExceptions (1) are
    :
    PropertyAccessException 1: org.springframework.beans.TypeMismatchException: Failed to convert property value of type [org.jboss.re
    source.adapter.jdbc.WrapperDataSource] to required type [org.springframework.jndi.JndiObjectFactoryBean] for property 'dataSource'
    ; nested exception is java.lang.IllegalArgumentException: Cannot convert value of type [org.jboss.resource.adapter.jdbc.WrapperDat
    aSource] to required type [org.springframework.jndi.JndiObjectFactoryBean] for property 'dataSource': no matching editors or conversion strategy found
    I don't really understand! what's this WrapperDataSource class!? I made a little search, and I'm wondering if I have to write a custom propertyEditor for this class...


    Does someone has an idea!?

    Any comments about this approach are welcome as well...
    Last edited by filot; Aug 9th, 2007, 10:51 AM.

  • #2
    Have you looked at the exisiting container adapters? There is one for JBoss.

    Comment


    • #3
      Hello Luke,

      I made a little research about the Jboss adapter. Mainly I read this blog:

      http://www.jroller.com/eyallupu/entr..._about_acegi_s

      I have the feeling that here we describe how to translate an Acegi Authentication to a Jboss authentication.

      Right!?

      Actually what I want is rather to translate a Jboss context to an Acegi one. I would like to keep my Jboss authentication. Actually I need this translation to be able to make restrictions on the objects instances access. This is done by Acegi, but it seems to me that I need an Acegi context in order to do that.


      Any feedback!?

      Many thanks.

      Comment


      • #4
        The problem is solved, or at least it's now running without excpetions.

        the class should also extends "JdbcDaoSupport" :P. That's why it was not working.

        Code:
        public class J2EEtoAcegiUserDetails  extends JdbcDaoSupport implements UserDetailsService {
        ...
        However, it doesn't seem to do work as I expected... but at least there is no more exceptions for the moment.


        Thanks a lot for your help. Please if you have any comment or remarks don't hesitate.

        Comment


        • #5
          Hello again,

          actually, as I said, the code is not working as I expected it to do.

          The interceptor doesn't seem to be working... And the method loadClassByUserName is never called in the class J2EEtoAcegiUserDetails (defined above...). I came back to the default class "org.acegisecurity.userdetails.jdbc.JdbcDaoImp l" for the "userDetailsJDBCDaoImpl", but the problem still the same: the interceptor is never called.

          Actually I put System.out.println()'s inside the "around()" method (also defined above), and they never appear on the console...

          Is it normal!?
          Last edited by filot; Aug 14th, 2007, 02:38 AM.

          Comment


          • #6
            Sorry, it was a mistake.

            the "objectDefinitionSource" property was not defined correctly. :P

            I will write here any progress I make.

            Comment

            Working...
            X