Announcement Announcement Module
Collapse
No announcement yet.
No AbstractIntegrationFilter in 0.8.2? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • No AbstractIntegrationFilter in 0.8.2?

    Hi,
    I have been using Acegi for a while and recently upgraded to 0.8.2 so I can run Spring 1.2 RC2 so I can run Hibernate 3.0. :? I developed a class that inherits from net.sf.acegisecurity.ui.AbstractIntegrationFilter, but in 0.8.2 this class no longer exists! I can't find any mention of its removal in the change log or anything. This was a very helpful class that I would like to have back.

    Thanks,
    Matt

  • #2
    It was removed as all logic related to context management moved to HttpSessionContextIntegrationFilter (and HttpRequestIntegrationFilter for the benefit of Contanier Adapters). What did your subclass do? There might be another way if I understand its purpose...

    Comment


    • #3
      The purpose of the subclass was to retrieve login information from an external security system. Users will log in to our website using Plone/Zope (our content manager). Then, they could possibly enter my system, which is an online registration system. When they do so, this filter is run for every request and gets their current login information from Zope (their username, privileges, etc.). My subclass then translates what Zope gives me and puts it into an Authentication object.

      My subclass overrode the following method:
      Code:
          public Object extractFromContainer(ServletRequest request)
      Using the request variable, it got the info from Zope and returned the Authentication object so it could be stored in the SecureContext.

      How would you recommend I go about doing this in the new version of Acegi? Thanks for your prompt reply.

      Comment


      • #4
        You could probably just extend the AbstractProcessingFilter and implement the abstract attemptAuthentication(HttpServletRequest) method.

        Comment


        • #5
          Mr. Krueger,
          Thanks for your reply. I tried extending AbstractProcessingFilter instead, and it is not working. The filter never seems to get executed, even though it is in the web.xml filter's definitions and in the application context. I am wondering if this has to do with the filterProcessesUrl and the String getDefaultFilterProcessesUrl() method. I do not know what to set these to be if I want the filter to run on every "secure" request as it did in the past. Here is my bean setup:

          Code:
          	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
          		<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
          		<property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>
          	</bean>
          
          	<bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          		<property name="loginFormUrl"><value>/explainLogin.do</value></property>
          		<property name="forceHttps"><value>false</value></property>
          	</bean>
          
          	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
          		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
          		<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
          		<property name="objectDefinitionSource">
          			<value>
          			PATTERN_TYPE_APACHE_ANT
          			/secure/admin/**=ROLE_ADMIN
          			/secure/staff/**=ROLE_ADMIN,ROLE_STAFF
          			/secure/**=ROLE_REGISTRANT,ROLE_STAFF,ROLE_ADMIN
          			</value>
          		</property>
          	</bean>
          
          	<bean id="authenticationManager" class="org.dm.daniel.hope.web.util.HopeAuthenticationManager"/>
          	
          	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
          		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
          		<property name="decisionVoters">
          			<list>
          				<ref local="roleVoter"/>
          			</list>
          		</property>
          	</bean>
          
          	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
          
          	<bean id="externalAuthIntegrationFilter" class="org.dm.daniel.hope.web.util.ExternalAuthIntegrationFilter">
          		<property name="defaultTargetUrl"><value>/secure/index.do</value></property>
          		<property name="authenticationFailureUrl"><value>/explainLogin.do</value></property>
          		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
          		<property name="filterProcessesUrl"><value>?</value></property>
          		<property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
          	</bean>
          Keep in mind, I have upgraded the acegi jar file from 0.7 to 0.8.2, but I haven't changed anything else except my "externalAuthIntegrationFilter" class.

          Comment


          • #6
            If you've upgraded from 0.7.0 to 0.8.2, there are some other classes that have shifted around.
            http://acegisecurity.sourceforge.net...e-070-080.html

            You should be using the FilterChainProxy in your web.xml. Configured with an HttpSessionContextIntegrationFilter, your externalAuthIntegrationFilter, and the securityEnforcementFilter.

            For example...
            Code:
                <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
                  <property name="filterInvocationDefinitionSource">
                     <value>
                                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                                PATTERN_TYPE_APACHE_ANT
                                /secure/**=httpSessionContextIntegrationFilter,externalAuthIntegrationFilter, securityEnforcementFilter
                     </value>
                  </property>
                </bean>
            Maybe you have it already, but you didn't include it in the xml you pasted. So hopefully this helps you out.

            Comment


            • #7
              Mr. Krueger,
              Thank you again for your helpful reply. With your pointers and some hacking around, I have been able to get my program working again with Acegi.

              The solution ended up looking as follows: I eventually realized that the AbstractProcessingFilter is not the class I wanted to derive my own class from. It seems to be written to take a request submitted by a login form and decide whether to authenticate the user.

              What I am trying to do is the following: the users for my system will log in on a part of the website that is totally disconnected from my application. (the login process is governed by Plone/Zope). Then, they will enter my program, and my program needs to go to Zope and retrieve the current user's authentication information for *every* request to my system. So I eventually found that what I want is to do something like what the HttpSessionContextIntegrationFilter does, except my authentication information is stored in Zope, not the Session.

              So I wrote a class based on HttpSessionContextIntegrationFilter as follows:

              Code:
              /*
               * Filter for extracting the user's authentication data from an external system.
               * <p>
               * Based on net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter by
               * Ben Alex, Patrick Burleson.
               * 
               * @author pattonm
               * @version $Revision&#58; 1.5 $
               */
              public class ExternalAuthIntegrationFilter implements Filter &#123;
              	protected static Logger logger = Logger.getLogger&#40;ExternalAuthIntegrationFilter.class&#41;;
              
                  public void init&#40;FilterConfig filterConfig&#41; throws ServletException &#123;&#125;
              
                  public void destroy&#40;&#41; &#123;&#125;
                  
                  public void doFilter&#40;ServletRequest request, ServletResponse response,
                          FilterChain chain&#41; throws IOException, ServletException &#123;
                      if &#40;ContextHolder.getContext&#40;&#41; != null&#41; &#123;
                          logger.warn&#40;"ContextHolder should have been null but contained&#58; '" +
                                  ContextHolder.getContext&#40;&#41; + "'; setting to null now"&#41;;
              
                          ContextHolder.setContext&#40;null&#41;;
                      &#125;
              
                      SecureContext c = new SecureContextImpl&#40;&#41;;
                      c.setAuthentication&#40;retrieveAuthFromExternal&#40;request&#41;&#41;;
                      ContextHolder.setContext&#40;c&#41;;
              
                      if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                          logger.debug&#40;
                                  "Setup ContextHolder with a new instance&#58; '"
                                  + ContextHolder.getContext&#40;&#41; + "'"&#41;;
                      &#125;
                      
                      // Proceed with chain
                      chain.doFilter&#40;request, response&#41;;
              
                      // Remove ContextHolder contents
                      ContextHolder.setContext&#40;null&#41;;
              
                      if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                          logger.debug&#40;
                          	"ContextHolder set to null as request processing completed"&#41;;
                      &#125;
                  &#125;
                  
                  
                  /*
                   * Gets the authentication data from the external system.
                   * 
                   * @param request The request object for this HTTP request.
                   * @return The authentication object containing the user's data.
                   */
                  public Authentication retrieveAuthFromExternal&#40;ServletRequest request&#41; throws AuthenticationException &#123;
              ...
                  &#125;
              &#125;
              Does this code look right to you? I guess I basically just reinvented the code that AbstractIntegrationFilter gave me before. Btw, I'd still love to have this class back and I guess I still don't understand why you got rid of it. Thanks for your help!

              Comment


              • #8
                Good to see you got there in the end. http://forum.springframework.org/viewtopic.php?t=4558 also discusses a similar need, this time from SiteMinder. Integration with external CMSs seems like a common requirement.

                Comment

                Working...
                X