Announcement Announcement Module
Collapse
No announcement yet.
Groups implementation using spring-security-core-2.0.2 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Groups implementation using spring-security-core-2.0.2

    Hello Friends,

    We have implemented spring security framework to our web application in which we have used :
    Code:
    <jdbc-user-service id="jdbcUserService" data-source-ref="dataSource"    
    	    users-by-username-query="select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?"               
    	    authorities-by-username-query="select u.username as username,am.rolename as authority from usermaster u, rolemaster am, usermst_rolemst au where u.userid=au.userid and au.roleid=am.roleid and u.username=?" 
    	  />
    It works successfully..

    Now we want to implement "groups" in application we modify the above code as
    Code:
    <jdbc-user-service id="jdbcUserService" data-source-ref="dataSource" 
        group-authorities-by-username-query="select g.groupid as id, g.groupName as group_name, r.roleName as authority	from groupmaster g, GROUPMST_ROLEMST gr, GROUPMST_USERMST gu, usermaster u, rolemaster r where u.USERNAME=?  and u.userid=gu.USERID and gu.GROUPID=g.GROUPID and g.GROUPID=gr.GROUPID and gr.ROLEID=r.ROLEID"
        users-by-username-query="select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?"  
        authorities-by-username-query="select u.username as username,am.rolename as authority from usermaster u, rolemaster am, usermst_rolemst au where u.userid=au.userid and au.roleid=am.roleid and u.username=?" 
         />
    and also make changes in JdbcDaoImpl.java
    Code:
    enableAuthorities = true;
    enableGroups= true;
    But while running server we find during debugging that both
    authorities-by-username-query and group-authorities-by-username-query are same as below :
    Code:
    [DEBUG,JdbcDaoImpl$UsersByUsernameMapping,main] RdbmsOperation with SQL [select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?] compiled
    [DEBUG,JdbcDaoImpl$UsersByUsernameMapping,main] RdbmsOperation with SQL [select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?] compiled
    [DEBUG,JdbcDaoImpl$AuthoritiesByUsernameMapping,main] RdbmsOperation with SQL [select g.groupid as id, g.groupName as group_name, r.roleName as authority from groupmaster g, GROUPMST_ROLEMST gr, GROUPMST_USERMST gu, usermaster u, rolemaster r where u.USERNAME=?  and u.userid=gu.USERID and gu.GROUPID=g.GROUPID and g.GROUPID=gr.GROUPID and gr.ROLEID=r.ROLEID] compiled
    [DEBUG,JdbcDaoImpl$AuthoritiesByUsernameMapping,main] RdbmsOperation with SQL [select g.groupid as id, g.groupName as group_name, r.roleName as authority from groupmaster g, GROUPMST_ROLEMST gr, GROUPMST_USERMST gu, usermaster u, rolemaster r where u.USERNAME=?  and u.userid=gu.USERID and gu.GROUPID=g.GROUPID and g.GROUPID=gr.GROUPID and gr.ROLEID=r.ROLEID] compiled
    [DEBUG,JdbcDaoImpl$GroupAuthoritiesByUsernameMapping,main] RdbmsOperation with SQL [select g.groupid as id, g.groupName as group_name, r.roleName as authority	from groupmaster g, GROUPMST_ROLEMST gr, GROUPMST_USERMST gu, usermaster u, rolemaster r where u.USERNAME=?  and u.userid=gu.USERID and gu.GROUPID=g.GROUPID and g.GROUPID=gr.GROUPID and gr.ROLEID=r.ROLEID] compiled
    [DEBUG,JdbcDaoImpl$GroupAuthoritiesByUsernameMapping,main] RdbmsOperation with SQL [select g.groupid as id, g.groupName as group_name, r.roleName as authority	from groupmaster g, GROUPMST_ROLEMST gr, GROUPMST_USERMST gu, usermaster u, rolemaster r where u.USERNAME=?  and u.userid=gu.USERID and gu.GROUPID=g.GROUPID and g.GROUPID=gr.GROUPID and gr.ROLEID=r.ROLEID] compiled
    and also find while debuging that when it executes :

    Code:
    /**
         * Query object to look up a user's authorities.
         */
        private class AuthoritiesByUsernameMapping extends MappingSqlQuery {
            protected AuthoritiesByUsernameMapping(DataSource ds) {
                super(ds, authoritiesByUsernameQuery);
                declareParameter(new SqlParameter(Types.VARCHAR));
                compile();
            }
    it takes group Query..

    Can any body guide me that where I am wrong during configuration...

  • #2
    I don't understand what you mean when you say you are modifying JdbcDaoImpl and also using the <jdbc-user-service> namespace. <jdbc-user-service> creates a JdbcDaoImpl. Are you using both?

    Comment


    • #3
      Hello Luke...

      No I m not implementing Both i am just using namespace <jdbc-user-service> and on debugging i found that it comes in JdbcDaoImpl class for compiling query.
      I mean say for implementing groups we have to make
      Code:
      enableGroups = true;
      as default it is false and their is no namespace provided to set it to true.

      So i change in JdbcDaoImpl.java for enableGroups=true and nothing more.

      my context file is as below :
      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <!--
        - Application context containing authentication, channel
        - security and web URI beans.
        -
        - Only used by "filter" artifact.
        -
        - $Id: applicationContext-security.xml  2008-08-23 [email protected] $
        -->
      
      <b:beans xmlns="http://www.springframework.org/schema/security"
          xmlns:b="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns:tx="http://www.springframework.org/schema/tx"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                              http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
                              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
      
      
          <http auto-config="false" realm="Sets Realm" lowercase-comparisons="false" create-session="ifRequired">
          
              <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER"/>
                     
              <!-- authentication for /dwr, /struts -->
      
              <intercept-url pattern="/dwr/**" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER"/>     
              <intercept-url pattern="/struts/**" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER"/>
      
          
              <!--END : OTHER AUTHENTICATION ADDED AS REQUIRED -->
                      
              <intercept-url pattern="/**" access="ROLE_USER"/>        
              
              <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" always-use-default-target="true" default-target-url="/LoginSuccess.action"/>
              
              <logout logout-success-url="/mod/admin/logout.jsp" invalidate-session="true"/>             
              
              <concurrent-session-control max-sessions="100"  expired-url="/mod/admin/sessionexpired.jsp" exception-if-maximum-exceeded="true"/>
              
              <anonymous />
              
              <remember-me user-service-ref="jdbcUserService"/>
            <!-- HTTPS IMPL   
               <port-mappings >
              <port-mapping https="8443" http="8080"/>
              </port-mappings>
            -->  
          </http>
          
      	<!--  ****** for role query *******
      	 <jdbc-user-service id="jdbcUserService" data-source-ref="dataSource"    
      	    users-by-username-query="select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?"               
      	    authorities-by-username-query="select u.username as username,am.rolename as authority from usermaster u, rolemaster am, usermst_rolemst au where u.userid=au.userid and au.roleid=am.roleid and u.username=?" 
      	  />
      	 --> 
      	  
         <!-- ******* for group query ******* --> 
          <jdbc-user-service id="jdbcUserService" data-source-ref="dataSource" 
          group-authorities-by-username-query="select g.groupid as id, g.groupName as group_name, r.roleName as authority	from groupmaster g, GROUPMST_ROLEMST gr, GROUPMST_USERMST gu, usermaster u, rolemaster r where u.USERNAME=?  and u.userid=gu.USERID and gu.GROUPID=g.GROUPID and g.GROUPID=gr.GROUPID and gr.ROLEID=r.ROLEID"
          authorities-by-username-query="select u.username as username,am.rolename as authority from usermaster u, rolemaster am, usermst_rolemst au where u.userid=au.userid and au.roleid=am.roleid and u.username=?" 
          users-by-username-query="select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?"  
           />
       
          
         <authentication-provider user-service-ref="jdbcUserService"> 
             <password-encoder hash="sha" base64="true">                 
             </password-encoder>     
         </authentication-provider> 
      
         <!-- Automatically receives AuthenticationEvent messages -->
       <b:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
            
      </b:beans>
      i had done any thing wrong in configuration
      Last edited by vijay kumar chauhan; Jun 4th, 2009, 12:49 AM.

      Comment


      • #4
        Hello Friends,

        Our issue is solved but we have changed spring-security-core-2.0.2 source code.

        After debugging through various mapping in
        Code:
        <jdbc-user-service id="jdbcUserService" data-source-ref="dataSource"    
        	    users-by-username-query="select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?"               
        	    authorities-by-username-query="select u.username as username,am.rolename as authority from usermaster u, rolemaster am, usermst_rolemst au where u.userid=au.userid and au.roleid=am.roleid and u.username=?" 
        	  />
        we found that while using group query, authority query is over write by group query.
        single authority query works fantastic no issue.
        If may be due to configuration with namespace due to which it does not takes both group-authority-by-username and authority-by-username query simultanously.

        So we remove both query from
        Code:
         <jdbc-user-service id="jdbcUserService" data-source-ref="dataSource"    
        	    users-by-username-query="select u.username as username,u.password as password,u.enabled as enabled from usermaster u where u.username=?" />
        and write these queries in JdbcDaoImpl.java file and make enableAuthorities and enableGroups to true

        And Now our application work fine. It fetches both authorites by authority query and also fetches authorities from group to which user belongs if present.

        thanks to all memebers

        Comment

        Working...
        X