Announcement Announcement Module
Collapse
No announcement yet.
SecurityContextHolder.getAuthentication().getAutho rities() returning only one ROLE Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SecurityContextHolder.getAuthentication().getAutho rities() returning only one ROLE

    I have a web application with Spring 2.5.6, Icefaces 1.8.2 and SpringSecurity 2.0.5.

    I've implemented my custom UserDetailsServiceImpl who searchs the user and roles in DB. Everything works nice. I return a UserDetails with more than one role for that User.

    Later in the application I call SecurityContextHolder.getAuthentication().getAutho rities() for obtaining the GrantedAuthority[] authorities but this array only contains one element.

    How could it be possible? Any help is very appreciated. I attach my UserDetailsServiceImpl and applicationContext-security.xml

    UserDetailsServiceImpl.java
    Code:
    public class UserDetailServiceImpl implements UserDetailsService {
    
        private UsuarioService usuarioService;
        private static final Logger log = LoggerFactory.getLogger(UserDetailServiceImpl.class);
    
        public UserDetails loadUserByUsername(String username)
                throws UsernameNotFoundException, DataAccessException {
    
            CviUsuarios usr = usuarioService.findUsuarioByUsername(username);
    
            if (usr == null) {
                throw new UsernameNotFoundException("No existe usuario");
            }
            
            List<CviPermisos> perList = usuarioService.cargaListaPermisos(usr.getUsuId());
    
            GrantedAuthority[] authorities = new GrantedAuthorityImpl[perList.size()];
            int i = 0;
            for (CviPermisos per : perList) {
                authorities[i] = new GrantedAuthorityImpl(per.getPerDescabrv());
                i++;
            }
    
            boolean accountEnabled = true;
    
            boolean accountNonLocked = usuarioService.getLoginAttempts(usr.getUsuId()) < Integer.valueOf(StaticDataUtils.variableSistemaMap.get("reintentos_login"));
            boolean accountNonExpired = true;
            boolean credentialsNonExpired = usr.getUsuFechaCaducidad() != null ? usr.getUsuFechaCaducidad().compareTo(new Date()) > 0 : true;
            
            UserDetails usrDtl = new User(usr.getUsuLogin(), usr.getUsuPassword(), accountEnabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
            
            if (!accountNonLocked) {
                throw new LockedException("User account is locked", usrDtl);
            }
    
            if (!accountNonExpired) {
                throw new AccountExpiredException("User account has expired", usrDtl);
    
            }
    
            if (!credentialsNonExpired) {
                throw new CredentialsExpiredException("User account has expired", usrDtl);
            }
    
            if (!accountEnabled) {
                throw new DisabledException("User account is disabled", usrDtl);
            }
            
            //UserBean userBean = (UserBean)FacesUtils.getManagedBean("userBean");
            //userBean.initialize();
            return usrDtl;
        }
    
        public void setUsuarioService(UsuarioService usuarioService) {
            this.usuarioService = usuarioService;
        }

  • #2
    applicationContext-security.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    
    	<beans:bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
    		<beans:property name="filterInvocationDefinitionSource">
    			<beans:value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			</beans:value>
    		</beans:property>
    	</beans:bean>
    
    	<beans:bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
    
    	<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
    		<beans:constructor-arg value="/login.iface"/> <!-- URL redirected to after logout -->
    		<beans:constructor-arg>
    			<beans:list>
    				<beans:ref bean="rememberMeServices"/>
    				<beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
    			</beans:list>
    		</beans:constructor-arg>
    	</beans:bean>
    
    	<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    		<beans:property name="authenticationManager" ref="authenticationManager"/>
    		<beans:property name="authenticationFailureUrl" value="/accessDenied.iface"/>
    		<beans:property name="defaultTargetUrl" value="/"/>
    		<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
    		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
    	</beans:bean>
    
    	<beans:bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
    
    	<beans:bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
    		<beans:property name="authenticationManager" ref="authenticationManager"/>
    		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
    	</beans:bean>
    
    	<beans:bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
    		<beans:property name="key" value="changeThis"/>
    		<beans:property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
    	</beans:bean>
    
    	<beans:bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
    		<beans:property name="authenticationEntryPoint">
    			<beans:bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    				<beans:property name="loginFormUrl" value="/login.iface"/>
    				<beans:property name="forceHttps" value="false"/>
    			</beans:bean>
    		</beans:property>
    		<beans:property name="accessDeniedHandler">
    			<beans:bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
    				<beans:property name="errorPage" value="/accessDenied.iface"/>
    			</beans:bean>
    		</beans:property>
    	</beans:bean>
    
    	<beans:bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    		<beans:property name="authenticationManager" ref="authenticationManager"/>
    		<beans:property name="accessDecisionManager">
    			<beans:bean class="org.springframework.security.vote.AffirmativeBased">
    				<beans:property name="allowIfAllAbstainDecisions" value="false"/>
    				<beans:property name="decisionVoters">
    					<beans:list>
    						<beans:bean class="org.springframework.security.vote.RoleVoter"/>
    						<beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
    					</beans:list>
    				</beans:property>
    			</beans:bean>
    		</beans:property>
    		<beans:property name="objectDefinitionSource">
    			<beans:value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/secure/**=ROLE_TOTAL,ROLE_GESTION,ROLE_USUARIOS
    				/**=IS_AUTHENTICATED_ANONYMOUSLY
    			</beans:value>
    		</beans:property>
    	</beans:bean>
    
    	<beans:bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
    		<beans:property name="userDetailsService" ref="userDetailsService"/>
    		<beans:property name="key" value="changeThis"/>
    	</beans:bean>
    
    	<beans:bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
    		<beans:property name="providers">
    			<beans:list>
    				<beans:ref local="daoAuthenticationProvider"/>
    				<beans:bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
    					<beans:property name="key" value="changeThis"/>
    				</beans:bean>
    				<beans:bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
    					<beans:property name="key" value="changeThis"/>
    				</beans:bean>
    			</beans:list>
    		</beans:property>
    	</beans:bean>
    
    	<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    		<!--
                    <beans:property name="passwordEncoder">
                        <beans:bean class="es.prointec.bu.supex.web.gestion.security.Md5PasswordEncoder">
                            <beans:property name="encodeHashAsBase64" value="true"/>
                        </beans:bean>
                    </beans:property>
                    -->
                    <beans:property name="userDetailsService" ref="userDetailsService"/>
    		<beans:property name="userCache">
    			<beans:bean class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
    				<beans:property name="cache">
    					<beans:bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    						<beans:property name="cacheManager">
    							<beans:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    						</beans:property>
    						<beans:property name="cacheName" value="userCache"/>
    					</beans:bean>
    				</beans:property>
    			</beans:bean>
    		</beans:property>
    	</beans:bean>
    	
            <beans:bean id="userDetailsService" class="es.prointec.bu.supex.web.gestion.security.UserDetailServiceImpl">
    		<beans:property name="usuarioService" ref="usuarioService" />
    	</beans:bean>
            <!--
            <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
    		<beans:property name="userProperties">
    			<beans:bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    				<beans:property name="location" value="classpath:user.properties"/>
    			</beans:bean>
    		</beans:property>
    	</beans:bean>
    	-->
        <!--
    	<beans:bean id="authenticationController" class="es.prointec.gcp.web.user.AuthenticationController" scope="session">
             <beans:property name="authenticationManager"><beans:ref bean="authenticationManager"/></beans:property>
         </beans:bean>
    	-->
    	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
    	<beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
            <beans:bean id="accessDeniedBean" class="es.prointec.bu.supex.web.gestion.proxy.AccessDeniedBean" />
            <!--
            <beans:bean id="authenticationListener" class="es.prointec.bu.supex.web.gestion.security.AuthenticationListener">
                <beans:property name="usuarioService" ref="usuarioService" />
                <beans:property name="staticDataUtils" ref="StaticDataUtils" />
                <beans:property name="accessDeniedBean" ref="accessDeniedBean" />
            </beans:bean>
            -->
    </beans:beans>

    Comment

    Working...
    X