Announcement Announcement Module
Collapse
No announcement yet.
Rich Client - HttpInvoker - Security Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rich Client - HttpInvoker - Security

    Hello,

    i have develop a rich client proyect that use httpinvoker, but security dont work in the server, all request made in client are successful, i dont know what is wrong,
    i read the forum and the code that implement is:

    my aplicationcontext.xml is
    Code:
    ?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    
    <beans>
    
       <bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
          <property name="key"><value>my_run_as_password</value></property>
       </bean>
    
       <bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
            <property name="key"><value>my_run_as_password</value></property>
        </bean>
    
       <bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider">
            <property name="key"><value>my_password</value></property>
        </bean>
    
    	<bean id="remoteAuthenticationManager" class="net.sf.acegisecurity.providers.rcp.RemoteAuthenticationManagerImpl">
            <property name="authenticationManager">
                <ref bean="authenticationManager"/>
            </property>
        </bean>
    
        <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
            <property name="providers">
                <list>
                    <ref local="daoAuthenticationProvider"/>
                    <ref local="runAsAuthenticationProvider"/>
              <ref local="authByAdapterProvider"/>
                </list>
            </property>
        </bean>
    
        <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
            <property name="authenticationDao">
                <ref local="inMemoryDaoImpl"/>
            </property>
        </bean>
    
        <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
            <property name="userMap">
                <value>
                    admin=admin,ROLE_USER,ROLE_SUPERVISOR
                    dianne=emu,ROLE_USER
                    scott=wombat,ROLE_TELLER
                    peter=opal,disabled,ROLE_TELLER
                </value>
            </property>
        </bean>
    
        <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
            <property name="allowIfAllAbstainDecisions">
                <value>false</value>
            </property>
            <property name="decisionVoters">
                <list>
                    <ref local="roleVoter"/>
                </list>
            </property>
        </bean>
    
       <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    
        <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
            <property name="authenticationManager">
                <ref local="authenticationManager"/>
            </property>
            <property name="authenticationEntryPoint">
                <ref local="basicProcessingFilterEntryPoint"/>
            </property>
        </bean>
    
        <bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
            <property name="realmName">
                <value>Contacts Realm</value>
            </property>
        </bean>
    
        <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
           <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property>
        </bean>	
    
       <bean id="MainFacadeSecurityManager" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
          <property name="authenticationManager"><ref local="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
          <property name="runAsManager"><ref local="runAsManager"/></property>
          <property name="objectDefinitionSource">
             <value>
                 MainFacade.*=ROLE_SUPERVISOR
             </value>
          </property>
       </bean>
       
    	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
                    <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
                    <property name="url"><value>jdbc&#58;mysql&#58;//127.0.0.1/Contable</value></property>
                    <property name="username"><value>root</value></property>
                    <property name="password"><value>pass</value></property>
        </bean>
    
    	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
    		<property name="dataSource"><ref local="dataSource"/></property>
    		<property name="mappingResources">
    			<value>Usuario.hbm.xml</value>
    		</property>
    		<property name="hibernateProperties">
    			<props>
    				<prop key="hibernate.show_sql">true</prop>
    				<prop key="hibernate.dialect">org.hibernate.dialect.MySQLMyISAMDialect</prop>
    				<prop key="hibernate.hbm2ddl.auto">update</prop>
    			</props>
    		</property>
    	</bean>
    
    	<bean id="hibernateTemplate" class="org.springframework.orm.hibernate3.HibernateTemplate">
    		<property name="sessionFactory"><ref bean="sessionFactory"/></property>
    	</bean>
    
    	<bean id="usuarioDao" class="HibernateUsuarioDao">
    		<property name="hibernateTemplate">
    			<ref bean="hibernateTemplate"/>
    		</property>
    	</bean>	
    	
    	<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    		<property name="sessionFactory"><ref local="sessionFactory"/></property>
    	</bean>
    
       <bean id="mainFacade" class="MainFacadeImpl">   
    		<property name="usuarioDao"><ref bean="usuarioDao"/></property>   
       </bean>
       
        <bean id="mainFacadeProxy" class="org.springframework.aop.framework.ProxyFactoryBean">
          <property name="proxyInterfaces"><value>MainFacade</value></property>
          <property name="interceptorNames">
             <list>
                <idref local="MainFacadeSecurityManager"/>
             </list>
          </property>
          <property name="target">
                  <ref bean="mainFacade"/>
          </property>
       </bean>
    
    	<bean id="mainFacadeManager" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
    		<property name="transactionManager"><ref bean="transactionManager"/></property>
    		<property name="target"><ref bean="mainFacadeProxy"/></property>
    		<property name="transactionAttributes">
    			<props>
    				<prop key="get*">PROPAGATION_REQUIRED</prop>
    				<prop key="load*">PROPAGATION_REQUIRED</prop>
    				<prop key="set*">PROPAGATION_REQUIRED</prop>				
    				<prop key="find*">PROPAGATION_REQUIRED</prop>
    				<prop key="store*">PROPAGATION_REQUIRED</prop>
    				<prop key="changePassword">PROPAGATION_REQUIRED</prop>
    			</props>
    		</property>
    	</bean>
    
        <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
          <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
          <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
       </bean>
    
    	    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
                <property name="authenticationManager">
                    <ref local="authenticationManager"/>
                </property>
                <property name="accessDecisionManager">
                    <ref local="accessDecisionManager"/>
                </property>
                <property name="objectDefinitionSource">
                    <value>
                     CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                     PATTERN_TYPE_APACHE_ANT
                    /**=ROLE_USER
                    </value>
                </property>
            </bean>
    
    </beans>
    my web.xml is
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http&#58;//java.sun.com/dtd/web-app_2_3.dtd'>
    
    <web-app>
    
     <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/applicationContext.xml</param-value>
     </context-param>
    
    
          <filter>
               <filter-name>Acegi_HTTP_BASIC_Authorization_Filter</filter-name>
               <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
               <init-param>
                 <param-name>targetClass</param-name>
                 <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
               </init-param>
             </filter>
    
     <filter>
    <filter-name>HttpSessionContextIntegrationFilter</filter-name>
    <filter-class>net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter</filter-class>
    </filter>
    
    
         <filter>
            <filter-name>Acegy_http_request_security_filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                 <param-name>targetClass</param-name>
                 <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
            </init-param>
        </filter>
    
             <filter-mapping>
               <filter-name>Acegi_HTTP_BASIC_Authorization_Filter</filter-name>
               <url-pattern>/**</url-pattern>
             </filter-mapping>
    
             <filter-mapping>
               <filter-name>HttpSessionContextIntegrationFilter</filter-name>
               <url-pattern>/**</url-pattern>
             </filter-mapping>
    
            <filter-mapping>
               <filter-name>Acegy_http_request_security_filter</filter-name>
               <url-pattern>/**</url-pattern>
             </filter-mapping>
    
    
    
        <!-- Listener to initialize the spring application context -->
          <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
          </listener>
    	
       <servlet>
          <servlet-name>server</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <load-on-startup>2</load-on-startup>
       </servlet>
    
       <servlet-mapping>
          <servlet-name>server</servlet-name>
          <url-pattern>/remoting/*</url-pattern>
       </servlet-mapping>
    
    	 <session-config>
      <session-timeout>10</session-timeout>
     </session-config>
    	
    </web-app>
    and my server-servlet.xml is

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
       
    <beans>
    
       <bean name="/MainFacade" class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
          <property name="service"><ref bean="mainFacadeManager"/></property>
          <property name="serviceInterface">
             <value>MainFacade</value>
          </property>
       </bean>
    		
    </beans>

    thx

  • #2
    I had the same problem. When I removed the authentication providers except for one, and changed the voting accessDecisionManager to UnanimousBased, it worked correctly again.

    I am still trying to understand what is going on there.

    Erik.

    Comment


    • #3
      What does your server-side debug log say? Is it trying to authorize each method, or is it assuming they're public (unsecured) methods?

      Comment


      • #4
        thx, but already solve the problem, i have problem in tomcat

        Comment

        Working...
        X