Announcement Announcement Module
Collapse
No announcement yet.
proper security configuration with SessionFactory Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • proper security configuration with SessionFactory

    Hello again. Is there somewhere proper configuration example or tutorial using spring, spring security and hibernate + sessionFactory?

    In this one http://stackoverflow.com/questions/2...with-hibernate is missing how to proper config web.xml a despatcher-servlet.xml

    First my error was "No bean named ... is defined", so i moved bean definitions from dispatcher-servlet.xml in to applicationContext-common-business.xml a add to web.xml (Beans in despatcher are loaded via component-scan)

    Code:
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/applicationContext-common-business.xml 
    			/WEB-INF/applicationContext-security.xml
    		</param-value>
    	</context-param>
    Than some NullPointers -userDAO, sessionFactory, ...

    Code:
    	<bean name="userDetailsService"
    		class="cz.xkadle21.dip.service.impl.DiUserContextSecurityService" >
    		 <constructor-arg ref="userDAO" /> 
    		 <constructor-arg ref="securityUserFactory" /> 		
    	</bean>
    	
    	<bean id="securityUserFactory" class="cz.xkadle21.dip.factory.impl.DiSecurityUserFactory" />
    	<bean id="userDAO" class="cz.xkadle21.dip.dao.impl.DiUserDAO" >
    		<property name="sessionFactory" ref="sessionFactory" />
    	</bean>
    	
    
    	<bean id="propertyConfigurer"
    		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
    		p:location="/WEB-INF/jdbc.properties" />
    
    	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
    		destroy-method="close" p:driverClassName="${hibernate.connection.driver_class}"
    		p:url="${hibernate.connection.url}" p:username="${hibernate.connection.username}"
    		p:password="${hibernate.connection.password}" />
    
    
    	<bean id="sessionFactory"
    		class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
    		<property name="dataSource" ref="dataSource" />
    		<property name="configLocation">
    			<value>classpath:hibernate.cfg.xml</value>
    		</property>
    
    
    		<property name="configurationClass">
    			<value>org.hibernate.cfg.AnnotationConfiguration</value>
    		</property>
    		<property name="hibernateProperties">
    			<props>
    				<prop key="hibernate.show_sql">true</prop>
    				<!-- <prop key="hibernate.hbm2ddl.auto">update</prop> -->
    			</props>
    		</property>
    	</bean>
    ... fixed via injecting beans via contrustors and properties, but now iam facing

    Code:
    SEVERE: Servlet.service() for servlet spring threw exception
    org.hibernate.HibernateException: No Hibernate Session bound to thread, and configuration does not allow creation of non-transactional one here
    	at org.springframework.orm.hibernate3.SpringSessionContext.currentSession(SpringSessionContext.java:63)
    	at org.hibernate.impl.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:544)
    	at cz.xkadle21.dip.dao.ADiHibernateGenericDAO.findByCriteria(ADiHibernateGenericDAO.java:118)
    	at cz.xkadle21.dip.dao.impl.DiUserDAO.findUserByUsername(DiUserDAO.java:84)
    But how is that possible? Calling function has annotation @Transaction.
    I think it's wrong somethink in my configuration.

    Code:
    @Service("userDetailsService")
    public class DiUserContextSecurityService implements UserDetailsService,
    		IDiUserContextSecurityService {
    
    	private IDiUserDAO userDao;
    
    	private IDiSecurityUserFactory securityUserFactory;
    
    	@Autowired
    	public DiUserContextSecurityService(IDiUserDAO userDAO,
    			IDiSecurityUserFactory securityUserFactory) {
    		super();
    		this.userDao = userDAO;
    		this.securityUserFactory = securityUserFactory;
    	}
    
    	public Authentication getCurrentUser() {
    		return SecurityContextHolder.getContext().getAuthentication();
    	}
    
    	@Transactional
    	public User loadUserByUsername(String username) {
    
    		DiUser user = userDao.findUserByUsername(username);
    
    		UserDetails userDetails = null;
    
    		if (user != null) {
    
    			throw new UsernameNotFoundException("user not found");
    		}
    
    		return securityUserFactory.buildSecurityUserFromEntity(user);
    	}
    
    }

  • #2
    I answer myself

    in the applicationContext-common-business.xml was missing

    Code:
    	<tx:jta-transaction-manager />
    
    	<tx:annotation-driven />
    
    	<bean id="transactionManager"
    		class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    		<property name="sessionFactory" ref="sessionFactory" />
    	</bean>
    Now it seems work finally corectly

    EDIT - when i moved this from despatcher-servlet.xml to applicationContext-common-business.xml, than stop working (No hibernate thred found ...) rest of application, sou i put this to both config files (despatcher-servlet.xml and despatcher-servlet.xml) and now seems FINALLY working. But i have bad feeling about this. Iam not sure, if this is correct configuration ...
    Last edited by rizler; Mar 13th, 2011, 02:43 PM.

    Comment

    Working...
    X