9 Replies Latest reply: Apr 25, 2012 9:20 AM by Randall Hauch RSS

Configuration using AuthenticationProvider/AuthorizationProvider

djg2002 Newbie

This is sort of a continuation of the previous thread I had on this but since I've figured out the issues I had with loading the JcrEngine I figured it warrants a new thread.


Everything works fine as anonymous, so I've removed JAAS config, and revoked anonymous access in the config below. I followed the outline in docs section 6.5.2

My CustomAuthenticationProvider is instantiated by Spring and the SecurityContextis injected into it, but the public ExecutionContext authenticate(...) method never gets called. 


I put@PostConstruct methods to confirm everything is getting configured so any idea why I don't get the providers CustomSecurityContext?  Classes also below for reference




    <mode:repository jcr:name="tbuk_repository" mode:source="file_system_source">

       <mode:options jcr:primaryType="mode:options">

           <jaasLoginConfigName jcr:primaryType="mode:option"  mode:value="" />

           <anonymousUserRoles jcr:primaryType="mode:option"  mode:value="" />



           <mode:authenticationProvider jcr:name="customModeshapeAuthenticationProvider"

                                  mode:classname="com.uk.tech.jcr.security.CustomAuthenticationProvider" />




<mode:sources jcr:primaryType="nt:unstructured">

   <mode:source jcr:name="file_system_source" mode:classname="org.modeshape.connector.filesystem.FileSystemSource" ...


my AuthenticationProvider:

@Configurable (preConstruction = true)

public class CustomAuthenticationProvider implements AuthenticationProvider {


    SecurityContext securityContext;

    private static final Logger log = LogUtil.getLogger();


    public void postC() {

        // This is executed ok

        if (securityContext != null) {

            log.info("In @PostConstruct, SecurityContext class : " + securityContext.getClass().getName());


        else {

            log.warn("In @PostConstruct, SecurityContext is NULL");




    public ExecutionContext authenticate(Credentials credentials, String repositoryName, String workspaceName, ExecutionContext repositoryContext, Map<String, Object> sessionAttributes) {

        // Doesn't get executed

        log.info("Enriching ExecutionContext with SecurityContext for user {}", securityContext.getUserName());

        System.out.println("\n\n\n&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\n\n\n"); // Make any execution stand out a mile

        return repositoryContext.with(securityContext);




my SecurityContext:



public class CustomSecurityContextImpl implements SecurityContext, AuthorizationProvider {



    CustomUserDetailsManager userDetailsManager;



    WorkspaceRole workspaceRole;


    private static final Logger log = LogUtil.getLogger();



    public void postC() {

        // Executes ok, but rest of the methods are never called

        log.info("In @PostConstruct {}");