9 Replies Latest reply: Apr 25, 2012 9:20 AM by Randall Hauch RSS

    Configuration using AuthenticationProvider/AuthorizationProvider

    djg2002 Newbie

      This is sort of a continuation of the previous thread I had on this but since I've figured out the issues I had with loading the JcrEngine I figured it warrants a new thread.

       

      Everything works fine as anonymous, so I've removed JAAS config, and revoked anonymous access in the config below. I followed the outline in docs section 6.5.2

      My CustomAuthenticationProvider is instantiated by Spring and the SecurityContextis injected into it, but the public ExecutionContext authenticate(...) method never gets called. 

       

      I put@PostConstruct methods to confirm everything is getting configured so any idea why I don't get the providers CustomSecurityContext?  Classes also below for reference

       


      Config:


      <mode:repositories>

          <mode:repository jcr:name="tbuk_repository" mode:source="file_system_source">


             <mode:options jcr:primaryType="mode:options">

                 <jaasLoginConfigName jcr:primaryType="mode:option"  mode:value="" />

                 <anonymousUserRoles jcr:primaryType="mode:option"  mode:value="" />

             </mode:options>


             <mode:authenticationProviders>

                 <mode:authenticationProvider jcr:name="customModeshapeAuthenticationProvider"

                                        mode:classname="com.uk.tech.jcr.security.CustomAuthenticationProvider" />

                 </mode:authenticationProviders>

          </mode:repository>

      </mode:repositories>


      <mode:sources jcr:primaryType="nt:unstructured">

         <mode:source jcr:name="file_system_source" mode:classname="org.modeshape.connector.filesystem.FileSystemSource" ...

      .../>



      my AuthenticationProvider:


      @Configurable (preConstruction = true)

      public class CustomAuthenticationProvider implements AuthenticationProvider {


          @Autowired

          SecurityContext securityContext;


          private static final Logger log = LogUtil.getLogger();


          @PostConstruct

          public void postC() {


              // This is executed ok

              if (securityContext != null) {

                  log.info("In @PostConstruct, SecurityContext class : " + securityContext.getClass().getName());

              }

              else {

                  log.warn("In @PostConstruct, SecurityContext is NULL");

              }

          }


          @Override

          public ExecutionContext authenticate(Credentials credentials, String repositoryName, String workspaceName, ExecutionContext repositoryContext, Map<String, Object> sessionAttributes) {


              // Doesn't get executed

              log.info("Enriching ExecutionContext with SecurityContext for user {}", securityContext.getUserName());


              System.out.println("\n\n\n&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\n\n\n"); // Make any execution stand out a mile


              return repositoryContext.with(securityContext);

          }

      }


       

      my SecurityContext:

       

      @Component

      public class CustomSecurityContextImpl implements SecurityContext, AuthorizationProvider {

       

          @Autowired

          CustomUserDetailsManager userDetailsManager;

       

          @Autowired

          WorkspaceRole workspaceRole;

       

          private static final Logger log = LogUtil.getLogger();

       

          @PostConstruct

          public void postC() {

              // Executes ok, but rest of the methods are never called

              log.info("In @PostConstruct {}");

          }

       

      ...

       

      }