-
1. Re: @RequireAuthentication doesn't work
ibek Sep 15, 2012 3:47 PM (in response to ibek)Does the @RequireAuthentication work for anybody or is it a bug? I would like to figure out what I do wrong otherwise.
Simply I have @Remote SecuredService and its implementation (SecuredServiceImpl with @Service and @RequireAuthentication annotations) and I call it through RPC with injected Caller<SecuredService>. I really don't have any idea what can be wrong except it's a bug.
-
2. Re: @RequireAuthentication doesn't work
cbrock Sep 17, 2012 1:53 PM (in response to ibek)Can you give me more information on what you're doing? Are you using CDI?
-
3. Re: @RequireAuthentication doesn't work
ibek Sep 18, 2012 8:41 AM (in response to cbrock)Hi Mike,
sure I can and yes I use CDI.
Here is the current implementation of securedServiceImpl.
@ApplicationScoped
@Service
@RequireAuthentication
public class SecuredServiceImpl implements SecuredService {
@Inject
private Logger _log; // that's provided by Resources with @Produces
@Inject
private DataManager _dm; // that's stateless bean
@Inject
private UserService _us; // this is also @Service but without @RequiredAuthentication
private RequestDispatcher _dispatcher = ErraiBus.getDispatcher(); // I have plan to use it later but now it isn't.
methods ... public Data getPrivateData(params) {...}
}
On the client side I have:
@Inject
private Caller<SecuredService> securedService;
private void someMethod() {
securedService.call(new RemoteCallback<List<Scheme>>() {
@Override
public void callback(List<Data> response) {
action
}
}, new ErrorCallback() {
@Override
public boolean error(Message message, Throwable throwable) {
display.error(...);
return false;
}
}).getPrivateData(...);
}
And that's all, really simple example. All works fine except of the @RequireAuthentication. When the user is not connected, the getPrivateData is also called instead of returning message with SecurityChallenge command to "LoginClient".
.
-
4. Re: @RequireAuthentication doesn't work
cbrock Sep 18, 2012 11:45 AM (in response to ibek)So, that is your problem, unfortunately. Our security framework is *only* for our Guice-based server-side framework. We don't currently have a security framework for CDI. In fact, we're not planning on maintaining one ourselves. Instead, we've pointed users to Seam Security, and in the future we will be standardizing on the security framework which comes out of the Apaceh DeltaSpike project.
-
5. Re: @RequireAuthentication doesn't work
ibek Sep 19, 2012 6:45 AM (in response to cbrock)Thank you, I will try to do that differently then. Good to know ... maybe I will try to use own interceptor to check the user is authenticated.
-
6. Re: @RequireAuthentication doesn't work
ibek Sep 21, 2012 10:48 AM (in response to ibek)1 of 1 people found this helpfulI confirm that it really works with my own security interceptor. Here is the interceptor that I created:
@RequireAuthentication // it's my own annotation with @InterceptorBinding for this interceptor
@Interceptor
public class SecurityInterceptor implements Serializable {
private static final long serialVersionUID = -6545213208008101417L;
@Inject
MessageBus bus;
public SecurityInterceptor() {
}
@AroundInvoke
public Object isAuthenticated(InvocationContext invocationContext)
throws Exception {
HttpSession session = RpcContext.getHttpSession();
if (session != null && check the session that user is authenticated) {
return invocationContext.proceed();
} else {
MessageBuilder.createMessage()
.toSubject("LoginClient")
.command(SecurityCommands.SecurityChallenge)
.getMessage().sendNowWith(bus);
return null;
}
}
}