You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Animesh Jain <an...@itasveer.com> on 2008/09/07 17:11:00 UTC
Stuck - authentication works but authorization is not working.
Hi
I'm a newbie to jsecurity so I might be missing something in my config here.
My authentication is happening fine, but when I try to do a role check I get
a java.util.NoSuchElementException. Let me explain my config -
I've made a new Realm called HibernateSecurityRealm and have implemented the
doGetAuthenticationInfo
doGetAuthorizationInfo
methods. Here's the implementation code snippet
--- code start ---
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
// Null username is invalid
if (username == null) {
throw new AccountException("Null usernames are not allowed by this
realm.");
}
String password = userSecurityDao.getPasswordForUser(username);
if (password == null) {
throw new UnknownAccountException("No account found for user [" +
username + "]");
}
return buildAuthenticationInfo(username, password.toCharArray());
}
protected AuthenticationInfo buildAuthenticationInfo(String username,
char[] password) {
return new SimpleAuthenticationInfo(username, password, getName());
}
/**
* This implementation of the interface expects the principals collection
to return a String username keyed off of
* this realm's {@link #getName() name}
*
* @see
AuthorizingRealm#getAuthorizationInfo(org.jsecurity.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
//null usernames are invalid
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument
cannot be null.");
}
String username = (String)
principals.fromRealm(getName()).iterator().next();
// Retrieve roles and permissions from database
Set<String> roleNames = userSecurityDao.getRoleNamesForUser(username);
Set<String> permissions= userSecurityDao.getPermissions(username,
roleNames);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
info.setStringPermissions(permissions);
return info;
}
--- code end ---
Now whenever I'm calling something like
getSecurityManager().login(token);
in my action. the call to doGetAuthenticationInfo is happening just fine.
But when I try to do something like
getSecurityManager().getSubject().hasRole("XYZ")
I get the NoSuchElementException exception.
Please help. Let me know if there's something more to be implemented when
creating a realm.
Re: Stuck - authentication works but authorization is not working.
Posted by Les Hazlewood <lh...@apache.org>.
Ah, this helps greatly.
In a web app, the best thing to do is configure JSecurity in web.xml via the
ini format. The JSecurityFilter will acquire the SecurityManager and enable
SecurityUtils automatically, as long as there is a Configuration class that
can be used.
For example, in Spring-based webapps, we have a SpringIniWebConfiguration
implementation to support this (
http://jsecurity.svn.sourceforge.net/viewvc/jsecurity/trunk/support/spring/src/org/jsecurity/spring/SpringIniWebConfiguration.java?revision=868&view=markup
).
The best thing to do would be to create a GuiceIniWebConfiguration that does
the same thing and then use it in web.xml:
<filter>
<filter-name>JSecurityFilter</filter-name>
<filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class>
<init-param>
<param-name>configClassName</param-name>
<param-value>com.domain.my.package.GuiceIniWebConfiguration</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>
# config as specified in the JSecurityFilter JavaDoc (
http://jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html)
</param-value>
</init-param>
</filter>
...
filter-mapping here.
Then you can use SecurityUtils.getSubject() anywhere in your code and not
worry about anything else.
If you create this GuiceIniWebConfiguration class, please contribute it back
to the project - we'll be happy to maintain it!
Thanks,
Les
On Sun, Sep 7, 2008 at 4:16 PM, Animesh Jain <an...@itasveer.com> wrote:
> Yup this is a web-app. I'm using Guice for dependency injection so you can
> think of that as a replacement for Spring. I could send you the whole app
> too so you'd see what I see. I'm pretty sure there's nothing wrong with the
> dependency injection here. Because as I said after the login action I'm able
> to obtain an instance of the subject in a separate action class by calling
>
> Subject subject = getSecurityManager().getSubject()
>
> Here getSecurityManager() gets me an injected SecurityManager correctly
> with my realm properly configured and all. Right after this line if I call
>
> subject.hasRole("XYZ")
>
> the error gets thrown up.
>
> - Animesh
>
>
>
> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>
>> Is this a web app? I.e. is there a web.xml file somewhere?
>>
>> Also, is this a spring application?
>>
>>
>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Ok here's the deal..
>>>
>>> I'm injecting a DefaultWebSecurityManager into my action classes, which
>>> has my HibernateSecurityRealm set correctly. So calling
>>>
>>> Subject subject = getSecurityManager().getSubject();
>>>
>>> is giving me the correct currently logged in user. But strangely when I
>>> debug the subject instance after getting it, the securityManager it shows is
>>> not the same - it has a real called
>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>
>>> I was not using the SecurityUtils class and had not explicitly set a
>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>
>>> So where's the subject instance getting the different implementation from
>>>
>>> Animesh
>>>
>>>
>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>
>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if you
>>>> haven't correctly configured a realm yourself. What does your JSecurity
>>>> configuration look like?
>>>>
>>>>
>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>
>>>>> Les,
>>>>>
>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>> one I implemented).
>>>>>
>>>>> Any thoughts.
>>>>>
>>>>> Animesh
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>
>>>>>> Oops! I should have looked at the stacktrace closer. This is unrelated
>>>>>> to Jsecurity. I've been working on an integration of Stripes+Guice+Warp
>>>>>> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
>>>>>> error I assumed it was because of that :P. So I'll close it here.. maybe
>>>>>> I'll drop you an email if I feel I need your help.
>>>>>>
>>>>>> Stacktrace:
>>>>>>
>>>>>> exception
>>>>>>
>>>>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>>>>> exception in exception handler.
>>>>>>
>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>
>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>
>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>
>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>
>>>>>> root cause
>>>>>>
>>>>>> java.util.NoSuchElementException
>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>
>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>
>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>
>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>
>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>
>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>
>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>
>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>
>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>
>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>
>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>
>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lhazlewood@apache.org
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi Animesh,
>>>>>>>
>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>>>>>>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>>>>> with how a collection is being used, either iterated by JSecurity, or
>>>>>>> something happening in your DAO layer.
>>>>>>>
>>>>>>> Please include the stacktrace - it is very hard to debug without it
>>>>>>> ;)
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Les
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Hi Les
I finally opened a Jira for the Guice integration. Let me know if
something's missing. I couldn't get url based authentication to work
though.. I'll start a thread about it on the mailing list later.
Cheers
Animesh
--------------------------
http://twitter.com/animeshjain
On Sun, Sep 14, 2008 at 8:32 PM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Animesh,
>
> This is good stuff, thanks very much!
>
> Could you please open an issue in our Jira (
> https://issues.apache.org/jira/browse/JSEC) and attach that class?
>
> Also, since we are an ASF 2.0 licensed project, please indicate in the
> issue comment that your contribution is submitted under the ASF 2.0 license
> to the ASF.
>
> Once you've done that, I can add it in asap. Since 0.9 final is very close
> to being released, it won't be able to make it in for 0.9, but we can have
> it in immediately after that.
>
> Thanks again,
>
> Les
>
>
> On Sun, Sep 14, 2008 at 2:41 AM, Animesh Jain <an...@itasveer.com>wrote:
>
>> Here's what I have write now
>>
>> ----------------------------------------
>>
>> public class GuiceWebConfiguration extends IniWebConfiguration {
>>
>> public static final String INJECTOR_FACTORY_CLASS =
>> "InjectorFactoryClass";
>> public static final String INJECTOR_FACTORY_METHOD =
>> "InjectorFactoryMethod";
>>
>> private static final Log log =
>> LogFactory.getLog(GuiceWebConfiguration.class);
>>
>> protected Injector injector;
>>
>> public Injector getInjector() {
>> return injector;
>> }
>>
>> public void setInjector(Injector injector) {
>> this.injector = injector;
>> }
>>
>> public GuiceWebConfiguration() {
>> }
>>
>> @Override
>> public void init() throws JSecurityException {
>> String className =
>> getFilterConfig().getInitParameter(INJECTOR_FACTORY_CLASS);
>> String methodName =
>> getFilterConfig().getInitParameter(INJECTOR_FACTORY_METHOD);
>> /*
>> Get injector from a class which holds an instance for this
>> application. I had a static method in a class that returns the injector.
>> I've put the class name and method name in filter init params.
>> */
>> try {
>> Class clazz = Class.forName(className);
>> Method method = clazz.getMethod(methodName);
>> Injector injector = (Injector) method.invoke(null);
>> setInjector(injector);
>> } catch (ClassNotFoundException e) {
>> log.error("Injector factory class not found - "+className, e);
>> throw new JSecurityException("Injector factory class not found -
>> "+methodName, e);
>> } catch (NoSuchMethodException e) {
>> log.error("Injector factory method not found - "+methodName+" in
>> class "+className, e);
>> throw new JSecurityException("Injector factory method not found -
>> "+methodName+" in class "+className, e);
>> } catch (InvocationTargetException e) {
>> log.error("InvocationTargetException when trying to invoke -
>> "+methodName+" in class "+className, e);
>> throw new JSecurityException("InvocationTargetException when trying
>> to invoke - "+methodName+" in class "+className, e);
>> } catch (IllegalAccessException e) {
>> log.error("IllegalAccessException when trying to invoke -
>> "+methodName+" in class "+className, e);
>> throw new JSecurityException("IllegalAccessException when trying to
>> invoke - "+methodName+" in class "+className, e);
>> }
>> super.init();
>> }
>>
>> @Override
>> protected SecurityManager createDefaultSecurityManager() {
>> return createSecurityManager(null);
>> }
>>
>> @Override
>> protected SecurityManager createSecurityManager(Map<String, Map<String,
>> String>> sections) {
>> return getOrCreateSecurityManager(injector, sections);
>> }
>>
>> protected SecurityManager getOrCreateSecurityManager(Injector injector,
>> Map<String, Map<String, String>> sections) {
>> System.out.println("Trying to create Security Manager");
>> SecurityManager securityManager = null;
>> if (injector != null) {
>> /*
>> The security manager is obtained using the Guice injector.
>> Typically one will have to use a custom provider and bind it to the
>> DefaultWebSecurityManager class
>> This is the way Guice handles external configuration
>> */
>> securityManager =
>> injector.getInstance(DefaultWebSecurityManager.class);
>> SecurityUtils.setSecurityManager(securityManager);
>> } else {
>> throw new JSecurityException("Injector is null. Cannot instantiate
>> security manager");
>> }
>>
>> return securityManager;
>>
>> }
>>
>> }
>>
>>
>> On Sun, Sep 14, 2008 at 12:05 PM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Hey..
>>>
>>> Finally found some time and got things working. Wrote a
>>> GuiceWebConfiguration as you suggested with some effort. Not sure if its
>>> good enough for inclusion in Jsecurity, although I'll share whatever I have
>>> here. Should I email the class to you Les?
>>>
>>> Animesh
>>>
>>>
>>> On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>
>>>> Ok now it makes sense. I completely forgot about the filter! Will go to
>>>> sleep now (late night in my part of the world) and update when I figure this
>>>> out.
>>>>
>>>> Thanks a lot for the help Les :)
>>>>
>>>> - Animesh
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>
>>>>> The realm needs to be injected into the security manager only once:
>>>>>
>>>>> securityManager.setRealm(realm);
>>>>>
>>>>> This will ensure the lazily-created PropertiesRealm (the
>>>>> fallback/failsafe one) is not created.
>>>>>
>>>>> In a web app, the JSecurityFilter ensures SecurityUtils is set up
>>>>> properly. In a standalone application, you need to call
>>>>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
>>>>> framework like Spring or Guice.
>>>>>
>>>>>
>>>>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>
>>>>>> Well how does subject get its securityManager / realm. That may throw
>>>>>> some light onto whether the realm needs to be injected elsewhere too.
>>>>>>
>>>>>> - Animesh
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>
>>>>>>> Yup this is a web-app. I'm using Guice for dependency injection so
>>>>>>> you can think of that as a replacement for Spring. I could send you the
>>>>>>> whole app too so you'd see what I see. I'm pretty sure there's nothing wrong
>>>>>>> with the dependency injection here. Because as I said after the login action
>>>>>>> I'm able to obtain an instance of the subject in a separate action class by
>>>>>>> calling
>>>>>>>
>>>>>>> Subject subject = getSecurityManager().getSubject()
>>>>>>>
>>>>>>> Here getSecurityManager() gets me an injected SecurityManager
>>>>>>> correctly with my realm properly configured and all. Right after this line
>>>>>>> if I call
>>>>>>>
>>>>>>> subject.hasRole("XYZ")
>>>>>>>
>>>>>>> the error gets thrown up.
>>>>>>>
>>>>>>> - Animesh
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>>>
>>>>>>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>>>>>>
>>>>>>>> Also, is this a spring application?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>>>
>>>>>>>>> Ok here's the deal..
>>>>>>>>>
>>>>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes,
>>>>>>>>> which has my HibernateSecurityRealm set correctly. So calling
>>>>>>>>>
>>>>>>>>> Subject subject = getSecurityManager().getSubject();
>>>>>>>>>
>>>>>>>>> is giving me the correct currently logged in user. But strangely
>>>>>>>>> when I debug the subject instance after getting it, the securityManager it
>>>>>>>>> shows is not the same - it has a real called
>>>>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>>>>>>
>>>>>>>>> I was not using the SecurityUtils class and had not explicitly set
>>>>>>>>> a SecurityManager using SecurityUtils.setSecurityManager(). Is that
>>>>>>>>> required. Anyway I now added it too but that has had no effect. Still the
>>>>>>>>> same error.
>>>>>>>>>
>>>>>>>>> So where's the subject instance getting the different
>>>>>>>>> implementation from
>>>>>>>>>
>>>>>>>>> Animesh
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>>>>>
>>>>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used
>>>>>>>>>> if you haven't correctly configured a realm yourself. What does your
>>>>>>>>>> JSecurity configuration look like?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <
>>>>>>>>>> animesh@itasveer.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Les,
>>>>>>>>>>>
>>>>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>>>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>>>>>>>> one I implemented).
>>>>>>>>>>>
>>>>>>>>>>> Any thoughts.
>>>>>>>>>>>
>>>>>>>>>>> Animesh
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <
>>>>>>>>>>> animesh@itasveer.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last remaining thing
>>>>>>>>>>>> and when I got the error I assumed it was because of that :P. So I'll close
>>>>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>>>>>>
>>>>>>>>>>>> Stacktrace:
>>>>>>>>>>>>
>>>>>>>>>>>> exception
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException:
>>>>>>>>>>>> Unhandled exception in exception handler.
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>>>
>>>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>>>
>>>>>>>>>>>> root cause
>>>>>>>>>>>>
>>>>>>>>>>>> java.util.NoSuchElementException
>>>>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>>>>>>
>>>>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>>>
>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>>>>>>
>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>>>>>>
>>>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>>>
>>>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>>>
>>>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>>>>>>> lhazlewood@apache.org> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Animesh,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't
>>>>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm assuming this has
>>>>>>>>>>>>> to do with how a collection is being used, either iterated by JSecurity, or
>>>>>>>>>>>>> something happening in your DAO layer.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please include the stacktrace - it is very hard to debug
>>>>>>>>>>>>> without it ;)
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Les
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Les Hazlewood <lh...@apache.org>.
Hi Animesh,
This is good stuff, thanks very much!
Could you please open an issue in our Jira (
https://issues.apache.org/jira/browse/JSEC) and attach that class?
Also, since we are an ASF 2.0 licensed project, please indicate in the issue
comment that your contribution is submitted under the ASF 2.0 license to the
ASF.
Once you've done that, I can add it in asap. Since 0.9 final is very close
to being released, it won't be able to make it in for 0.9, but we can have
it in immediately after that.
Thanks again,
Les
On Sun, Sep 14, 2008 at 2:41 AM, Animesh Jain <an...@itasveer.com> wrote:
> Here's what I have write now
>
> ----------------------------------------
>
> public class GuiceWebConfiguration extends IniWebConfiguration {
>
> public static final String INJECTOR_FACTORY_CLASS =
> "InjectorFactoryClass";
> public static final String INJECTOR_FACTORY_METHOD =
> "InjectorFactoryMethod";
>
> private static final Log log =
> LogFactory.getLog(GuiceWebConfiguration.class);
>
> protected Injector injector;
>
> public Injector getInjector() {
> return injector;
> }
>
> public void setInjector(Injector injector) {
> this.injector = injector;
> }
>
> public GuiceWebConfiguration() {
> }
>
> @Override
> public void init() throws JSecurityException {
> String className =
> getFilterConfig().getInitParameter(INJECTOR_FACTORY_CLASS);
> String methodName =
> getFilterConfig().getInitParameter(INJECTOR_FACTORY_METHOD);
> /*
> Get injector from a class which holds an instance for this application.
> I had a static method in a class that returns the injector.
> I've put the class name and method name in filter init params.
> */
> try {
> Class clazz = Class.forName(className);
> Method method = clazz.getMethod(methodName);
> Injector injector = (Injector) method.invoke(null);
> setInjector(injector);
> } catch (ClassNotFoundException e) {
> log.error("Injector factory class not found - "+className, e);
> throw new JSecurityException("Injector factory class not found -
> "+methodName, e);
> } catch (NoSuchMethodException e) {
> log.error("Injector factory method not found - "+methodName+" in
> class "+className, e);
> throw new JSecurityException("Injector factory method not found -
> "+methodName+" in class "+className, e);
> } catch (InvocationTargetException e) {
> log.error("InvocationTargetException when trying to invoke -
> "+methodName+" in class "+className, e);
> throw new JSecurityException("InvocationTargetException when trying
> to invoke - "+methodName+" in class "+className, e);
> } catch (IllegalAccessException e) {
> log.error("IllegalAccessException when trying to invoke -
> "+methodName+" in class "+className, e);
> throw new JSecurityException("IllegalAccessException when trying to
> invoke - "+methodName+" in class "+className, e);
> }
> super.init();
> }
>
> @Override
> protected SecurityManager createDefaultSecurityManager() {
> return createSecurityManager(null);
> }
>
> @Override
> protected SecurityManager createSecurityManager(Map<String, Map<String,
> String>> sections) {
> return getOrCreateSecurityManager(injector, sections);
> }
>
> protected SecurityManager getOrCreateSecurityManager(Injector injector,
> Map<String, Map<String, String>> sections) {
> System.out.println("Trying to create Security Manager");
> SecurityManager securityManager = null;
> if (injector != null) {
> /*
> The security manager is obtained using the Guice injector.
> Typically one will have to use a custom provider and bind it to the
> DefaultWebSecurityManager class
> This is the way Guice handles external configuration
> */
> securityManager =
> injector.getInstance(DefaultWebSecurityManager.class);
> SecurityUtils.setSecurityManager(securityManager);
> } else {
> throw new JSecurityException("Injector is null. Cannot instantiate
> security manager");
> }
>
> return securityManager;
>
> }
>
> }
>
>
> On Sun, Sep 14, 2008 at 12:05 PM, Animesh Jain <an...@itasveer.com>wrote:
>
>> Hey..
>>
>> Finally found some time and got things working. Wrote a
>> GuiceWebConfiguration as you suggested with some effort. Not sure if its
>> good enough for inclusion in Jsecurity, although I'll share whatever I have
>> here. Should I email the class to you Les?
>>
>> Animesh
>>
>>
>> On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Ok now it makes sense. I completely forgot about the filter! Will go to
>>> sleep now (late night in my part of the world) and update when I figure this
>>> out.
>>>
>>> Thanks a lot for the help Les :)
>>>
>>> - Animesh
>>>
>>>
>>> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>>>
>>>> The realm needs to be injected into the security manager only once:
>>>>
>>>> securityManager.setRealm(realm);
>>>>
>>>> This will ensure the lazily-created PropertiesRealm (the
>>>> fallback/failsafe one) is not created.
>>>>
>>>> In a web app, the JSecurityFilter ensures SecurityUtils is set up
>>>> properly. In a standalone application, you need to call
>>>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
>>>> framework like Spring or Guice.
>>>>
>>>>
>>>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>
>>>>> Well how does subject get its securityManager / realm. That may throw
>>>>> some light onto whether the realm needs to be injected elsewhere too.
>>>>>
>>>>> - Animesh
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>
>>>>>> Yup this is a web-app. I'm using Guice for dependency injection so you
>>>>>> can think of that as a replacement for Spring. I could send you the whole
>>>>>> app too so you'd see what I see. I'm pretty sure there's nothing wrong with
>>>>>> the dependency injection here. Because as I said after the login action I'm
>>>>>> able to obtain an instance of the subject in a separate action class by
>>>>>> calling
>>>>>>
>>>>>> Subject subject = getSecurityManager().getSubject()
>>>>>>
>>>>>> Here getSecurityManager() gets me an injected SecurityManager
>>>>>> correctly with my realm properly configured and all. Right after this line
>>>>>> if I call
>>>>>>
>>>>>> subject.hasRole("XYZ")
>>>>>>
>>>>>> the error gets thrown up.
>>>>>>
>>>>>> - Animesh
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>>
>>>>>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>>>>>
>>>>>>> Also, is this a spring application?
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>>
>>>>>>>> Ok here's the deal..
>>>>>>>>
>>>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes,
>>>>>>>> which has my HibernateSecurityRealm set correctly. So calling
>>>>>>>>
>>>>>>>> Subject subject = getSecurityManager().getSubject();
>>>>>>>>
>>>>>>>> is giving me the correct currently logged in user. But strangely
>>>>>>>> when I debug the subject instance after getting it, the securityManager it
>>>>>>>> shows is not the same - it has a real called
>>>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>>>>>
>>>>>>>> I was not using the SecurityUtils class and had not explicitly set a
>>>>>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>>>>>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>>>>>>
>>>>>>>> So where's the subject instance getting the different implementation
>>>>>>>> from
>>>>>>>>
>>>>>>>> Animesh
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>>>>
>>>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if
>>>>>>>>> you haven't correctly configured a realm yourself. What does your JSecurity
>>>>>>>>> configuration look like?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <animesh@itasveer.com
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Les,
>>>>>>>>>>
>>>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>>>>>>> one I implemented).
>>>>>>>>>>
>>>>>>>>>> Any thoughts.
>>>>>>>>>>
>>>>>>>>>> Animesh
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <
>>>>>>>>>> animesh@itasveer.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last remaining thing
>>>>>>>>>>> and when I got the error I assumed it was because of that :P. So I'll close
>>>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>>>>>
>>>>>>>>>>> Stacktrace:
>>>>>>>>>>>
>>>>>>>>>>> exception
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException:
>>>>>>>>>>> Unhandled exception in exception handler.
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>>
>>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>>
>>>>>>>>>>> root cause
>>>>>>>>>>>
>>>>>>>>>>> java.util.NoSuchElementException
>>>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>>>>>
>>>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>>
>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>>>>>
>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>>>>>
>>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>>
>>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>>
>>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>>>>>> lhazlewood@apache.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Animesh,
>>>>>>>>>>>>
>>>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't
>>>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm assuming this has
>>>>>>>>>>>> to do with how a collection is being used, either iterated by JSecurity, or
>>>>>>>>>>>> something happening in your DAO layer.
>>>>>>>>>>>>
>>>>>>>>>>>> Please include the stacktrace - it is very hard to debug without
>>>>>>>>>>>> it ;)
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>
>>>>>>>>>>>> Les
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Here's what I have write now
----------------------------------------
public class GuiceWebConfiguration extends IniWebConfiguration {
public static final String INJECTOR_FACTORY_CLASS =
"InjectorFactoryClass";
public static final String INJECTOR_FACTORY_METHOD =
"InjectorFactoryMethod";
private static final Log log =
LogFactory.getLog(GuiceWebConfiguration.class);
protected Injector injector;
public Injector getInjector() {
return injector;
}
public void setInjector(Injector injector) {
this.injector = injector;
}
public GuiceWebConfiguration() {
}
@Override
public void init() throws JSecurityException {
String className =
getFilterConfig().getInitParameter(INJECTOR_FACTORY_CLASS);
String methodName =
getFilterConfig().getInitParameter(INJECTOR_FACTORY_METHOD);
/*
Get injector from a class which holds an instance for this application.
I had a static method in a class that returns the injector.
I've put the class name and method name in filter init params.
*/
try {
Class clazz = Class.forName(className);
Method method = clazz.getMethod(methodName);
Injector injector = (Injector) method.invoke(null);
setInjector(injector);
} catch (ClassNotFoundException e) {
log.error("Injector factory class not found - "+className, e);
throw new JSecurityException("Injector factory class not found -
"+methodName, e);
} catch (NoSuchMethodException e) {
log.error("Injector factory method not found - "+methodName+" in class
"+className, e);
throw new JSecurityException("Injector factory method not found -
"+methodName+" in class "+className, e);
} catch (InvocationTargetException e) {
log.error("InvocationTargetException when trying to invoke -
"+methodName+" in class "+className, e);
throw new JSecurityException("InvocationTargetException when trying to
invoke - "+methodName+" in class "+className, e);
} catch (IllegalAccessException e) {
log.error("IllegalAccessException when trying to invoke -
"+methodName+" in class "+className, e);
throw new JSecurityException("IllegalAccessException when trying to
invoke - "+methodName+" in class "+className, e);
}
super.init();
}
@Override
protected SecurityManager createDefaultSecurityManager() {
return createSecurityManager(null);
}
@Override
protected SecurityManager createSecurityManager(Map<String, Map<String,
String>> sections) {
return getOrCreateSecurityManager(injector, sections);
}
protected SecurityManager getOrCreateSecurityManager(Injector injector,
Map<String, Map<String, String>> sections) {
System.out.println("Trying to create Security Manager");
SecurityManager securityManager = null;
if (injector != null) {
/*
The security manager is obtained using the Guice injector.
Typically one will have to use a custom provider and bind it to the
DefaultWebSecurityManager class
This is the way Guice handles external configuration
*/
securityManager =
injector.getInstance(DefaultWebSecurityManager.class);
SecurityUtils.setSecurityManager(securityManager);
} else {
throw new JSecurityException("Injector is null. Cannot instantiate
security manager");
}
return securityManager;
}
}
On Sun, Sep 14, 2008 at 12:05 PM, Animesh Jain <an...@itasveer.com> wrote:
> Hey..
>
> Finally found some time and got things working. Wrote a
> GuiceWebConfiguration as you suggested with some effort. Not sure if its
> good enough for inclusion in Jsecurity, although I'll share whatever I have
> here. Should I email the class to you Les?
>
> Animesh
>
>
> On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <an...@itasveer.com> wrote:
>
>> Ok now it makes sense. I completely forgot about the filter! Will go to
>> sleep now (late night in my part of the world) and update when I figure this
>> out.
>>
>> Thanks a lot for the help Les :)
>>
>> - Animesh
>>
>>
>> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>>
>>> The realm needs to be injected into the security manager only once:
>>>
>>> securityManager.setRealm(realm);
>>>
>>> This will ensure the lazily-created PropertiesRealm (the
>>> fallback/failsafe one) is not created.
>>>
>>> In a web app, the JSecurityFilter ensures SecurityUtils is set up
>>> properly. In a standalone application, you need to call
>>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
>>> framework like Spring or Guice.
>>>
>>>
>>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>
>>>> Well how does subject get its securityManager / realm. That may throw
>>>> some light onto whether the realm needs to be injected elsewhere too.
>>>>
>>>> - Animesh
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>
>>>>> Yup this is a web-app. I'm using Guice for dependency injection so you
>>>>> can think of that as a replacement for Spring. I could send you the whole
>>>>> app too so you'd see what I see. I'm pretty sure there's nothing wrong with
>>>>> the dependency injection here. Because as I said after the login action I'm
>>>>> able to obtain an instance of the subject in a separate action class by
>>>>> calling
>>>>>
>>>>> Subject subject = getSecurityManager().getSubject()
>>>>>
>>>>> Here getSecurityManager() gets me an injected SecurityManager correctly
>>>>> with my realm properly configured and all. Right after this line if I call
>>>>>
>>>>> subject.hasRole("XYZ")
>>>>>
>>>>> the error gets thrown up.
>>>>>
>>>>> - Animesh
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>
>>>>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>>>>
>>>>>> Also, is this a spring application?
>>>>>>
>>>>>>
>>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>
>>>>>>> Ok here's the deal..
>>>>>>>
>>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes,
>>>>>>> which has my HibernateSecurityRealm set correctly. So calling
>>>>>>>
>>>>>>> Subject subject = getSecurityManager().getSubject();
>>>>>>>
>>>>>>> is giving me the correct currently logged in user. But strangely when
>>>>>>> I debug the subject instance after getting it, the securityManager it shows
>>>>>>> is not the same - it has a real called
>>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>>>>
>>>>>>> I was not using the SecurityUtils class and had not explicitly set a
>>>>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>>>>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>>>>>
>>>>>>> So where's the subject instance getting the different implementation
>>>>>>> from
>>>>>>>
>>>>>>> Animesh
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>>>
>>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if
>>>>>>>> you haven't correctly configured a realm yourself. What does your JSecurity
>>>>>>>> configuration look like?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>>>
>>>>>>>>> Les,
>>>>>>>>>
>>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>>>>>> one I implemented).
>>>>>>>>>
>>>>>>>>> Any thoughts.
>>>>>>>>>
>>>>>>>>> Animesh
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <
>>>>>>>>> animesh@itasveer.com> wrote:
>>>>>>>>>
>>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last remaining thing
>>>>>>>>>> and when I got the error I assumed it was because of that :P. So I'll close
>>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>>>>
>>>>>>>>>> Stacktrace:
>>>>>>>>>>
>>>>>>>>>> exception
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException:
>>>>>>>>>> Unhandled exception in exception handler.
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>
>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>
>>>>>>>>>> root cause
>>>>>>>>>>
>>>>>>>>>> java.util.NoSuchElementException
>>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>>>>
>>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>
>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>>>>
>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>
>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>>>>> lhazlewood@apache.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Animesh,
>>>>>>>>>>>
>>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't
>>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm assuming this has
>>>>>>>>>>> to do with how a collection is being used, either iterated by JSecurity, or
>>>>>>>>>>> something happening in your DAO layer.
>>>>>>>>>>>
>>>>>>>>>>> Please include the stacktrace - it is very hard to debug without
>>>>>>>>>>> it ;)
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>>
>>>>>>>>>>> Les
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Hey..
Finally found some time and got things working. Wrote a
GuiceWebConfiguration as you suggested with some effort. Not sure if its
good enough for inclusion in Jsecurity, although I'll share whatever I have
here. Should I email the class to you Les?
Animesh
On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <an...@itasveer.com> wrote:
> Ok now it makes sense. I completely forgot about the filter! Will go to
> sleep now (late night in my part of the world) and update when I figure this
> out.
>
> Thanks a lot for the help Les :)
>
> - Animesh
>
>
> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>
>> The realm needs to be injected into the security manager only once:
>>
>> securityManager.setRealm(realm);
>>
>> This will ensure the lazily-created PropertiesRealm (the fallback/failsafe
>> one) is not created.
>>
>> In a web app, the JSecurityFilter ensures SecurityUtils is set up
>> properly. In a standalone application, you need to call
>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
>> framework like Spring or Guice.
>>
>>
>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Well how does subject get its securityManager / realm. That may throw
>>> some light onto whether the realm needs to be injected elsewhere too.
>>>
>>> - Animesh
>>>
>>>
>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>
>>>> Yup this is a web-app. I'm using Guice for dependency injection so you
>>>> can think of that as a replacement for Spring. I could send you the whole
>>>> app too so you'd see what I see. I'm pretty sure there's nothing wrong with
>>>> the dependency injection here. Because as I said after the login action I'm
>>>> able to obtain an instance of the subject in a separate action class by
>>>> calling
>>>>
>>>> Subject subject = getSecurityManager().getSubject()
>>>>
>>>> Here getSecurityManager() gets me an injected SecurityManager correctly
>>>> with my realm properly configured and all. Right after this line if I call
>>>>
>>>> subject.hasRole("XYZ")
>>>>
>>>> the error gets thrown up.
>>>>
>>>> - Animesh
>>>>
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>
>>>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>>>
>>>>> Also, is this a spring application?
>>>>>
>>>>>
>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>
>>>>>> Ok here's the deal..
>>>>>>
>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes,
>>>>>> which has my HibernateSecurityRealm set correctly. So calling
>>>>>>
>>>>>> Subject subject = getSecurityManager().getSubject();
>>>>>>
>>>>>> is giving me the correct currently logged in user. But strangely when
>>>>>> I debug the subject instance after getting it, the securityManager it shows
>>>>>> is not the same - it has a real called
>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>>>
>>>>>> I was not using the SecurityUtils class and had not explicitly set a
>>>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>>>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>>>>
>>>>>> So where's the subject instance getting the different implementation
>>>>>> from
>>>>>>
>>>>>> Animesh
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>>
>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if
>>>>>>> you haven't correctly configured a realm yourself. What does your JSecurity
>>>>>>> configuration look like?
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>>
>>>>>>>> Les,
>>>>>>>>
>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>>>>> one I implemented).
>>>>>>>>
>>>>>>>> Any thoughts.
>>>>>>>>
>>>>>>>> Animesh
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <animesh@itasveer.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last remaining thing
>>>>>>>>> and when I got the error I assumed it was because of that :P. So I'll close
>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>>>
>>>>>>>>> Stacktrace:
>>>>>>>>>
>>>>>>>>> exception
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException:
>>>>>>>>> Unhandled exception in exception handler.
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>>>
>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>
>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>
>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>
>>>>>>>>> root cause
>>>>>>>>>
>>>>>>>>> java.util.NoSuchElementException
>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>>>
>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>>>
>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>>>
>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>>>
>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>>>
>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>>>
>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>>>
>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>
>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>>>
>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>>>
>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>>>
>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>
>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>
>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>>>> lhazlewood@apache.org> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Animesh,
>>>>>>>>>>
>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't
>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm assuming this has
>>>>>>>>>> to do with how a collection is being used, either iterated by JSecurity, or
>>>>>>>>>> something happening in your DAO layer.
>>>>>>>>>>
>>>>>>>>>> Please include the stacktrace - it is very hard to debug without
>>>>>>>>>> it ;)
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>>
>>>>>>>>>> Les
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Ok now it makes sense. I completely forgot about the filter! Will go to
sleep now (late night in my part of the world) and update when I figure this
out.
Thanks a lot for the help Les :)
- Animesh
On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <le...@hazlewood.com> wrote:
> The realm needs to be injected into the security manager only once:
>
> securityManager.setRealm(realm);
>
> This will ensure the lazily-created PropertiesRealm (the fallback/failsafe
> one) is not created.
>
> In a web app, the JSecurityFilter ensures SecurityUtils is set up
> properly. In a standalone application, you need to call
> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
> framework like Spring or Guice.
>
>
> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <an...@itasveer.com> wrote:
>
>> Well how does subject get its securityManager / realm. That may throw some
>> light onto whether the realm needs to be injected elsewhere too.
>>
>> - Animesh
>>
>>
>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Yup this is a web-app. I'm using Guice for dependency injection so you
>>> can think of that as a replacement for Spring. I could send you the whole
>>> app too so you'd see what I see. I'm pretty sure there's nothing wrong with
>>> the dependency injection here. Because as I said after the login action I'm
>>> able to obtain an instance of the subject in a separate action class by
>>> calling
>>>
>>> Subject subject = getSecurityManager().getSubject()
>>>
>>> Here getSecurityManager() gets me an injected SecurityManager correctly
>>> with my realm properly configured and all. Right after this line if I call
>>>
>>> subject.hasRole("XYZ")
>>>
>>> the error gets thrown up.
>>>
>>> - Animesh
>>>
>>>
>>>
>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>>>
>>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>>
>>>> Also, is this a spring application?
>>>>
>>>>
>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>
>>>>> Ok here's the deal..
>>>>>
>>>>> I'm injecting a DefaultWebSecurityManager into my action classes, which
>>>>> has my HibernateSecurityRealm set correctly. So calling
>>>>>
>>>>> Subject subject = getSecurityManager().getSubject();
>>>>>
>>>>> is giving me the correct currently logged in user. But strangely when I
>>>>> debug the subject instance after getting it, the securityManager it shows is
>>>>> not the same - it has a real called
>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>>
>>>>> I was not using the SecurityUtils class and had not explicitly set a
>>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>>>
>>>>> So where's the subject instance getting the different implementation
>>>>> from
>>>>>
>>>>> Animesh
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>>
>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if
>>>>>> you haven't correctly configured a realm yourself. What does your JSecurity
>>>>>> configuration look like?
>>>>>>
>>>>>>
>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>
>>>>>>> Les,
>>>>>>>
>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>>>> one I implemented).
>>>>>>>
>>>>>>> Any thoughts.
>>>>>>>
>>>>>>> Animesh
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>>
>>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last remaining thing
>>>>>>>> and when I got the error I assumed it was because of that :P. So I'll close
>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>>
>>>>>>>> Stacktrace:
>>>>>>>>
>>>>>>>> exception
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>>>>>>> exception in exception handler.
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>>
>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>
>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>
>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>
>>>>>>>> root cause
>>>>>>>>
>>>>>>>> java.util.NoSuchElementException
>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>>
>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>>
>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>>
>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>>
>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>>
>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>>
>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>>
>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>
>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>>
>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>>
>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>>
>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>
>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>
>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>>> lhazlewood@apache.org> wrote:
>>>>>>>>
>>>>>>>>> Hi Animesh,
>>>>>>>>>
>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't throw
>>>>>>>>> a NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>>>>>>> with how a collection is being used, either iterated by JSecurity, or
>>>>>>>>> something happening in your DAO layer.
>>>>>>>>>
>>>>>>>>> Please include the stacktrace - it is very hard to debug without it
>>>>>>>>> ;)
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Les
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Les Hazlewood <le...@hazlewood.com>.
The realm needs to be injected into the security manager only once:
securityManager.setRealm(realm);
This will ensure the lazily-created PropertiesRealm (the fallback/failsafe
one) is not created.
In a web app, the JSecurityFilter ensures SecurityUtils is set up properly.
In a standalone application, you need to call
SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
framework like Spring or Guice.
On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <an...@itasveer.com> wrote:
> Well how does subject get its securityManager / realm. That may throw some
> light onto whether the realm needs to be injected elsewhere too.
>
> - Animesh
>
>
> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com> wrote:
>
>> Yup this is a web-app. I'm using Guice for dependency injection so you can
>> think of that as a replacement for Spring. I could send you the whole app
>> too so you'd see what I see. I'm pretty sure there's nothing wrong with the
>> dependency injection here. Because as I said after the login action I'm able
>> to obtain an instance of the subject in a separate action class by calling
>>
>> Subject subject = getSecurityManager().getSubject()
>>
>> Here getSecurityManager() gets me an injected SecurityManager correctly
>> with my realm properly configured and all. Right after this line if I call
>>
>> subject.hasRole("XYZ")
>>
>> the error gets thrown up.
>>
>> - Animesh
>>
>>
>>
>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>>
>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>
>>> Also, is this a spring application?
>>>
>>>
>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>
>>>> Ok here's the deal..
>>>>
>>>> I'm injecting a DefaultWebSecurityManager into my action classes, which
>>>> has my HibernateSecurityRealm set correctly. So calling
>>>>
>>>> Subject subject = getSecurityManager().getSubject();
>>>>
>>>> is giving me the correct currently logged in user. But strangely when I
>>>> debug the subject instance after getting it, the securityManager it shows is
>>>> not the same - it has a real called
>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>
>>>> I was not using the SecurityUtils class and had not explicitly set a
>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>>
>>>> So where's the subject instance getting the different implementation
>>>> from
>>>>
>>>> Animesh
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>>
>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if you
>>>>> haven't correctly configured a realm yourself. What does your JSecurity
>>>>> configuration look like?
>>>>>
>>>>>
>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>
>>>>>> Les,
>>>>>>
>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>>> one I implemented).
>>>>>>
>>>>>> Any thoughts.
>>>>>>
>>>>>> Animesh
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>>
>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last remaining thing
>>>>>>> and when I got the error I assumed it was because of that :P. So I'll close
>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>
>>>>>>> Stacktrace:
>>>>>>>
>>>>>>> exception
>>>>>>>
>>>>>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>>>>>> exception in exception handler.
>>>>>>>
>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>
>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>
>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>
>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>
>>>>>>> root cause
>>>>>>>
>>>>>>> java.util.NoSuchElementException
>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>
>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>
>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>
>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>
>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>
>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>
>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>
>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>
>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>
>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>
>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>
>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>> lhazlewood@apache.org> wrote:
>>>>>>>
>>>>>>>> Hi Animesh,
>>>>>>>>
>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't throw
>>>>>>>> a NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>>>>>> with how a collection is being used, either iterated by JSecurity, or
>>>>>>>> something happening in your DAO layer.
>>>>>>>>
>>>>>>>> Please include the stacktrace - it is very hard to debug without it
>>>>>>>> ;)
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Les
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Well how does subject get its securityManager / realm. That may throw some
light onto whether the realm needs to be injected elsewhere too.
- Animesh
On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <an...@itasveer.com> wrote:
> Yup this is a web-app. I'm using Guice for dependency injection so you can
> think of that as a replacement for Spring. I could send you the whole app
> too so you'd see what I see. I'm pretty sure there's nothing wrong with the
> dependency injection here. Because as I said after the login action I'm able
> to obtain an instance of the subject in a separate action class by calling
>
> Subject subject = getSecurityManager().getSubject()
>
> Here getSecurityManager() gets me an injected SecurityManager correctly
> with my realm properly configured and all. Right after this line if I call
>
> subject.hasRole("XYZ")
>
> the error gets thrown up.
>
> - Animesh
>
>
>
> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>
>> Is this a web app? I.e. is there a web.xml file somewhere?
>>
>> Also, is this a spring application?
>>
>>
>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Ok here's the deal..
>>>
>>> I'm injecting a DefaultWebSecurityManager into my action classes, which
>>> has my HibernateSecurityRealm set correctly. So calling
>>>
>>> Subject subject = getSecurityManager().getSubject();
>>>
>>> is giving me the correct currently logged in user. But strangely when I
>>> debug the subject instance after getting it, the securityManager it shows is
>>> not the same - it has a real called
>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>
>>> I was not using the SecurityUtils class and had not explicitly set a
>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>>> Anyway I now added it too but that has had no effect. Still the same error.
>>>
>>> So where's the subject instance getting the different implementation from
>>>
>>> Animesh
>>>
>>>
>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com>wrote:
>>>
>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if you
>>>> haven't correctly configured a realm yourself. What does your JSecurity
>>>> configuration look like?
>>>>
>>>>
>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>>
>>>>> Les,
>>>>>
>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>>> one I implemented).
>>>>>
>>>>> Any thoughts.
>>>>>
>>>>> Animesh
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>>
>>>>>> Oops! I should have looked at the stacktrace closer. This is unrelated
>>>>>> to Jsecurity. I've been working on an integration of Stripes+Guice+Warp
>>>>>> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
>>>>>> error I assumed it was because of that :P. So I'll close it here.. maybe
>>>>>> I'll drop you an email if I feel I need your help.
>>>>>>
>>>>>> Stacktrace:
>>>>>>
>>>>>> exception
>>>>>>
>>>>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>>>>> exception in exception handler.
>>>>>>
>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>
>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>
>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>
>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>
>>>>>> root cause
>>>>>>
>>>>>> java.util.NoSuchElementException
>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>
>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>
>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>
>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>
>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>
>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>
>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>
>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>
>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>
>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>
>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>
>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>
>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lhazlewood@apache.org
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi Animesh,
>>>>>>>
>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>>>>>>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>>>>> with how a collection is being used, either iterated by JSecurity, or
>>>>>>> something happening in your DAO layer.
>>>>>>>
>>>>>>> Please include the stacktrace - it is very hard to debug without it
>>>>>>> ;)
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Les
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Yup this is a web-app. I'm using Guice for dependency injection so you can
think of that as a replacement for Spring. I could send you the whole app
too so you'd see what I see. I'm pretty sure there's nothing wrong with the
dependency injection here. Because as I said after the login action I'm able
to obtain an instance of the subject in a separate action class by calling
Subject subject = getSecurityManager().getSubject()
Here getSecurityManager() gets me an injected SecurityManager correctly with
my realm properly configured and all. Right after this line if I call
subject.hasRole("XYZ")
the error gets thrown up.
- Animesh
On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <le...@hazlewood.com> wrote:
> Is this a web app? I.e. is there a web.xml file somewhere?
>
> Also, is this a spring application?
>
>
> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com> wrote:
>
>> Ok here's the deal..
>>
>> I'm injecting a DefaultWebSecurityManager into my action classes, which
>> has my HibernateSecurityRealm set correctly. So calling
>>
>> Subject subject = getSecurityManager().getSubject();
>>
>> is giving me the correct currently logged in user. But strangely when I
>> debug the subject instance after getting it, the securityManager it shows is
>> not the same - it has a real called
>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>
>> I was not using the SecurityUtils class and had not explicitly set a
>> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
>> Anyway I now added it too but that has had no effect. Still the same error.
>>
>> So where's the subject instance getting the different implementation from
>>
>> Animesh
>>
>>
>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>>
>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if you
>>> haven't correctly configured a realm yourself. What does your JSecurity
>>> configuration look like?
>>>
>>>
>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>>
>>>> Les,
>>>>
>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>>> one I implemented).
>>>>
>>>> Any thoughts.
>>>>
>>>> Animesh
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>>
>>>>> Oops! I should have looked at the stacktrace closer. This is unrelated
>>>>> to Jsecurity. I've been working on an integration of Stripes+Guice+Warp
>>>>> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
>>>>> error I assumed it was because of that :P. So I'll close it here.. maybe
>>>>> I'll drop you an email if I feel I need your help.
>>>>>
>>>>> Stacktrace:
>>>>>
>>>>> exception
>>>>>
>>>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>>>> exception in exception handler.
>>>>>
>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>
>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>
>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>
>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>
>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>
>>>>> root cause
>>>>>
>>>>> java.util.NoSuchElementException
>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>
>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>
>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>
>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>
>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>
>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>
>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>
>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>
>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>
>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>
>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>
>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>
>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>
>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>
>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>
>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>
>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>
>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>
>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>
>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>
>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>
>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>
>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lh...@apache.org>wrote:
>>>>>
>>>>>> Hi Animesh,
>>>>>>
>>>>>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>>>>>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>>>> with how a collection is being used, either iterated by JSecurity, or
>>>>>> something happening in your DAO layer.
>>>>>>
>>>>>> Please include the stacktrace - it is very hard to debug without it ;)
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Les
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Les Hazlewood <le...@hazlewood.com>.
Is this a web app? I.e. is there a web.xml file somewhere?
Also, is this a spring application?
On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <an...@itasveer.com> wrote:
> Ok here's the deal..
>
> I'm injecting a DefaultWebSecurityManager into my action classes, which has
> my HibernateSecurityRealm set correctly. So calling
>
> Subject subject = getSecurityManager().getSubject();
>
> is giving me the correct currently logged in user. But strangely when I
> debug the subject instance after getting it, the securityManager it shows is
> not the same - it has a real called
> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>
> I was not using the SecurityUtils class and had not explicitly set a
> SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
> Anyway I now added it too but that has had no effect. Still the same error.
>
> So where's the subject instance getting the different implementation from
>
> Animesh
>
>
> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com> wrote:
>
>> The SimpleAccountRealm is a fallback/failsafe realm that is used if you
>> haven't correctly configured a realm yourself. What does your JSecurity
>> configuration look like?
>>
>>
>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Les,
>>>
>>> On second thoughts.. I'm still not sure. Why is it that there's
>>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>>> one I implemented).
>>>
>>> Any thoughts.
>>>
>>> Animesh
>>>
>>>
>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>>
>>>> Oops! I should have looked at the stacktrace closer. This is unrelated
>>>> to Jsecurity. I've been working on an integration of Stripes+Guice+Warp
>>>> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
>>>> error I assumed it was because of that :P. So I'll close it here.. maybe
>>>> I'll drop you an email if I feel I need your help.
>>>>
>>>> Stacktrace:
>>>>
>>>> exception
>>>>
>>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>>> exception in exception handler.
>>>>
>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>
>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>
>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>
>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>
>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>
>>>> root cause
>>>>
>>>> java.util.NoSuchElementException
>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>
>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>
>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>
>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>
>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>
>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>
>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>
>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>
>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>
>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>
>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>
>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>
>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>
>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>
>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>
>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>
>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>
>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>
>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>
>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>
>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>
>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>
>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lh...@apache.org>wrote:
>>>>
>>>>> Hi Animesh,
>>>>>
>>>>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>>>>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>>> with how a collection is being used, either iterated by JSecurity, or
>>>>> something happening in your DAO layer.
>>>>>
>>>>> Please include the stacktrace - it is very hard to debug without it ;)
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Les
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Ok here's the deal..
I'm injecting a DefaultWebSecurityManager into my action classes, which has
my HibernateSecurityRealm set correctly. So calling
Subject subject = getSecurityManager().getSubject();
is giving me the correct currently logged in user. But strangely when I
debug the subject instance after getting it, the securityManager it shows is
not the same - it has a real called
org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
I was not using the SecurityUtils class and had not explicitly set a
SecurityManager using SecurityUtils.setSecurityManager(). Is that required.
Anyway I now added it too but that has had no effect. Still the same error.
So where's the subject instance getting the different implementation from
Animesh
On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <le...@hazlewood.com> wrote:
> The SimpleAccountRealm is a fallback/failsafe realm that is used if you
> haven't correctly configured a realm yourself. What does your JSecurity
> configuration look like?
>
>
> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com> wrote:
>
>> Les,
>>
>> On second thoughts.. I'm still not sure. Why is it that there's
>> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
>> one I implemented).
>>
>> Any thoughts.
>>
>> Animesh
>>
>>
>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>>
>>> Oops! I should have looked at the stacktrace closer. This is unrelated to
>>> Jsecurity. I've been working on an integration of Stripes+Guice+Warp
>>> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
>>> error I assumed it was because of that :P. So I'll close it here.. maybe
>>> I'll drop you an email if I feel I need your help.
>>>
>>> Stacktrace:
>>>
>>> exception
>>>
>>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>>> exception in exception handler.
>>>
>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>
>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>
>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>
>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>
>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>
>>> root cause
>>>
>>> java.util.NoSuchElementException
>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>
>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>
>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>
>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>
>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>
>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>
>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>
>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>
>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>
>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>
>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>
>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>
>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>
>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>
>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>
>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>
>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>
>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>
>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>
>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>
>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>
>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>
>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>
>>>
>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lh...@apache.org>wrote:
>>>
>>>> Hi Animesh,
>>>>
>>>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>>>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>>>> with how a collection is being used, either iterated by JSecurity, or
>>>> something happening in your DAO layer.
>>>>
>>>> Please include the stacktrace - it is very hard to debug without it ;)
>>>>
>>>> Thanks,
>>>>
>>>> Les
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Les Hazlewood <le...@hazlewood.com>.
The SimpleAccountRealm is a fallback/failsafe realm that is used if you
haven't correctly configured a realm yourself. What does your JSecurity
configuration look like?
On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <an...@itasveer.com> wrote:
> Les,
>
> On second thoughts.. I'm still not sure. Why is it that there's
> SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
> one I implemented).
>
> Any thoughts.
>
> Animesh
>
>
> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com>wrote:
>
>> Oops! I should have looked at the stacktrace closer. This is unrelated to
>> Jsecurity. I've been working on an integration of Stripes+Guice+Warp
>> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
>> error I assumed it was because of that :P. So I'll close it here.. maybe
>> I'll drop you an email if I feel I need your help.
>>
>> Stacktrace:
>>
>> exception
>>
>> net.sourceforge.stripes.exception.StripesServletException: Unhandled
>> exception in exception handler.
>>
>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>
>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>
>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>
>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>
>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>
>> root cause
>>
>> java.util.NoSuchElementException
>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>
>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>
>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>
>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>
>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>
>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>
>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>
>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> java.lang.reflect.Method.invoke(Method.java:585)
>>
>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>
>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>
>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>
>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>
>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>
>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>
>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>
>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>
>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>
>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>
>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>
>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>
>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>
>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>
>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>
>>
>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lh...@apache.org>wrote:
>>
>>> Hi Animesh,
>>>
>>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>>> with how a collection is being used, either iterated by JSecurity, or
>>> something happening in your DAO layer.
>>>
>>> Please include the stacktrace - it is very hard to debug without it ;)
>>>
>>> Thanks,
>>>
>>> Les
>>>
>>>
>>>
>>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Les,
On second thoughts.. I'm still not sure. Why is it that there's
SimpleAccountRealm.java in the stacktrace and no HibernateSecurityRealm (the
one I implemented).
Any thoughts.
Animesh
On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <an...@itasveer.com> wrote:
> Oops! I should have looked at the stacktrace closer. This is unrelated to
> Jsecurity. I've been working on an integration of Stripes+Guice+Warp
> persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
> error I assumed it was because of that :P. So I'll close it here.. maybe
> I'll drop you an email if I feel I need your help.
>
> Stacktrace:
>
> exception
>
> net.sourceforge.stripes.exception.StripesServletException: Unhandled
> exception in exception handler.
>
> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>
> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>
> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>
> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>
> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>
> root cause
>
> java.util.NoSuchElementException
> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>
> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>
> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>
> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>
> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>
> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>
> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> java.lang.reflect.Method.invoke(Method.java:585)
>
> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>
> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>
> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>
> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>
> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>
> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>
> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>
> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>
> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>
> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>
> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>
> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>
>
> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lh...@apache.org>wrote:
>
>> Hi Animesh,
>>
>> Your realm implementation looks fine. But, JSecurity doesn't throw a
>> NoSuchElementException anywhere in its code. I'm assuming this has to do
>> with how a collection is being used, either iterated by JSecurity, or
>> something happening in your DAO layer.
>>
>> Please include the stacktrace - it is very hard to debug without it ;)
>>
>> Thanks,
>>
>> Les
>>
>>
>>
>>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Animesh Jain <an...@itasveer.com>.
Oops! I should have looked at the stacktrace closer. This is unrelated to
Jsecurity. I've been working on an integration of Stripes+Guice+Warp
persist+Jsecurity. Jsecurity is the last remaining thing and when I got the
error I assumed it was because of that :P. So I'll close it here.. maybe
I'll drop you an email if I feel I need your help.
Stacktrace:
exception
net.sourceforge.stripes.exception.StripesServletException: Unhandled
exception in exception handler.
net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
root cause
java.util.NoSuchElementException
java.util.Collections$EmptySet$1.next(Collections.java:2910)
java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Animesh,
>
> Your realm implementation looks fine. But, JSecurity doesn't throw a
> NoSuchElementException anywhere in its code. I'm assuming this has to do
> with how a collection is being used, either iterated by JSecurity, or
> something happening in your DAO layer.
>
> Please include the stacktrace - it is very hard to debug without it ;)
>
> Thanks,
>
> Les
>
>
>
>
Re: Stuck - authentication works but authorization is not working.
Posted by Les Hazlewood <lh...@apache.org>.
Hi Animesh,
Your realm implementation looks fine. But, JSecurity doesn't throw a
NoSuchElementException anywhere in its code. I'm assuming this has to do
with how a collection is being used, either iterated by JSecurity, or
something happening in your DAO layer.
Please include the stacktrace - it is very hard to debug without it ;)
Thanks,
Les
On Sun, Sep 7, 2008 at 11:11 AM, Animesh Jain <an...@itasveer.com> wrote:
> Hi
>
> I'm a newbie to jsecurity so I might be missing something in my config
> here. My authentication is happening fine, but when I try to do a role check
> I get a java.util.NoSuchElementException. Let me explain my config -
>
> I've made a new Realm called HibernateSecurityRealm and have implemented
> the
> doGetAuthenticationInfo
> doGetAuthorizationInfo
> methods. Here's the implementation code snippet
>
> --- code start ---
>
> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
> token) throws AuthenticationException {
> UsernamePasswordToken upToken = (UsernamePasswordToken) token;
> String username = upToken.getUsername();
> // Null username is invalid
> if (username == null) {
> throw new AccountException("Null usernames are not allowed by this
> realm.");
> }
>
> String password = userSecurityDao.getPasswordForUser(username);
> if (password == null) {
> throw new UnknownAccountException("No account found for user [" +
> username + "]");
> }
> return buildAuthenticationInfo(username, password.toCharArray());
> }
>
> protected AuthenticationInfo buildAuthenticationInfo(String username,
> char[] password) {
> return new SimpleAuthenticationInfo(username, password, getName());
> }
>
> /**
> * This implementation of the interface expects the principals collection
> to return a String username keyed off of
> * this realm's {@link #getName() name}
> *
> * @see
> AuthorizingRealm#getAuthorizationInfo(org.jsecurity.subject.PrincipalCollection)
> */
> @Override
> protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
> principals) {
>
> //null usernames are invalid
> if (principals == null) {
> throw new AuthorizationException("PrincipalCollection method argument
> cannot be null.");
> }
>
> String username = (String)
> principals.fromRealm(getName()).iterator().next();
>
> // Retrieve roles and permissions from database
> Set<String> roleNames = userSecurityDao.getRoleNamesForUser(username);
> Set<String> permissions= userSecurityDao.getPermissions(username,
> roleNames);
>
> SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
> info.setStringPermissions(permissions);
> return info;
> }
>
> --- code end ---
>
> Now whenever I'm calling something like
> getSecurityManager().login(token);
> in my action. the call to doGetAuthenticationInfo is happening just fine.
>
> But when I try to do something like
> getSecurityManager().getSubject().hasRole("XYZ")
> I get the NoSuchElementException exception.
>
> Please help. Let me know if there's something more to be implemented when
> creating a realm.
>
>