You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by nhhockeyplayer <nh...@hotmail.com> on 2013/03/19 09:13:06 UTC
help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Folks,
I tried using my own custom authentication token but reverted back to
UsernamePasswordToken.
regardless...
This routine is throwing me off. In some of the sample code I been copying
from... I see this line inside this routine.
if (principals.fromRealm().size() <= 0)
{
System.out.println("principals from realm collection is empty");
return null;
}
see below in the actual routine
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals)
{
if (principals == null)
throw new AuthorizationException("PrincipalCollection was null, which
should not happen");
if (principals.isEmpty())
{
System.out.println("principals collection is empty");
return null;
}
if (principals.fromRealm("administrator").size() <= 0)
{
System.out.println("principals from realm collection is empty");
return null;
}
ques 1: why the formal parameter ? Why does it have to be a collection?
i am guessing it would house maybe several credential models like facebook,
twitter, etc.. local login?
ques 2: under what conditions would the formal parameter be exercised ?
ques 3: if my collection is empty, and I already invoked
doGetAuthenticationInfo and logged in? why is it empty?
ques 4: should I just remove the check ?
ques 5: why is the check useful ?
ques 6: what am I trying to do with these collections inside this routine?
Thanks
--
View this message in context: http://shiro-user.582556.n2.nabble.com/help-understanding-doGetAuthorizationInfo-PrincipalCollection-principals-tp7578443.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
2 realm were configured. To answer your question... it is ExtendedPropertiesRealm that is associated with the principle configured... which is wrong... it should be HibernateUserRealm which is lost... or clobbered ?
Here is where I configure my realms inside AppModule.JAVA
public static void contributeWebSecurityManager(Configuration<Realm> configuration, Authenticator authenticator,
WebSecurityManager securityManager, SecurityAuthenticationListener pphlAuthenticationListener,
@InjectService("HibernateUserRealm") AuthenticatingRealm hibernateUserRealm)
{
configuration.add(hibernateUserRealm);
// doesn't necessarily belong here, but we can just as well set up the listener here
authenticator.addAuthenticationListener(pphlAuthenticationListener);
ExtendedPropertiesRealm defaultShiroRealm = new ExtendedPropertiesRealm("classpath:shiro.properties");
defaultShiroRealm.setName("default");
/**
* do default shiro.ini There are annoying two little bugs.. 1)
* TextConfigurationRealm creates simpleaccountinfo map at start-up but
* doesn't refresh the realm name when it's changed and 2)
*
* ExtendedPropertiesRealm doesn't take name as a constructor parameter.
* So need to do some trickery to set the name before the configuration
* is loaded
*/
configuration.add(defaultShiroRealm);
}
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by jleleu <le...@gmail.com>.
Hi,
I tend to think that this /PrincipalCollection/ has been initialized by
another realm for the same kind of token, but I may be wrong.
Did you try to enable some DEBUG logs on org.apache.shiro ?
What is the class of the PrincipalCollection ? Can see the realm name
associated to the primary principal ?
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/help-understanding-doGetAuthorizationInfo-PrincipalCollection-principals-tp7578443p7578457.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
and
principals.fromRealm(getName()).size()
is == 0
inside the authorization routine
shouldnt it be at least 1 ?
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
yes... which happens to be administrator
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by jleleu <le...@gmail.com>.
Hi,
You should retrieve a first principal which is the username for your realm
name.
In the /doGetAuthorizationInfo/ method, what do you get when calling
/principals.getPrimaryPrincipal()/ ? your username ?
Best,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/help-understanding-doGetAuthorizationInfo-PrincipalCollection-principals-tp7578443p7578454.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
This is the line that should invoke the constructor which builds the collection of principals
return new SimpleAuthenticationInfo(username, token.getCredentials(), bs, getName());
getName() is my realm name
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
well Jerome your right... about the realm name
and I watched it in the debugger at the bottom of the authentication routine
it populates the return structure with the realm Name
but it seems second pass the in the authorization... using that very same realm name I see nothing retained from the authentication and it looks empty.
?
could this be a bug ?
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
Thanks Jerome,
It seems I am not doing something I need to be doing within authentication... like adding principals or permissions...
in order for my authorization routine to function properly.
everything I need to do is stored away in my database pojos.
So its just a matter of orchestrating it all
So i need to add principals and permissions from within my authentication routine ?
Thanks
Ken
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by nhhockeyplayer <nh...@hotmail.com>.
Thanks for your help Jerome...
For some reason I started seeing 1 item in the collection.
But I haven't pin pointed why...
My authorization logic is graceful now.
I just need to get tapestry-security to work now.
- cheers
--
View this message in context: http://shiro-user.582556.n2.nabble.com/help-understanding-doGetAuthorizationInfo-PrincipalCollection-principals-tp7578443p7578486.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by jleleu <le...@gmail.com>.
Hi,
I'm not sure to clearly follow this discussion. But if it might help, here
are some inputs :
- the authenticated user identity is a collection of principals
(identity/attribute), the first principal must be unique and each principal
is normally associated to the realm which has created it.
- the /doAuthenticationInfo/ method creates the principals (= authenticated
user identity) and the /doGetAuthorizationInfo/ method grants the roles and
the permissions according to this principals given as input
- each realm indicates which kind of token "it works on", through the
/supports/ method.
I had in mind that realm name cannot be ommitted so I don't understand why
you can have principals but no principals realm except if you query the
wrong realm name.
I advice you to read the Javadoc regarding the *Realm* and
*PrincipalCollection* interfaces and the *SimplePrincipalCollection* class
for example.
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/help-understanding-doGetAuthorizationInfo-PrincipalCollection-principals-tp7578443p7578449.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
sorry ... to rephrase
principals collection is not empty
principles realm collection is empty...
so why is my principals realm collection empty? after authenticating and rendering home page?
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
why would my principals be empty if i already authenticated and rendered ?
RE: help understanding doGetAuthorizationInfo(PrincipalCollection
principals)
Posted by Ken in Nashua <kc...@live.com>.
I just atuhenticated...rendered home page...
then dogetAuthorization(...) gets called
if (principals.fromRealm(getName()).size() <= 0)
{
System.out.println("principals from realm collection is empty");
return null;
}
principals has a collected item in it
but when I call with name as above size == 0
?