Stuck - authentication works but authorization is not working.

Sun, 07 Sep 2008 08:11:29 -0700 

Hi

I'm a newbie to jsecurity so I might be missing something in my config here.
My authentication is happening fine, but when I try to do a role check I get
a java.util.NoSuchElementException. Let me explain my config -

I've made a new Realm called HibernateSecurityRealm and have implemented the

doGetAuthenticationInfo
doGetAuthorizationInfo
methods. Here's the implementation code snippet

--- code start ---

  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String username = upToken.getUsername();
    // Null username is invalid
    if (username == null) {
      throw new AccountException("Null usernames are not allowed by this
realm.");
    }

    String password = userSecurityDao.getPasswordForUser(username);
    if (password == null) {
      throw new UnknownAccountException("No account found for user [" +
username + "]");
    }
    return buildAuthenticationInfo(username, password.toCharArray());
  }

  protected AuthenticationInfo buildAuthenticationInfo(String username,
char[] password) {
    return new SimpleAuthenticationInfo(username, password, getName());
  }

  /**
   * This implementation of the interface expects the principals collection
to return a String username keyed off of
   * this realm's [EMAIL PROTECTED] #getName() name}
   *
   * @see
AuthorizingRealm#getAuthorizationInfo(org.jsecurity.subject.PrincipalCollection)
   */
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {

    //null usernames are invalid
    if (principals == null) {
      throw new AuthorizationException("PrincipalCollection method argument
cannot be null.");
    }

    String username = (String)
principals.fromRealm(getName()).iterator().next();

    // Retrieve roles and permissions from database
    Set<String> roleNames = userSecurityDao.getRoleNamesForUser(username);
    Set<String> permissions= userSecurityDao.getPermissions(username,
roleNames);

    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
    info.setStringPermissions(permissions);
    return info;
  }

--- code end ---

Now whenever I'm calling something like
getSecurityManager().login(token);
in my action. the call to doGetAuthenticationInfo is happening just fine.

But when I try to do something like
getSecurityManager().getSubject().hasRole("XYZ")
I get the NoSuchElementException exception.

Please help. Let me know if there's something more to be implemented when
creating a realm.

Reply via email to