Here's what I have write now
----------------------------------------
public class GuiceWebConfiguration extends IniWebConfiguration {
public static final String INJECTOR_FACTORY_CLASS =
"InjectorFactoryClass";
public static final String INJECTOR_FACTORY_METHOD =
"InjectorFactoryMethod";
private static final Log log =
LogFactory.getLog(GuiceWebConfiguration.class);
protected Injector injector;
public Injector getInjector() {
return injector;
}
public void setInjector(Injector injector) {
this.injector = injector;
}
public GuiceWebConfiguration() {
}
@Override
public void init() throws JSecurityException {
String className =
getFilterConfig().getInitParameter(INJECTOR_FACTORY_CLASS);
String methodName =
getFilterConfig().getInitParameter(INJECTOR_FACTORY_METHOD);
/*
Get injector from a class which holds an instance for this application.
I had a static method in a class that returns the injector.
I've put the class name and method name in filter init params.
*/
try {
Class clazz = Class.forName(className);
Method method = clazz.getMethod(methodName);
Injector injector = (Injector) method.invoke(null);
setInjector(injector);
} catch (ClassNotFoundException e) {
log.error("Injector factory class not found - "+className, e);
throw new JSecurityException("Injector factory class not found -
"+methodName, e);
} catch (NoSuchMethodException e) {
log.error("Injector factory method not found - "+methodName+" in class
"+className, e);
throw new JSecurityException("Injector factory method not found -
"+methodName+" in class "+className, e);
} catch (InvocationTargetException e) {
log.error("InvocationTargetException when trying to invoke -
"+methodName+" in class "+className, e);
throw new JSecurityException("InvocationTargetException when trying to
invoke - "+methodName+" in class "+className, e);
} catch (IllegalAccessException e) {
log.error("IllegalAccessException when trying to invoke -
"+methodName+" in class "+className, e);
throw new JSecurityException("IllegalAccessException when trying to
invoke - "+methodName+" in class "+className, e);
}
super.init();
}
@Override
protected SecurityManager createDefaultSecurityManager() {
return createSecurityManager(null);
}
@Override
protected SecurityManager createSecurityManager(Map<String, Map<String,
String>> sections) {
return getOrCreateSecurityManager(injector, sections);
}
protected SecurityManager getOrCreateSecurityManager(Injector injector,
Map<String, Map<String, String>> sections) {
System.out.println("Trying to create Security Manager");
SecurityManager securityManager = null;
if (injector != null) {
/*
The security manager is obtained using the Guice injector.
Typically one will have to use a custom provider and bind it to the
DefaultWebSecurityManager class
This is the way Guice handles external configuration
*/
securityManager =
injector.getInstance(DefaultWebSecurityManager.class);
SecurityUtils.setSecurityManager(securityManager);
} else {
throw new JSecurityException("Injector is null. Cannot instantiate
security manager");
}
return securityManager;
}
}
On Sun, Sep 14, 2008 at 12:05 PM, Animesh Jain <[EMAIL PROTECTED]> wrote:
> Hey..
>
> Finally found some time and got things working. Wrote a
> GuiceWebConfiguration as you suggested with some effort. Not sure if its
> good enough for inclusion in Jsecurity, although I'll share whatever I have
> here. Should I email the class to you Les?
>
> Animesh
>
>
> On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <[EMAIL PROTECTED]> wrote:
>
>> Ok now it makes sense. I completely forgot about the filter! Will go to
>> sleep now (late night in my part of the world) and update when I figure this
>> out.
>>
>> Thanks a lot for the help Les :)
>>
>> - Animesh
>>
>>
>> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <[EMAIL PROTECTED]> wrote:
>>
>>> The realm needs to be injected into the security manager only once:
>>>
>>> securityManager.setRealm(realm);
>>>
>>> This will ensure the lazily-created PropertiesRealm (the
>>> fallback/failsafe one) is not created.
>>>
>>> In a web app, the JSecurityFilter ensures SecurityUtils is set up
>>> properly. In a standalone application, you need to call
>>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI
>>> framework like Spring or Guice.
>>>
>>>
>>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <[EMAIL PROTECTED]>wrote:
>>>
>>>> Well how does subject get its securityManager / realm. That may throw
>>>> some light onto whether the realm needs to be injected elsewhere too.
>>>>
>>>> - Animesh
>>>>
>>>>
>>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <[EMAIL PROTECTED]>wrote:
>>>>
>>>>> Yup this is a web-app. I'm using Guice for dependency injection so you
>>>>> can think of that as a replacement for Spring. I could send you the whole
>>>>> app too so you'd see what I see. I'm pretty sure there's nothing wrong
>>>>> with
>>>>> the dependency injection here. Because as I said after the login action
>>>>> I'm
>>>>> able to obtain an instance of the subject in a separate action class by
>>>>> calling
>>>>>
>>>>> Subject subject = getSecurityManager().getSubject()
>>>>>
>>>>> Here getSecurityManager() gets me an injected SecurityManager correctly
>>>>> with my realm properly configured and all. Right after this line if I call
>>>>>
>>>>> subject.hasRole("XYZ")
>>>>>
>>>>> the error gets thrown up.
>>>>>
>>>>> - Animesh
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <[EMAIL PROTECTED]>wrote:
>>>>>
>>>>>> Is this a web app? I.e. is there a web.xml file somewhere?
>>>>>>
>>>>>> Also, is this a spring application?
>>>>>>
>>>>>>
>>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <[EMAIL PROTECTED]>wrote:
>>>>>>
>>>>>>> Ok here's the deal..
>>>>>>>
>>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes,
>>>>>>> which has my HibernateSecurityRealm set correctly. So calling
>>>>>>>
>>>>>>> Subject subject = getSecurityManager().getSubject();
>>>>>>>
>>>>>>> is giving me the correct currently logged in user. But strangely when
>>>>>>> I debug the subject instance after getting it, the securityManager it
>>>>>>> shows
>>>>>>> is not the same - it has a real called
>>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible?
>>>>>>>
>>>>>>> I was not using the SecurityUtils class and had not explicitly set a
>>>>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that
>>>>>>> required.
>>>>>>> Anyway I now added it too but that has had no effect. Still the same
>>>>>>> error.
>>>>>>>
>>>>>>> So where's the subject instance getting the different implementation
>>>>>>> from
>>>>>>>
>>>>>>> Animesh
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <[EMAIL PROTECTED]>wrote:
>>>>>>>
>>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if
>>>>>>>> you haven't correctly configured a realm yourself. What does your
>>>>>>>> JSecurity
>>>>>>>> configuration look like?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <[EMAIL PROTECTED]>wrote:
>>>>>>>>
>>>>>>>>> Les,
>>>>>>>>>
>>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's
>>>>>>>>> SimpleAccountRealm.java in the stacktrace and no
>>>>>>>>> HibernateSecurityRealm (the
>>>>>>>>> one I implemented).
>>>>>>>>>
>>>>>>>>> Any thoughts.
>>>>>>>>>
>>>>>>>>> Animesh
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain <
>>>>>>>>> [EMAIL PROTECTED]> wrote:
>>>>>>>>>
>>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is
>>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of
>>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last
>>>>>>>>>> remaining thing
>>>>>>>>>> and when I got the error I assumed it was because of that :P. So
>>>>>>>>>> I'll close
>>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help.
>>>>>>>>>>
>>>>>>>>>> Stacktrace:
>>>>>>>>>>
>>>>>>>>>> exception
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException:
>>>>>>>>>> Unhandled exception in exception handler.
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>
>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>
>>>>>>>>>> root cause
>>>>>>>>>>
>>>>>>>>>> java.util.NoSuchElementException
>>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910)
>>>>>>>>>>
>>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211)
>>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14)
>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>
>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>>>>
>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67)
>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>>>>>>>
>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>>>>>>>>>>
>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>>>>>>>>>>
>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood <
>>>>>>>>>> [EMAIL PROTECTED]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Animesh,
>>>>>>>>>>>
>>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't
>>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm assuming
>>>>>>>>>>> this has
>>>>>>>>>>> to do with how a collection is being used, either iterated by
>>>>>>>>>>> JSecurity, or
>>>>>>>>>>> something happening in your DAO layer.
>>>>>>>>>>>
>>>>>>>>>>> Please include the stacktrace - it is very hard to debug without
>>>>>>>>>>> it ;)
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>>
>>>>>>>>>>> Les
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
