Hi Animesh, This is good stuff, thanks very much!
Could you please open an issue in our Jira ( https://issues.apache.org/jira/browse/JSEC) and attach that class? Also, since we are an ASF 2.0 licensed project, please indicate in the issue comment that your contribution is submitted under the ASF 2.0 license to the ASF. Once you've done that, I can add it in asap. Since 0.9 final is very close to being released, it won't be able to make it in for 0.9, but we can have it in immediately after that. Thanks again, Les On Sun, Sep 14, 2008 at 2:41 AM, Animesh Jain <[EMAIL PROTECTED]> wrote: > Here's what I have write now > > ---------------------------------------- > > public class GuiceWebConfiguration extends IniWebConfiguration { > > public static final String INJECTOR_FACTORY_CLASS = > "InjectorFactoryClass"; > public static final String INJECTOR_FACTORY_METHOD = > "InjectorFactoryMethod"; > > private static final Log log = > LogFactory.getLog(GuiceWebConfiguration.class); > > protected Injector injector; > > public Injector getInjector() { > return injector; > } > > public void setInjector(Injector injector) { > this.injector = injector; > } > > public GuiceWebConfiguration() { > } > > @Override > public void init() throws JSecurityException { > String className = > getFilterConfig().getInitParameter(INJECTOR_FACTORY_CLASS); > String methodName = > getFilterConfig().getInitParameter(INJECTOR_FACTORY_METHOD); > /* > Get injector from a class which holds an instance for this application. > I had a static method in a class that returns the injector. > I've put the class name and method name in filter init params. > */ > try { > Class clazz = Class.forName(className); > Method method = clazz.getMethod(methodName); > Injector injector = (Injector) method.invoke(null); > setInjector(injector); > } catch (ClassNotFoundException e) { > log.error("Injector factory class not found - "+className, e); > throw new JSecurityException("Injector factory class not found - > "+methodName, e); > } catch (NoSuchMethodException e) { > log.error("Injector factory method not found - "+methodName+" in > class "+className, e); > throw new JSecurityException("Injector factory method not found - > "+methodName+" in class "+className, e); > } catch (InvocationTargetException e) { > log.error("InvocationTargetException when trying to invoke - > "+methodName+" in class "+className, e); > throw new JSecurityException("InvocationTargetException when trying > to invoke - "+methodName+" in class "+className, e); > } catch (IllegalAccessException e) { > log.error("IllegalAccessException when trying to invoke - > "+methodName+" in class "+className, e); > throw new JSecurityException("IllegalAccessException when trying to > invoke - "+methodName+" in class "+className, e); > } > super.init(); > } > > @Override > protected SecurityManager createDefaultSecurityManager() { > return createSecurityManager(null); > } > > @Override > protected SecurityManager createSecurityManager(Map<String, Map<String, > String>> sections) { > return getOrCreateSecurityManager(injector, sections); > } > > protected SecurityManager getOrCreateSecurityManager(Injector injector, > Map<String, Map<String, String>> sections) { > System.out.println("Trying to create Security Manager"); > SecurityManager securityManager = null; > if (injector != null) { > /* > The security manager is obtained using the Guice injector. > Typically one will have to use a custom provider and bind it to the > DefaultWebSecurityManager class > This is the way Guice handles external configuration > */ > securityManager = > injector.getInstance(DefaultWebSecurityManager.class); > SecurityUtils.setSecurityManager(securityManager); > } else { > throw new JSecurityException("Injector is null. Cannot instantiate > security manager"); > } > > return securityManager; > > } > > } > > > On Sun, Sep 14, 2008 at 12:05 PM, Animesh Jain <[EMAIL PROTECTED]>wrote: > >> Hey.. >> >> Finally found some time and got things working. Wrote a >> GuiceWebConfiguration as you suggested with some effort. Not sure if its >> good enough for inclusion in Jsecurity, although I'll share whatever I have >> here. Should I email the class to you Les? >> >> Animesh >> >> >> On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <[EMAIL PROTECTED]>wrote: >> >>> Ok now it makes sense. I completely forgot about the filter! Will go to >>> sleep now (late night in my part of the world) and update when I figure this >>> out. >>> >>> Thanks a lot for the help Les :) >>> >>> - Animesh >>> >>> >>> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <[EMAIL PROTECTED]> wrote: >>> >>>> The realm needs to be injected into the security manager only once: >>>> >>>> securityManager.setRealm(realm); >>>> >>>> This will ensure the lazily-created PropertiesRealm (the >>>> fallback/failsafe one) is not created. >>>> >>>> In a web app, the JSecurityFilter ensures SecurityUtils is set up >>>> properly. In a standalone application, you need to call >>>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI >>>> framework like Spring or Guice. >>>> >>>> >>>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>>> >>>>> Well how does subject get its securityManager / realm. That may throw >>>>> some light onto whether the realm needs to be injected elsewhere too. >>>>> >>>>> - Animesh >>>>> >>>>> >>>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>>>> >>>>>> Yup this is a web-app. I'm using Guice for dependency injection so you >>>>>> can think of that as a replacement for Spring. I could send you the whole >>>>>> app too so you'd see what I see. I'm pretty sure there's nothing wrong >>>>>> with >>>>>> the dependency injection here. Because as I said after the login action >>>>>> I'm >>>>>> able to obtain an instance of the subject in a separate action class by >>>>>> calling >>>>>> >>>>>> Subject subject = getSecurityManager().getSubject() >>>>>> >>>>>> Here getSecurityManager() gets me an injected SecurityManager >>>>>> correctly with my realm properly configured and all. Right after this >>>>>> line >>>>>> if I call >>>>>> >>>>>> subject.hasRole("XYZ") >>>>>> >>>>>> the error gets thrown up. >>>>>> >>>>>> - Animesh >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <[EMAIL PROTECTED]>wrote: >>>>>> >>>>>>> Is this a web app? I.e. is there a web.xml file somewhere? >>>>>>> >>>>>>> Also, is this a spring application? >>>>>>> >>>>>>> >>>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>>>>>> >>>>>>>> Ok here's the deal.. >>>>>>>> >>>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes, >>>>>>>> which has my HibernateSecurityRealm set correctly. So calling >>>>>>>> >>>>>>>> Subject subject = getSecurityManager().getSubject(); >>>>>>>> >>>>>>>> is giving me the correct currently logged in user. But strangely >>>>>>>> when I debug the subject instance after getting it, the >>>>>>>> securityManager it >>>>>>>> shows is not the same - it has a real called >>>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible? >>>>>>>> >>>>>>>> I was not using the SecurityUtils class and had not explicitly set a >>>>>>>> SecurityManager using SecurityUtils.setSecurityManager(). Is that >>>>>>>> required. >>>>>>>> Anyway I now added it too but that has had no effect. Still the same >>>>>>>> error. >>>>>>>> >>>>>>>> So where's the subject instance getting the different implementation >>>>>>>> from >>>>>>>> >>>>>>>> Animesh >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <[EMAIL >>>>>>>> PROTECTED]>wrote: >>>>>>>> >>>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used if >>>>>>>>> you haven't correctly configured a realm yourself. What does your >>>>>>>>> JSecurity >>>>>>>>> configuration look like? >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain <[EMAIL PROTECTED] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Les, >>>>>>>>>> >>>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's >>>>>>>>>> SimpleAccountRealm.java in the stacktrace and no >>>>>>>>>> HibernateSecurityRealm (the >>>>>>>>>> one I implemented). >>>>>>>>>> >>>>>>>>>> Any thoughts. >>>>>>>>>> >>>>>>>>>> Animesh >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain < >>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>> >>>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is >>>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of >>>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last >>>>>>>>>>> remaining thing >>>>>>>>>>> and when I got the error I assumed it was because of that :P. So >>>>>>>>>>> I'll close >>>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help. >>>>>>>>>>> >>>>>>>>>>> Stacktrace: >>>>>>>>>>> >>>>>>>>>>> exception >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException: >>>>>>>>>>> Unhandled exception in exception handler. >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180) >>>>>>>>>>> >>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53) >>>>>>>>>>> >>>>>>>>>>> root cause >>>>>>>>>>> >>>>>>>>>>> java.util.NoSuchElementException >>>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910) >>>>>>>>>>> >>>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211) >>>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14) >>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>>>>>> >>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>>>>>>>> >>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67) >>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689) >>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >>>>>>>>>>> >>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382) >>>>>>>>>>> >>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180) >>>>>>>>>>> >>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood < >>>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Animesh, >>>>>>>>>>>> >>>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't >>>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm assuming >>>>>>>>>>>> this has >>>>>>>>>>>> to do with how a collection is being used, either iterated by >>>>>>>>>>>> JSecurity, or >>>>>>>>>>>> something happening in your DAO layer. >>>>>>>>>>>> >>>>>>>>>>>> Please include the stacktrace - it is very hard to debug without >>>>>>>>>>>> it ;) >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> Les >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
