Hi Les I finally opened a Jira for the Guice integration. Let me know if something's missing. I couldn't get url based authentication to work though.. I'll start a thread about it on the mailing list later.
Cheers Animesh -------------------------- http://twitter.com/animeshjain On Sun, Sep 14, 2008 at 8:32 PM, Les Hazlewood <[EMAIL PROTECTED]>wrote: > Hi Animesh, > > This is good stuff, thanks very much! > > Could you please open an issue in our Jira ( > https://issues.apache.org/jira/browse/JSEC) and attach that class? > > Also, since we are an ASF 2.0 licensed project, please indicate in the > issue comment that your contribution is submitted under the ASF 2.0 license > to the ASF. > > Once you've done that, I can add it in asap. Since 0.9 final is very close > to being released, it won't be able to make it in for 0.9, but we can have > it in immediately after that. > > Thanks again, > > Les > > > On Sun, Sep 14, 2008 at 2:41 AM, Animesh Jain <[EMAIL PROTECTED]>wrote: > >> Here's what I have write now >> >> ---------------------------------------- >> >> public class GuiceWebConfiguration extends IniWebConfiguration { >> >> public static final String INJECTOR_FACTORY_CLASS = >> "InjectorFactoryClass"; >> public static final String INJECTOR_FACTORY_METHOD = >> "InjectorFactoryMethod"; >> >> private static final Log log = >> LogFactory.getLog(GuiceWebConfiguration.class); >> >> protected Injector injector; >> >> public Injector getInjector() { >> return injector; >> } >> >> public void setInjector(Injector injector) { >> this.injector = injector; >> } >> >> public GuiceWebConfiguration() { >> } >> >> @Override >> public void init() throws JSecurityException { >> String className = >> getFilterConfig().getInitParameter(INJECTOR_FACTORY_CLASS); >> String methodName = >> getFilterConfig().getInitParameter(INJECTOR_FACTORY_METHOD); >> /* >> Get injector from a class which holds an instance for this >> application. I had a static method in a class that returns the injector. >> I've put the class name and method name in filter init params. >> */ >> try { >> Class clazz = Class.forName(className); >> Method method = clazz.getMethod(methodName); >> Injector injector = (Injector) method.invoke(null); >> setInjector(injector); >> } catch (ClassNotFoundException e) { >> log.error("Injector factory class not found - "+className, e); >> throw new JSecurityException("Injector factory class not found - >> "+methodName, e); >> } catch (NoSuchMethodException e) { >> log.error("Injector factory method not found - "+methodName+" in >> class "+className, e); >> throw new JSecurityException("Injector factory method not found - >> "+methodName+" in class "+className, e); >> } catch (InvocationTargetException e) { >> log.error("InvocationTargetException when trying to invoke - >> "+methodName+" in class "+className, e); >> throw new JSecurityException("InvocationTargetException when trying >> to invoke - "+methodName+" in class "+className, e); >> } catch (IllegalAccessException e) { >> log.error("IllegalAccessException when trying to invoke - >> "+methodName+" in class "+className, e); >> throw new JSecurityException("IllegalAccessException when trying to >> invoke - "+methodName+" in class "+className, e); >> } >> super.init(); >> } >> >> @Override >> protected SecurityManager createDefaultSecurityManager() { >> return createSecurityManager(null); >> } >> >> @Override >> protected SecurityManager createSecurityManager(Map<String, Map<String, >> String>> sections) { >> return getOrCreateSecurityManager(injector, sections); >> } >> >> protected SecurityManager getOrCreateSecurityManager(Injector injector, >> Map<String, Map<String, String>> sections) { >> System.out.println("Trying to create Security Manager"); >> SecurityManager securityManager = null; >> if (injector != null) { >> /* >> The security manager is obtained using the Guice injector. >> Typically one will have to use a custom provider and bind it to the >> DefaultWebSecurityManager class >> This is the way Guice handles external configuration >> */ >> securityManager = >> injector.getInstance(DefaultWebSecurityManager.class); >> SecurityUtils.setSecurityManager(securityManager); >> } else { >> throw new JSecurityException("Injector is null. Cannot instantiate >> security manager"); >> } >> >> return securityManager; >> >> } >> >> } >> >> >> On Sun, Sep 14, 2008 at 12:05 PM, Animesh Jain <[EMAIL PROTECTED]>wrote: >> >>> Hey.. >>> >>> Finally found some time and got things working. Wrote a >>> GuiceWebConfiguration as you suggested with some effort. Not sure if its >>> good enough for inclusion in Jsecurity, although I'll share whatever I have >>> here. Should I email the class to you Les? >>> >>> Animesh >>> >>> >>> On Mon, Sep 8, 2008 at 2:13 AM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>> >>>> Ok now it makes sense. I completely forgot about the filter! Will go to >>>> sleep now (late night in my part of the world) and update when I figure >>>> this >>>> out. >>>> >>>> Thanks a lot for the help Les :) >>>> >>>> - Animesh >>>> >>>> >>>> On Mon, Sep 8, 2008 at 2:02 AM, Les Hazlewood <[EMAIL PROTECTED]>wrote: >>>> >>>>> The realm needs to be injected into the security manager only once: >>>>> >>>>> securityManager.setRealm(realm); >>>>> >>>>> This will ensure the lazily-created PropertiesRealm (the >>>>> fallback/failsafe one) is not created. >>>>> >>>>> In a web app, the JSecurityFilter ensures SecurityUtils is set up >>>>> properly. In a standalone application, you need to call >>>>> SecurityUtils.setSecurityManager explicitly _if_ you are not using a DI >>>>> framework like Spring or Guice. >>>>> >>>>> >>>>> On Sun, Sep 7, 2008 at 4:18 PM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>>>> >>>>>> Well how does subject get its securityManager / realm. That may throw >>>>>> some light onto whether the realm needs to be injected elsewhere too. >>>>>> >>>>>> - Animesh >>>>>> >>>>>> >>>>>> On Mon, Sep 8, 2008 at 1:46 AM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>>>>> >>>>>>> Yup this is a web-app. I'm using Guice for dependency injection so >>>>>>> you can think of that as a replacement for Spring. I could send you the >>>>>>> whole app too so you'd see what I see. I'm pretty sure there's nothing >>>>>>> wrong >>>>>>> with the dependency injection here. Because as I said after the login >>>>>>> action >>>>>>> I'm able to obtain an instance of the subject in a separate action >>>>>>> class by >>>>>>> calling >>>>>>> >>>>>>> Subject subject = getSecurityManager().getSubject() >>>>>>> >>>>>>> Here getSecurityManager() gets me an injected SecurityManager >>>>>>> correctly with my realm properly configured and all. Right after this >>>>>>> line >>>>>>> if I call >>>>>>> >>>>>>> subject.hasRole("XYZ") >>>>>>> >>>>>>> the error gets thrown up. >>>>>>> >>>>>>> - Animesh >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 8, 2008 at 1:38 AM, Les Hazlewood <[EMAIL PROTECTED]>wrote: >>>>>>> >>>>>>>> Is this a web app? I.e. is there a web.xml file somewhere? >>>>>>>> >>>>>>>> Also, is this a spring application? >>>>>>>> >>>>>>>> >>>>>>>> On Sun, Sep 7, 2008 at 3:44 PM, Animesh Jain <[EMAIL PROTECTED]>wrote: >>>>>>>> >>>>>>>>> Ok here's the deal.. >>>>>>>>> >>>>>>>>> I'm injecting a DefaultWebSecurityManager into my action classes, >>>>>>>>> which has my HibernateSecurityRealm set correctly. So calling >>>>>>>>> >>>>>>>>> Subject subject = getSecurityManager().getSubject(); >>>>>>>>> >>>>>>>>> is giving me the correct currently logged in user. But strangely >>>>>>>>> when I debug the subject instance after getting it, the >>>>>>>>> securityManager it >>>>>>>>> shows is not the same - it has a real called >>>>>>>>> org.jsecurity.realm.text.PropertiesRealm. Now how is that possible? >>>>>>>>> >>>>>>>>> I was not using the SecurityUtils class and had not explicitly set >>>>>>>>> a SecurityManager using SecurityUtils.setSecurityManager(). Is that >>>>>>>>> required. Anyway I now added it too but that has had no effect. Still >>>>>>>>> the >>>>>>>>> same error. >>>>>>>>> >>>>>>>>> So where's the subject instance getting the different >>>>>>>>> implementation from >>>>>>>>> >>>>>>>>> Animesh >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Sep 8, 2008 at 12:52 AM, Les Hazlewood <[EMAIL >>>>>>>>> PROTECTED]>wrote: >>>>>>>>> >>>>>>>>>> The SimpleAccountRealm is a fallback/failsafe realm that is used >>>>>>>>>> if you haven't correctly configured a realm yourself. What does your >>>>>>>>>> JSecurity configuration look like? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Sun, Sep 7, 2008 at 3:04 PM, Animesh Jain < >>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>> >>>>>>>>>>> Les, >>>>>>>>>>> >>>>>>>>>>> On second thoughts.. I'm still not sure. Why is it that there's >>>>>>>>>>> SimpleAccountRealm.java in the stacktrace and no >>>>>>>>>>> HibernateSecurityRealm (the >>>>>>>>>>> one I implemented). >>>>>>>>>>> >>>>>>>>>>> Any thoughts. >>>>>>>>>>> >>>>>>>>>>> Animesh >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Sep 8, 2008 at 12:24 AM, Animesh Jain < >>>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Oops! I should have looked at the stacktrace closer. This is >>>>>>>>>>>> unrelated to Jsecurity. I've been working on an integration of >>>>>>>>>>>> Stripes+Guice+Warp persist+Jsecurity. Jsecurity is the last >>>>>>>>>>>> remaining thing >>>>>>>>>>>> and when I got the error I assumed it was because of that :P. So >>>>>>>>>>>> I'll close >>>>>>>>>>>> it here.. maybe I'll drop you an email if I feel I need your help. >>>>>>>>>>>> >>>>>>>>>>>> Stacktrace: >>>>>>>>>>>> >>>>>>>>>>>> exception >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.exception.StripesServletException: >>>>>>>>>>>> Unhandled exception in exception handler. >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.exception.DefaultExceptionHandler.handle(DefaultExceptionHandler.java:158) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:249) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180) >>>>>>>>>>>> >>>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53) >>>>>>>>>>>> >>>>>>>>>>>> root cause >>>>>>>>>>>> >>>>>>>>>>>> java.util.NoSuchElementException >>>>>>>>>>>> java.util.Collections$EmptySet$1.next(Collections.java:2910) >>>>>>>>>>>> >>>>>>>>>>>> java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1010) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.realm.SimpleAccountRealm.getAuthorizationCacheKey(SimpleAccountRealm.java:157) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:265) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:500) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:178) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:213) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.subject.DelegatingSubject.hasRole(DelegatingSubject.java:211) >>>>>>>>>>>> bookmark.web.action.HomeAction.preAction(HomeAction.java:14) >>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>>>>>>> >>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>>>>>>>>> >>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>>>>>>>>> java.lang.reflect.Method.invoke(Method.java:585) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:442) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:440) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:285) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:167) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:67) >>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:689) >>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >>>>>>>>>>>> >>>>>>>>>>>> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382) >>>>>>>>>>>> >>>>>>>>>>>> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180) >>>>>>>>>>>> >>>>>>>>>>>> com.wideplay.warp.hibernate.SessionPerRequestFilter.doFilter(SessionPerRequestFilter.java:53) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Sep 8, 2008 at 12:13 AM, Les Hazlewood < >>>>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Animesh, >>>>>>>>>>>>> >>>>>>>>>>>>> Your realm implementation looks fine. But, JSecurity doesn't >>>>>>>>>>>>> throw a NoSuchElementException anywhere in its code. I'm >>>>>>>>>>>>> assuming this has >>>>>>>>>>>>> to do with how a collection is being used, either iterated by >>>>>>>>>>>>> JSecurity, or >>>>>>>>>>>>> something happening in your DAO layer. >>>>>>>>>>>>> >>>>>>>>>>>>> Please include the stacktrace - it is very hard to debug >>>>>>>>>>>>> without it ;) >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> >>>>>>>>>>>>> Les >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
