EhCache AutorizationRealm configuration.

Thu, 20 Sep 2012 16:12:26 -0700 

Hi,
I've experienced hard time trying to set up the EhCache autorization cache. My requirement is as follows: 


At runtime I need to create new object ("Company" records). Each company 
record has associated a permission, so when a new company is created, 
the associated permission is assigned to the "root" user allowing it to 
access to the new record. Right now, I'm able to configure the 
Authentication and Authorization process in my application so I actually 
can login and grant access based on the permissions a user may have, all 
this using the provided EhCacheManager. The problem comes when, like I 
said, at runtime I modify the permissions list associated to a user, 
simply the cache is not cleaned. This is my set up.


*applicationContext.xml*


<bean id="shiroFilter" 
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <property name="securityManager" ref="securityManager" />
    </bean>


    <bean id="lifecycleBeanPostProcessor" 
class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />


    <!-- Security Manager of the application -->

    <bean id="securityManager" 
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realm" ref="jpaScgasparRealm" />
        <property name="cacheManager" ref="shiroCacheManager" />
    </bean>


<bean id="shiroCacheManager" 
class="org.apache.shiro.cache.ehcache.EhCacheManager"

        destroy-method="destroy">

        <property name="cacheManager" 
ref="springEhCacheManager"></property>

    </bean>

    <bean id="springEhCacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
    </bean>


I extend the AuthorizingRealm to be able to access to my JPA model 
overriding the *doGetAuthenticationInfo* and *doGetAuthorizationInfo* 
methods and also I implement a custom method to call the 
*clearCachedAuthorizationInfo *as follows:


public void clearCache(PrincipalCollection principal) {

    log.info("Cleaning cache data for " + 
principal.getPrimaryPrincipal().toString());

    clearCachedAuthorizationInfo(principal);
    }


So, when I want to clean the cache, I just call this method with the 
following code block:


    @Autowired
    private JpaScgasparRealm realm;

......

    SimplePrincipalCollection collection = new SimplePrincipalCollection();
    collection.add("root", "root");
    realm.clearCache(collection);


When I call the previous code, nothing shows in the log console and when 
I try to access to the new "Company record" just created, shiro denied 
the access because the cache is not cleaned.


This is the output of debug info when the application context is loaded:

----------------------------------------------------------------------------------------------------------------------------------------------------------

2012-09-20 18:09:12,911 DEBUG | http-bio-8080-exec-28 | 
org.apache.shiro.spring.LifecycleBeanPostProcessor      | Initializing 
bean [jpaScgasparRealm]...
2012-09-20 18:09:12,911 DEBUG | http-bio-8080-exec-28 | 
org.apache.shiro.realm.AuthorizingRealm                 | No 
authorizationCache instance set.  Checking for a cacheManager...
2012-09-20 18:09:12,911  INFO | http-bio-8080-exec-28 | 
org.apache.shiro.realm.AuthorizingRealm                 | No cache or 
cacheManager properties have been set.  Authorization cache cannot be 
obtained.
2012-09-20 18:09:12,911  INFO | http-bio-8080-exec-28 | 
o.s.web.context.support.XmlWebApplicationContext        | Bean 
'jpaScgasparRealm' of type [class 
mx.ssf.sicom.usersManagement.securityRealm.JpaScgasparRealm] is not 
eligible for getting processed by all BeanPostProcessors (for example: 
not eligible for auto-proxying)
2012-09-20 18:09:12,940  INFO | http-bio-8080-exec-28 | 
o.s.cache.ehcache.EhCacheManagerFactoryBean             | Initializing 
EHCache CacheManager
2012-09-20 18:09:12,955  WARN | http-bio-8080-exec-28 | 
net.sf.ehcache.config.ConfigurationFactory              | No 
configuration found. Configuring ehcache from ehcache-failsafe.xml  
found in the classpath: 
file:/opt/apache-tomcat-7.0.27/work/Catalina/localhost/SCGasPAR/loader/ehcache-failsafe.xml 

2012-09-20 18:09:13,046  INFO | http-bio-8080-exec-28 | 
o.s.web.context.support.XmlWebApplicationContext        | Bean 
'springEhCacheManager' of type [class 
org.springframework.cache.ehcache.EhCacheManagerFactoryBean] is not 
eligible for getting processed by all BeanPostProcessors (for example: 
not eligible for auto-proxying)
2012-09-20 18:09:13,047  INFO | http-bio-8080-exec-28 | 
o.s.web.context.support.XmlWebApplicationContext        | Bean 
'springEhCacheManager' of type [class net.sf.ehcache.CacheManager] is 
not eligible for getting processed by all BeanPostProcessors (for 
example: not eligible for auto-proxying)
2012-09-20 18:09:13,053 DEBUG | http-bio-8080-exec-28 | 
org.apache.shiro.spring.LifecycleBeanPostProcessor      | Initializing 
bean [shiroCacheManager]...
2012-09-20 18:09:13,053  INFO | http-bio-8080-exec-28 | 
o.s.web.context.support.XmlWebApplicationContext        | Bean 
'shiroCacheManager' of type [class 
org.apache.shiro.cache.ehcache.EhCacheManager] is not eligible for 
getting processed by all BeanPostProcessors (for example: not eligible 
for auto-proxying)
2012-09-20 18:09:13,055 DEBUG | http-bio-8080-exec-28 | 
org.apache.shiro.realm.AuthorizingRealm                 | No 
authorizationCache instance set.  Checking for a cacheManager...
2012-09-20 18:09:13,056 DEBUG | http-bio-8080-exec-28 | 
org.apache.shiro.realm.AuthorizingRealm                 | CacheManager 
[org.apache.shiro.cache.ehcache.EhCacheManager@3728eed8] has been 
configured.  Building authorization cache named 
[mx.ssf.sicom.usersManagement.securityRealm.JpaScgasparRealm.authorizationCache] 

2012-09-20 18:09:13,056  INFO | http-bio-8080-exec-28 | 
org.apache.shiro.cache.ehcache.EhCacheManager           | Cache with 
name 
'mx.ssf.sicom.usersManagement.securityRealm.JpaScgasparRealm.authorizationCache' 
does not yet exist.  Creating now.
2012-09-20 18:09:13,081  INFO | http-bio-8080-exec-28 | 
org.apache.shiro.cache.ehcache.EhCacheManager           | Added EhCache 
named 
[mx.ssf.sicom.usersManagement.securityRealm.JpaScgasparRealm.authorizationCache] 

2012-09-20 18:09:13,082  INFO | http-bio-8080-exec-28 | 
o.s.web.context.support.XmlWebApplicationContext        | Bean 
'securityManager' of type [class 
org.apache.shiro.web.mgt.DefaultWebSecurityManager] is not eligible for 
getting processed by all BeanPostProcessors (for example: not eligible 
for auto-proxying)
2012-09-20 18:09:13,115  INFO | http-bio-8080-exec-28 | 
o.s.beans.factory.support.DefaultListableBeanFactory    | 
Pre-instantiating singletons in 
org.springframework.beans.factory.support.DefaultListableBeanFactory@4066b105: 
defining beans 
[cpuDAOImpl,containerDAOImpl,roleDAOImpl,warehouseDAOImpl,paymentConditionDAOImpl,userDAOImpl,corporateDAOImpl,permissionsUserDAOImpl,priceDAOImpl,peripheralDAOImpl,customerDAOImpl,permissionDAOImpl,rolesPermissionsDAOImpl,routesDAOImpl,receptionUnitDAOImpl,discountDAOImpl,zoneDAOImpl,movementDAOImpl,distributionCenterDAOImpl,distributionPointDAOImpl,printingTypeDAOImpl,equipmentDAOImpl,regionDAOImpl,geographicLocationDAOImpl,productDAOImpl,companyDAOImpl,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,transactionManager,entityManagerFactory,jpaVendorAdapter,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,dataSource,liquibase,org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor#0,org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor#0,shiroFilter,lifecycleBeanPostProcessor,securityManager,jpaScgasparRealm,credentialMatcher,org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator#0,org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor#0,shiroCacheManager,springEhCacheManager,connectionFactory,rabbitAdmin,messageListenerContainer,generalQueueListener,contextApplicationContextProvider,equipmentInfoService,messageSource,discountServiceImpl,priceSchedulerImpl,pricesTaskCollector,pricesServiceImpl,paymentConditionServiceImpl,PEMEXPriceGrabberImpl,pricesScheduler,messagingService,testChannel,mailSender,alarmMailChannel,alarmSender,org.springframework.context.annotation.ConfigurationClassPostProcessor$ImportAwareBeanPostProcessor#0]; 
root of factory hierarchy

-----------------------------------------------------------------------------------------------------------------------------------------------------



I'm trying to set up the use of a cache with shiro all the day and 
really I don't find the way. Any ideas of what I'm doing wrong?



Thanks for your time.

Rogelio Delgado
























					Reply via email to