Thanks, Brett.
We have configured quartz declaratively with the following in the
applicationContext:
<bean id="schedulerFactoryBean"
class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
<property name="triggers">
<list>
<ref local="expressionExperimentTrigger"/>
</list>
</property>
</bean>
<bean id="expressionExperimentTrigger"
class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail">
<ref bean="expressionExperimentJobDetail"/>
</property>
<property name="cronExpression">
<value>0 15 0 ? * *</value>
</property>
</bean>
<bean id="expressionExperimentJobDetail"
class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
<property name="targetObject"><ref
bean="expressionExperimentReportService"/></property>
<property
name="targetMethod"><value>generateSummaryObjects</value></property>
</bean>
The method, generateSummaryObjects is secured via the
serviceSecurityInerceptor, which is fired when the method is invoked. When
this inerceptor checks the Authentication object, it will not find any
credentials, at which point I can create a new Authentication object and add
it to the SecurityContext. The problem, however, is that I will need to a
way to determine if the method invocation originated from the
quartz.MethodInvokingJobDetailFactoryBean (reflection my give me a handle to
this). Alternatively, I was hoping you could set the user on the quartz
scheduler. More specifically, I was wondering if you could do:
<bean id="expressionExperimentTrigger"
class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail">
<ref bean="expressionExperimentJobDetail"/>
</property>
<property name="cronExpression">
<value>0 15 0 ? * *</value>
</property>
<property name="user">
<value>administrator</value>
</property>
</bean>
where the user value is the name of the user (principal, in acegi speak).
Any ideas?
Brett Knights-2 wrote:
>
> My jobs inherit from QuartzJobBean and I override executeInternal.
>
> Inside that method I call another method that configures the
> authentication object. In the example below the object that knows what
> user to run as is an Application.
>
>
> private Application app;
> ...
>
> private void loadApplicationAndSecurityContext(JobExecutionContext
> context, ApplicationContext parentAppContext) {
> ApplicationDao appDao = (ApplicationDao)
> parentAppContext.getBean("applicationDao");
>
> app =
> appDao.getApplicationById(context.getMergedJobDataMap().getLongValueFromString(PARENT_APP_KEY));
> UserManager userMgr = (UserManager)
> parentAppContext.getBean("userManager");
>
> User user = userMgr.getUser(String.valueOf(app.getRunAsUserId()));
>
> Authentication auth = new
> UsernamePasswordAuthenticationToken(user, user.getPassword(),
> user.getAuthorities());
> SecurityContextHolder.getContext().setAuthentication(auth);
> }
>
> I believe there is also a way to configure acegi itself to run certain
> methods as a particular user in the absence of a Autheticated user.
>
> HTH
>
> kirankeshav wrote:
>> I was wondering if anyone has used Quartz scheduling with Acegi? More
>> specifically, we have secured method invocation via acegi (when a secured
>> method is invoked, the securityServiceInterceptor is invoked and the
>> Authentication object is checked) in our appfuse based application, and
>> have
>> quartz running one of these secured methods. The problem is that when
>> quartz
>> tries to run the method, we get an
>>
>> org.acegisecurity.AuthenticationCredentialsNotFoundException: An
>> Authentication object was not found in the SecurityContext
>>
>> This is expected since quartz itself is not a "user" of the system. In
>> our
>> webapp, the Authentication obejct is populated when a user logs in. In
>> our
>> tests, we can programmatically set the user (and corresponding
>> Authentication object).
>>
>> To programmatically set the user in our webapp, we would first have to
>> check
>> to see if the secured method was initially triggered by quartz
>> (CronExpression) and if so, run as a user with administrator privileges.
>> Is
>> this possible (we can get objects from Hibernate proxies, but not sure if
>> I
>> can get the Class, CronExpression in our case, that invokes the secured
>> method from an
>> org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor)?
>>
>> Alternatively, is there a way to declaratively set an authentication
>> object
>> on the methods run by the CronExpression (that is, set the principal =
>> admin
>> when running a method via quartz)?
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Running-Quartz-Jobs-on-Acegi-Secured-Methods-tf3293339s2369.html#a9167343
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
