I think your easiest course would be to call, in your applicatonContext
file, setJobDataAsMap. Add the user as a property to the job data.
Then extend your JobDetail to look for the user object in the merged job
data and set up the Authentication object appropriately.
HTH
BTW not looking at the reference so I don't know if the
names/descriptions of things are accurate.
kirankeshav wrote:
Thanks, Brett.
We have configured quartz declaratively with the following in the
applicationContext:
<bean id="schedulerFactoryBean"
class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
<property name="triggers">
<list>
<ref local="expressionExperimentTrigger"/>
</list>
</property>
</bean>
<bean id="expressionExperimentTrigger"
class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail">
<ref bean="expressionExperimentJobDetail"/>
</property>
<property name="cronExpression">
<value>0 15 0 ? * *</value>
</property>
</bean>
<bean id="expressionExperimentJobDetail"
class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
<property name="targetObject"><ref
bean="expressionExperimentReportService"/></property>
<property
name="targetMethod"><value>generateSummaryObjects</value></property>
</bean>
The method, generateSummaryObjects is secured via the
serviceSecurityInerceptor, which is fired when the method is invoked. When
this inerceptor checks the Authentication object, it will not find any
credentials, at which point I can create a new Authentication object and add
it to the SecurityContext. The problem, however, is that I will need to a
way to determine if the method invocation originated from the
quartz.MethodInvokingJobDetailFactoryBean (reflection my give me a handle to
this). Alternatively, I was hoping you could set the user on the quartz
scheduler. More specifically, I was wondering if you could do:
<bean id="expressionExperimentTrigger"
class="org.springframework.scheduling.quartz.CronTriggerBean">
<property name="jobDetail">
<ref bean="expressionExperimentJobDetail"/>
</property>
<property name="cronExpression">
<value>0 15 0 ? * *</value>
</property>
<property name="user">
<value>administrator</value>
</property>
</bean>
where the user value is the name of the user (principal, in acegi speak).
Any ideas?
Brett Knights-2 wrote:
My jobs inherit from QuartzJobBean and I override executeInternal.
Inside that method I call another method that configures the
authentication object. In the example below the object that knows what
user to run as is an Application.
private Application app;
...
private void loadApplicationAndSecurityContext(JobExecutionContext
context, ApplicationContext parentAppContext) {
ApplicationDao appDao = (ApplicationDao)
parentAppContext.getBean("applicationDao");
app =
appDao.getApplicationById(context.getMergedJobDataMap().getLongValueFromString(PARENT_APP_KEY));
UserManager userMgr = (UserManager)
parentAppContext.getBean("userManager");
User user = userMgr.getUser(String.valueOf(app.getRunAsUserId()));
Authentication auth = new
UsernamePasswordAuthenticationToken(user, user.getPassword(),
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
}
I believe there is also a way to configure acegi itself to run certain
methods as a particular user in the absence of a Autheticated user.
HTH
kirankeshav wrote:
I was wondering if anyone has used Quartz scheduling with Acegi? More
specifically, we have secured method invocation via acegi (when a secured
method is invoked, the securityServiceInterceptor is invoked and the
Authentication object is checked) in our appfuse based application, and
have
quartz running one of these secured methods. The problem is that when
quartz
tries to run the method, we get an
org.acegisecurity.AuthenticationCredentialsNotFoundException: An
Authentication object was not found in the SecurityContext
This is expected since quartz itself is not a "user" of the system. In
our
webapp, the Authentication obejct is populated when a user logs in. In
our
tests, we can programmatically set the user (and corresponding
Authentication object).
To programmatically set the user in our webapp, we would first have to
check
to see if the secured method was initially triggered by quartz
(CronExpression) and if so, run as a user with administrator privileges.
Is
this possible (we can get objects from Hibernate proxies, but not sure if
I
can get the Class, CronExpression in our case, that invokes the secured
method from an
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor)?
Alternatively, is there a way to declaratively set an authentication
object
on the methods run by the CronExpression (that is, set the principal =
admin
when running a method via quartz)?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
