Thanks for the responses. I have resolved this as described here:
http://forums.opensymphony.com/thread.jspa?messageID=131487𠆟 Kind Regards, Kiran Brett Knights-2 wrote: > > I think your easiest course would be to call, in your applicatonContext > file, setJobDataAsMap. Add the user as a property to the job data. > > Then extend your JobDetail to look for the user object in the merged job > data and set up the Authentication object appropriately. > > HTH > BTW not looking at the reference so I don't know if the > names/descriptions of things are accurate. > > > kirankeshav wrote: >> Thanks, Brett. >> >> We have configured quartz declaratively with the following in the >> applicationContext: >> >> <bean id="schedulerFactoryBean" >> class="org.springframework.scheduling.quartz.SchedulerFactoryBean"> >> <property name="triggers"> >> <list> >> <ref local="expressionExperimentTrigger"/> >> </list> >> </property> >> </bean> >> <bean id="expressionExperimentTrigger" >> class="org.springframework.scheduling.quartz.CronTriggerBean"> >> <property name="jobDetail"> >> <ref bean="expressionExperimentJobDetail"/> >> </property> >> <property name="cronExpression"> >> <value>0 15 0 ? * *</value> >> </property> >> </bean> >> <bean id="expressionExperimentJobDetail" >> class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"> >> <property name="targetObject"><ref >> bean="expressionExperimentReportService"/></property> >> <property >> name="targetMethod"><value>generateSummaryObjects</value></property> >> </bean> >> >> The method, generateSummaryObjects is secured via the >> serviceSecurityInerceptor, which is fired when the method is invoked. >> When >> this inerceptor checks the Authentication object, it will not find any >> credentials, at which point I can create a new Authentication object and >> add >> it to the SecurityContext. The problem, however, is that I will need to >> a >> way to determine if the method invocation originated from the >> quartz.MethodInvokingJobDetailFactoryBean (reflection my give me a handle >> to >> this). Alternatively, I was hoping you could set the user on the quartz >> scheduler. More specifically, I was wondering if you could do: >> >> >> <bean id="expressionExperimentTrigger" >> class="org.springframework.scheduling.quartz.CronTriggerBean"> >> <property name="jobDetail"> >> <ref bean="expressionExperimentJobDetail"/> >> </property> >> <property name="cronExpression"> >> <value>0 15 0 ? * *</value> >> </property> >> <property name="user"> >> <value>administrator</value> >> </property> >> </bean> >> >> where the user value is the name of the user (principal, in acegi speak). >> Any ideas? >> >> >> Brett Knights-2 wrote: >> >>> My jobs inherit from QuartzJobBean and I override executeInternal. >>> >>> Inside that method I call another method that configures the >>> authentication object. In the example below the object that knows what >>> user to run as is an Application. >>> >>> >>> private Application app; >>> ... >>> >>> private void loadApplicationAndSecurityContext(JobExecutionContext >>> context, ApplicationContext parentAppContext) { >>> ApplicationDao appDao = (ApplicationDao) >>> parentAppContext.getBean("applicationDao"); >>> >>> app = >>> appDao.getApplicationById(context.getMergedJobDataMap().getLongValueFromString(PARENT_APP_KEY)); >>> UserManager userMgr = (UserManager) >>> parentAppContext.getBean("userManager"); >>> >>> User user = >>> userMgr.getUser(String.valueOf(app.getRunAsUserId())); >>> >>> Authentication auth = new >>> UsernamePasswordAuthenticationToken(user, user.getPassword(), >>> user.getAuthorities()); >>> SecurityContextHolder.getContext().setAuthentication(auth); >>> } >>> >>> I believe there is also a way to configure acegi itself to run certain >>> methods as a particular user in the absence of a Autheticated user. >>> >>> HTH >>> >>> kirankeshav wrote: >>> >>>> I was wondering if anyone has used Quartz scheduling with Acegi? More >>>> specifically, we have secured method invocation via acegi (when a >>>> secured >>>> method is invoked, the securityServiceInterceptor is invoked and the >>>> Authentication object is checked) in our appfuse based application, and >>>> have >>>> quartz running one of these secured methods. The problem is that when >>>> quartz >>>> tries to run the method, we get an >>>> >>>> org.acegisecurity.AuthenticationCredentialsNotFoundException: An >>>> Authentication object was not found in the SecurityContext >>>> >>>> This is expected since quartz itself is not a "user" of the system. In >>>> our >>>> webapp, the Authentication obejct is populated when a user logs in. In >>>> our >>>> tests, we can programmatically set the user (and corresponding >>>> Authentication object). >>>> >>>> To programmatically set the user in our webapp, we would first have to >>>> check >>>> to see if the secured method was initially triggered by quartz >>>> (CronExpression) and if so, run as a user with administrator >>>> privileges. >>>> Is >>>> this possible (we can get objects from Hibernate proxies, but not sure >>>> if >>>> I >>>> can get the Class, CronExpression in our case, that invokes the secured >>>> method from an >>>> org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor)? >>>> >>>> Alternatively, is there a way to declaratively set an authentication >>>> object >>>> on the methods run by the CronExpression (that is, set the principal = >>>> admin >>>> when running a method via quartz)? >>>> >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Running-Quartz-Jobs-on-Acegi-Secured-Methods-tf3293339s2369.html#a9425611 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
