I have written a customauthenticator for Acegi, and I've wired it in, and I
can tell (when acegi logging is set to debug) that I'm getting back the
desired results, and passing through the right filters, and getting approved
for the page BUT the destination page shows as a blank.
Documentum requires a plaintext password, and you cannot look up user
details using just a username and no password, so I had to implement this as
follows:
package com.csc.digitization.quality.security;
import java.util.ArrayList;
import java.util.List;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
import org.acegisecurity.providers.dao.SaltSource;
import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.springframework.dao.DataAccessException;
import org.springframework.util.Assert;
import com.csc.digitization.quality.dctm.DCTMService;
import com.csc.digitization.quality.dctm.PropertyRetriever;
import com.documentum.fc.common.DfException;
/**
* An [EMAIL PROTECTED] <[EMAIL PROTECTED]> AuthenticationProvider}
implementation that
retrieves user details
* from an [EMAIL PROTECTED] <[EMAIL PROTECTED]> UserDetailsService}.
*
* @author John Kwon
* @version $Id: DocumentumAuthenticationProvider.java 1857 2007-05-24
00:47:12Z
* johkwo $
*/
public class DocumentumAuthenticationProvider extends
AbstractUserDetailsAuthenticationProvider {
//~ Instance fields
================================================================================================
private PasswordEncoder passwordEncoder = new
PlaintextPasswordEncoder();
private boolean includeDetailsObject = true;
//~ Methods
========================================================================================================
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws
AuthenticationException {
if (authentication.getCredentials() == null) {
throw new BadCredentialsException("Bad Credentials");
}
String presentedPassword = authentication.getCredentials() == null ?
"" : authentication.getCredentials()
.toString();
}
public PasswordEncoder getPasswordEncoder() {
return passwordEncoder;
}
protected final UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
UserDetails loadedUser;
String docbase = new PropertyRetriever().getProperty("mail",
"docbase");
String password = authentication.getCredentials() == null ? "" :
authentication.getCredentials()
.toString();
try {
DCTMService dService = new DCTMService();
dService.authenticate (username, password, docbase);
loadedUser = new DocumentumUserDetails();
((DocumentumUserDetails) loadedUser).setUsername(username);
((DocumentumUserDetails) loadedUser).setPassword(password);
GrantedAuthority[] authorities = loadedUser.getAuthorities();
((DocumentumUserDetails) loadedUser).setEnabled(true);
}
catch (Exception repositoryProblem) {
throw new AuthenticationServiceException(
repositoryProblem.getMessage(), repositoryProblem);
}
return loadedUser;
}
/**
* Sets the PasswordEncoder instance to be used to encode and validate
passwords.
* If not set, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
PlaintextPasswordEncoder} will be used
by default.
*
* @param passwordEncoder The passwordEncoder to use
*/
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
public boolean isIncludeDetailsObject() {
return includeDetailsObject;
}
public void setIncludeDetailsObject(boolean includeDetailsObject) {
this.includeDetailsObject = includeDetailsObject;
}
}
This appears to work, except that when I go from the logon screen to
/mainmenu.html, I see nothing on arrival.
Here's the log:
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(100) | Converted URL
to lowercase, from: '/mainmenu.html'; to: '/mainmenu.html'
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainmenu.html'; pattern is /images/**; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainmenu.html'; pattern is /scripts/**; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainmenu.html'; pattern is /styles/**; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainmenu.html'; pattern is /**; matched=true
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 1 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1] HttpSessionContextIntegrationFilter.doFilter(239)
| Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to
SecurityContextHolder:
'[EMAIL PROTECTED]: Authentication:
[EMAIL PROTECTED]:
Username:
[EMAIL PROTECTED];
Password: [PROTECTED]; Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: 5D99DCA27AA857F1FC89EE6E434B5884; Granted Authorities:
ROLE_USER'
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 2 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 3 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1] SavedRequestAwareWrapper.<init>(107) | Wrapper
not replaced; SavedRequest was: null
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 4 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1] RememberMeProcessingFilter.doFilter(138) |
SecurityContextHolder not populated with remember-me token, as it already
contained:
'[EMAIL PROTECTED]:
Username:
[EMAIL PROTECTED];
Password: [PROTECTED]; Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: 5D99DCA27AA857F1FC89EE6E434B5884; Granted Authorities:
ROLE_USER'
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 5 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1] AnonymousProcessingFilter.doFilter(118) |
SecurityContextHolder not populated with anonymous token, as it already
contained:
'[EMAIL PROTECTED]:
Username:
[EMAIL PROTECTED];
Password: [PROTECTED]; Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: 5D99DCA27AA857F1FC89EE6E434B5884; Granted Authorities:
ROLE_USER'
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 6 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(270) |
/mainMenu.html at position 7 of 7 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /pdf.html*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is
/**/*.pdf*=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER
/activeUsers.*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /clickstreams.jsp*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /flushCache.*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /passwordHint.html*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /reload.*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /signup.html*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /a4j.res/*.html*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /users.html*; matched=false
[quality] DEBUG [http-8080-1]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) | Candidate is:
'/mainMenu.html'; pattern is /**/*.html*; matched=true
[quality] DEBUG [http-8080-1] AbstractSecurityInterceptor.beforeInvocation(257)
| Secure object: FilterInvocation: URL: /mainMenu.html; ConfigAttributes:
[ROLE_ADMIN, ROLE_USER]
[quality] DEBUG [http-8080-1] AbstractSecurityInterceptor.beforeInvocation(286)
| Previously Authenticated:
[EMAIL PROTECTED]:
Username:
[EMAIL PROTECTED];
Password: [PROTECTED]; Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: 5D99DCA27AA857F1FC89EE6E434B5884; Granted Authorities:
ROLE_USER
[quality] DEBUG [http-8080-1] AbstractSecurityInterceptor.beforeInvocation(302)
| Authorization successful
[quality] DEBUG [http-8080-1] AbstractSecurityInterceptor.beforeInvocation(313)
| RunAsManager did not change Authentication object
[quality] DEBUG [http-8080-1] FilterChainProxy.doFilter(261) |
/mainMenu.html reached end of additional filter chain; proceeding with
original chain
[quality] DEBUG [http-8080-1] ExceptionTranslationFilter.doFilter(113) |
Chain processed normally
[quality] DEBUG [http-8080-1] HttpSessionContextIntegrationFilter.doFilter(364)
| SecurityContextHolder set to new context, as request processing completed
