aspose file tools*
The moose likes Spring and the fly likes SecurityContextPersistenceFilter where to configure it and how spring will use it Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "SecurityContextPersistenceFilter where to configure it and how spring will use it" Watch "SecurityContextPersistenceFilter where to configure it and how spring will use it" New topic
Author

SecurityContextPersistenceFilter where to configure it and how spring will use it

sajjad ahmad
Ranch Hand

Joined: Jan 23, 2003
Posts: 78
Good day I am using UserCredentialsDataSourceAdapter class in my spring application b cause we can’t have a connection pool here (Proxy user not allowed) and each user has to has his own connection for each request (or for his whole session).
Below is the retrieveUser method



/**
* This method should have the database call where we will try to get the connection for this user , if connection is successfull this means user is authorized.
* I think if we want to check any needed roles we should also check the roles in this method instead of doing it in additionalAutheticationChecks or we can use
* the ThreadModel here (recomended by Haroon)
*/
protected UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
String password = (String) authentication.getCredentials();
if (!StringUtils.hasText(password))
{
throw new BadCredentialsException("Please enter password");

}
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
try
{

getUserAdapter().setCredentialsForCurrentThread(us ername, password);
Connection conn= getUserAdapter().getConnection();

}
catch (SQLException e) {
e.printStackTrace();
//**This means user credentials are not correct so we should throw EmptyResultDataAccessException from here
throw new BadCredentialsException("Invalid username or password");

}
catch (EmptyResultDataAccessException e)
{
throw new BadCredentialsException("Invalid username or password");

} catch (EntityNotFoundException e) {
throw new BadCredentialsException("Invalid user");

} catch (NonUniqueResultException e) {
throw new BadCredentialsException("Non-unique user, contact administrator");

}
return new User(username, password,
true, // enabled
true, // account not expired
true, // credentials not expired
true, // account not locked
authorities);
}

User is able to login as in this method I am just checking if I can make the database connection successfully using credentials then it means he is a valid user.
Now in my application after login user may want to see list of Items , when I try to click the list link I get an error like

2012-10-23 18:55:52,906 [tomcat-http--41] DEBUG org.springframework.jdbc.datasource.DriverManagerD ataSource - Creating new JDBC DriverManager Connection to [jdbcracle:thin:@EPAT]
2012-10-23 18:55:53,002 [tomcat-http--41] DEBUG org.hibernate.util.JDBCExceptionReporter - Cannot open connection [???]


I was assuming that since I have already set the credentials using setCredentialsForCurrentThread method for all the other requests from same user spring will handle the connection thing , but I understand it now since each request means a different thread on server therefore user credentials may have been lost in another thread.
And I am looking for a best possible approach here, please guide me what to do in this case.

I came to know about SecurityContextPersistenceFilter class and I am setting it as a bean in my applicationcontext.xml as

<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.Se curityContextPersistenceFilter"/>

but still face teh same problem , user is successfully logedin but when he tries to see list of items I see hibernate same problem reported by hibernate.

Note: In my application I want the user to login only once and the connection made during login should be used until he logs out or his session is invalidated, or the user credentials are being stored in a way that Spring manages the creation of new connection upon each request.
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1648
    
    7

Read the java doc for DriverManagerDataSource. Its not a real connection pool it just creates new connections. It does not look like you are uing HIbernate I see you fiddling with the connection manually there is nothing Spring managed about it. I don't see you closing your connection either.


[How To Ask Questions][Read before you PM me]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SecurityContextPersistenceFilter where to configure it and how spring will use it