9 Replies Latest reply: Apr 25, 2012 9:20 AM by Randall Hauch RSS

Configuration using AuthenticationProvider/AuthorizationProvider

djg2002 Newbie

This is sort of a continuation of the previous thread I had on this but since I've figured out the issues I had with loading the JcrEngine I figured it warrants a new thread.

 

Everything works fine as anonymous, so I've removed JAAS config, and revoked anonymous access in the config below. I followed the outline in docs section 6.5.2

My CustomAuthenticationProvider is instantiated by Spring and the SecurityContextis injected into it, but the public ExecutionContext authenticate(...) method never gets called. 

 

I put@PostConstruct methods to confirm everything is getting configured so any idea why I don't get the providers CustomSecurityContext?  Classes also below for reference

 


Config:


<mode:repositories>

    <mode:repository jcr:name="tbuk_repository" mode:source="file_system_source">


       <mode:options jcr:primaryType="mode:options">

           <jaasLoginConfigName jcr:primaryType="mode:option"  mode:value="" />

           <anonymousUserRoles jcr:primaryType="mode:option"  mode:value="" />

       </mode:options>


       <mode:authenticationProviders>

           <mode:authenticationProvider jcr:name="customModeshapeAuthenticationProvider"

                                  mode:classname="com.uk.tech.jcr.security.CustomAuthenticationProvider" />

           </mode:authenticationProviders>

    </mode:repository>

</mode:repositories>


<mode:sources jcr:primaryType="nt:unstructured">

   <mode:source jcr:name="file_system_source" mode:classname="org.modeshape.connector.filesystem.FileSystemSource" ...

.../>



my AuthenticationProvider:


@Configurable (preConstruction = true)

public class CustomAuthenticationProvider implements AuthenticationProvider {


    @Autowired

    SecurityContext securityContext;


    private static final Logger log = LogUtil.getLogger();


    @PostConstruct

    public void postC() {


        // This is executed ok

        if (securityContext != null) {

            log.info("In @PostConstruct, SecurityContext class : " + securityContext.getClass().getName());

        }

        else {

            log.warn("In @PostConstruct, SecurityContext is NULL");

        }

    }


    @Override

    public ExecutionContext authenticate(Credentials credentials, String repositoryName, String workspaceName, ExecutionContext repositoryContext, Map<String, Object> sessionAttributes) {


        // Doesn't get executed

        log.info("Enriching ExecutionContext with SecurityContext for user {}", securityContext.getUserName());


        System.out.println("\n\n\n&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\n\n\n"); // Make any execution stand out a mile


        return repositoryContext.with(securityContext);

    }

}


 

my SecurityContext:

 

@Component

public class CustomSecurityContextImpl implements SecurityContext, AuthorizationProvider {

 

    @Autowired

    CustomUserDetailsManager userDetailsManager;

 

    @Autowired

    WorkspaceRole workspaceRole;

 

    private static final Logger log = LogUtil.getLogger();

 

    @PostConstruct

    public void postC() {

        // Executes ok, but rest of the methods are never called

        log.info("In @PostConstruct {}");

    }

 

...

 

}