9 Replies Latest reply: Apr 25, 2012 9:20 AM by Randall Hauch RSS

    Configuration using AuthenticationProvider/AuthorizationProvider

    djg2002 Newbie

      This is sort of a continuation of the previous thread I had on this but since I've figured out the issues I had with loading the JcrEngine I figured it warrants a new thread.


      Everything works fine as anonymous, so I've removed JAAS config, and revoked anonymous access in the config below. I followed the outline in docs section 6.5.2

      My CustomAuthenticationProvider is instantiated by Spring and the SecurityContextis injected into it, but the public ExecutionContext authenticate(...) method never gets called. 


      I put@PostConstruct methods to confirm everything is getting configured so any idea why I don't get the providers CustomSecurityContext?  Classes also below for reference




          <mode:repository jcr:name="tbuk_repository" mode:source="file_system_source">

             <mode:options jcr:primaryType="mode:options">

                 <jaasLoginConfigName jcr:primaryType="mode:option"  mode:value="" />

                 <anonymousUserRoles jcr:primaryType="mode:option"  mode:value="" />



                 <mode:authenticationProvider jcr:name="customModeshapeAuthenticationProvider"

                                        mode:classname="com.uk.tech.jcr.security.CustomAuthenticationProvider" />




      <mode:sources jcr:primaryType="nt:unstructured">

         <mode:source jcr:name="file_system_source" mode:classname="org.modeshape.connector.filesystem.FileSystemSource" ...


      my AuthenticationProvider:

      @Configurable (preConstruction = true)

      public class CustomAuthenticationProvider implements AuthenticationProvider {


          SecurityContext securityContext;

          private static final Logger log = LogUtil.getLogger();


          public void postC() {

              // This is executed ok

              if (securityContext != null) {

                  log.info("In @PostConstruct, SecurityContext class : " + securityContext.getClass().getName());


              else {

                  log.warn("In @PostConstruct, SecurityContext is NULL");




          public ExecutionContext authenticate(Credentials credentials, String repositoryName, String workspaceName, ExecutionContext repositoryContext, Map<String, Object> sessionAttributes) {

              // Doesn't get executed

              log.info("Enriching ExecutionContext with SecurityContext for user {}", securityContext.getUserName());

              System.out.println("\n\n\n&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&\n\n\n"); // Make any execution stand out a mile

              return repositoryContext.with(securityContext);




      my SecurityContext:



      public class CustomSecurityContextImpl implements SecurityContext, AuthorizationProvider {



          CustomUserDetailsManager userDetailsManager;



          WorkspaceRole workspaceRole;


          private static final Logger log = LogUtil.getLogger();



          public void postC() {

              // Executes ok, but rest of the methods are never called

              log.info("In @PostConstruct {}");