Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Spring Security and Virgo(Share a ThreadLocal Variable between bundles)
Spring Security and Virgo [message #1252474] Fri, 21 February 2014 03:56 Go to next message
Miguel Salinas Gancedo is currently offline Miguel Salinas Gancedo
Messages: 8
Registered: October 2012
Junior Member
I integrated Spring Security correctly inside Virgo. But my question is:

I have three bundles:
- Bundle A(Domain Layer).
- Bundle B (Security Layer).
- Bundle C (Web Layer).

From Bundle B, I create the Spring SecurityContext everytime I create a Web Session from Bundle C with the current user logon, I know that the SecurityContext created is a ThreadLocal variable, my problem is that I implemented an auditory system from bundle A throw JPA Listeners so I must recover the active User every time I insert or update any domain entities. The problem is that I try to recover the Spring SecurityContext from Bundle A throw SecurityContextHolder.getContext() and I obtain null ;(, but if I configure Spring security like Global strategy, that is, SecurityContext is a public static variable i could obtain the last user logon.

How can I obtain my ThreadLocal Spring SecurityContext from any bundle???, What is the difference between a ThreadLocal variable and a static public variable inside OSGi???

Best Regards.
Re: Spring Security and Virgo [message #1252758 is a reply to message #1252474] Fri, 21 February 2014 10:21 Go to previous messageGo to next message
Raghuram Devarakonda is currently offline Raghuram Devarakonda
Messages: 11
Registered: November 2012
Junior Member
This is what we do in order to have Security context in the ThreadLocal.

1) When a user logs in, a session (our own implementation) is created and the Spring security authentication context is saved.

2) All further requests need to send the session-id in a customer header.

3) We configure a filter that looks for this session-id and when found, it fetches the security context and sets it in the thread local. The same filter resets the context in the thread local to null on the way out.

4) If the incoming request doesn't contain the session-id or if contains an invalid one, the filter fails the request.

Hope this helps,
Raghu
Re: Spring Security and Virgo [message #1255408 is a reply to message #1252758] Mon, 24 February 2014 07:06 Go to previous message
Miguel Salinas Gancedo is currently offline Miguel Salinas Gancedo
Messages: 8
Registered: October 2012
Junior Member
My problem is not realy create the Spring SecurityContext and save it in my case in the thread of the bundle B, my problem is how can obtain this threadlocal variable with my SecurityContext from the other bundle A, because the auditory process is created from this bundle A, and i must access to the principal security object injected in the SecurityContext created in other bundle B.
Previous Topic:Implement something like virgo snaps using virgo jetty server
Next Topic:Virgo Server failed to start
Goto Forum:
  


Current Time: Sat Aug 23 01:51:21 EDT 2014

Powered by FUDForum. Page generated in 0.01757 seconds