Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » [6.1.0.M5] Missing RunContext when calling Service from CredentialVerifier
icon5.gif  [6.1.0.M5] Missing RunContext when calling Service from CredentialVerifier [message #1757954] Wed, 22 March 2017 10:12 Go to next message
A N is currently offline A NFriend
Messages: 18
Registered: July 2014
Junior Member
Hello,

in Version 6.1.0.M5 of Scout I am not able to call a service from my CredentialVerifier implementation in the same way I was able to in previous versions.

I was able to fix the issue by adding the following line in the verify method before calling the service:

RunContext.CURRENT.set(new RunContextProducer().produce(new Subject()));


Could someone please give me feedback on how to deal with this properly?


Code
package com.company.scout.product.frontend.ui.html;

import java.io.IOException;

import javax.security.auth.Subject;

import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.Bean;
import org.eclipse.scout.rt.platform.context.RunContext;
import org.eclipse.scout.rt.platform.context.RunContextProducer;
import org.eclipse.scout.rt.platform.security.ICredentialVerifier;

import com.company.scout.product.frontend.shared.security.ICredentialVerificationService;


@Bean
public class CredentialVerifier implements ICredentialVerifier {

  @Override
  public int verify(String username, char[] password) throws IOException {

    if (BEANS.get(ICredentialVerificationService.class).login(username, password)) {
      return ICredentialVerifier.AUTH_OK;
    }

    return ICredentialVerifier.AUTH_FAILED;
  }

}


Exception
2017-03-22 10:56:12,400 WARN  [qtp348984985-18] org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:628) - /auth - MDC[]
java.lang.NullPointerException: null
	at org.eclipse.scout.rt.shared.servicetunnel.http.HttpServiceTunnel.tunnel(HttpServiceTunnel.java:209)
	at org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.invokeService(AbstractServiceTunnel.java:50)
	at org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.invokeService(AbstractServiceTunnel.java:42)
	at org.eclipse.scout.rt.shared.servicetunnel.http.HttpServiceTunnel.invokeService(HttpServiceTunnel.java:185)
	at org.eclipse.scout.rt.shared.servicetunnel.ServiceTunnelProxyProducer.invoke(ServiceTunnelProxyProducer.java:43)
	at org.eclipse.scout.rt.platform.interceptor.DecoratingProxy.invokeImpl(DecoratingProxy.java:134)
	at org.eclipse.scout.rt.platform.interceptor.DecoratingProxy$P_InvocationHandler.invoke(DecoratingProxy.java:172)
	at com.sun.proxy.$Proxy16.login(Unknown Source)
	at com.company.scout.product.frontend.ui.html.CredentialVerifier.verify(CredentialVerifier.java:20)
	at org.eclipse.scout.rt.server.commons.authentication.FormBasedAccessController.handleAuthRequest(FormBasedAccessController.java:102)
	at org.eclipse.scout.rt.server.commons.authentication.FormBasedAccessController.handle(FormBasedAccessController.java:70)
	at com.company.scout.product.frontend.ui.html.UiServletFilter.doFilter(UiServletFilter.java:54)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
	at java.lang.Thread.run(Thread.java:745)


[Updated on: Wed, 22 March 2017 10:13]

Report message to a moderator

Re: [6.1.0.M5] Missing RunContext when calling Service from CredentialVerifier [message #1758113 is a reply to message #1757954] Thu, 23 March 2017 16:44 Go to previous message
Paolo Bazzi is currently offline Paolo BazziFriend
Messages: 11
Registered: January 2017
Junior Member
Hi!

This depends on the business logic within the ICredentialVerificationService implementation. If this service is a backend service, you need to call it within a run context.

Example:

ClientRunContexts.copyCurrent(true)
        .withSubject( ... )
        .call(new Callable<Integer>() {
          @Override
          public Integer call() throws Exception {
            if (BEANS.get(ICredentialVerificationService.class).login(username, password)) {
              return ICredentialVerifier.AUTH_OK;
           }
          return ICredentialVerifier.AUTH_FAILED;
          }
        });


Note: Depending on the access check you want to perform in backend, you could use a fixed subject for such not authenticated calls to the backend:

    final Subject subject = new Subject();
    subject.getPrincipals().add(new SimplePrincipal("access-check-user"));
    subject.setReadOnly();
    return subject;


Regards,
Paolo

[Updated on: Thu, 23 March 2017 16:46]

Report message to a moderator

Previous Topic:Session timeout issues
Next Topic:Offline Storage of Derby Database for Raspberry Pi
Goto Forum:
  


Current Time: Sat May 27 15:42:31 GMT 2017

Powered by FUDForum. Page generated in 0.01622 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software