 [6.1.0.M5] Missing RunContext when calling Service from CredentialVerifier [message #1757954] |
Wed, 22 March 2017 10:12  |
 A N
Messages: 25
Registered: July 2014 |
Junior Member |
|
|
Hello,
in Version 6.1.0.M5 of Scout I am not able to call a service from my CredentialVerifier implementation in the same way I was able to in previous versions.
I was able to fix the issue by adding the following line in the verify method before calling the service:
RunContext.CURRENT.set(new RunContextProducer().produce(new Subject()));
Could someone please give me feedback on how to deal with this properly?
Code
package com.company.scout.product.frontend.ui.html;
import java.io.IOException;
import javax.security.auth.Subject;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.Bean;
import org.eclipse.scout.rt.platform.context.RunContext;
import org.eclipse.scout.rt.platform.context.RunContextProducer;
import org.eclipse.scout.rt.platform.security.ICredentialVerifier;
import com.company.scout.product.frontend.shared.security.ICredentialVerificationService;
@Bean
public class CredentialVerifier implements ICredentialVerifier {
@Override
public int verify(String username, char[] password) throws IOException {
if (BEANS.get(ICredentialVerificationService.class).login(username, password)) {
return ICredentialVerifier.AUTH_OK;
}
return ICredentialVerifier.AUTH_FAILED;
}
}
Exception
2017-03-22 10:56:12,400 WARN [qtp348984985-18] org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:628) - /auth - MDC[]
java.lang.NullPointerException: null
at org.eclipse.scout.rt.shared.servicetunnel.http.HttpServiceTunnel.tunnel(HttpServiceTunnel.java:209)
at org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.invokeService(AbstractServiceTunnel.java:50)
at org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.invokeService(AbstractServiceTunnel.java:42)
at org.eclipse.scout.rt.shared.servicetunnel.http.HttpServiceTunnel.invokeService(HttpServiceTunnel.java:185)
at org.eclipse.scout.rt.shared.servicetunnel.ServiceTunnelProxyProducer.invoke(ServiceTunnelProxyProducer.java:43)
at org.eclipse.scout.rt.platform.interceptor.DecoratingProxy.invokeImpl(DecoratingProxy.java:134)
at org.eclipse.scout.rt.platform.interceptor.DecoratingProxy$P_InvocationHandler.invoke(DecoratingProxy.java:172)
at com.sun.proxy.$Proxy16.login(Unknown Source)
at com.company.scout.product.frontend.ui.html.CredentialVerifier.verify(CredentialVerifier.java:20)
at org.eclipse.scout.rt.server.commons.authentication.FormBasedAccessController.handleAuthRequest(FormBasedAccessController.java:102)
at org.eclipse.scout.rt.server.commons.authentication.FormBasedAccessController.handle(FormBasedAccessController.java:70)
at com.company.scout.product.frontend.ui.html.UiServletFilter.doFilter(UiServletFilter.java:54)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
[Updated on: Wed, 22 March 2017 10:13] Report message to a moderator |
|
|
| Re: [6.1.0.M5] Missing RunContext when calling Service from CredentialVerifier [message #1758113 is a reply to message #1757954] |
Thu, 23 March 2017 16:44  |
Paolo Bazzi
Messages: 17
Registered: January 2017 |
Junior Member |
|
|
Hi!
This depends on the business logic within the ICredentialVerificationService implementation. If this service is a backend service, you need to call it within a run context.
Example:
ClientRunContexts.copyCurrent(true)
.withSubject( ... )
.call(new Callable<Integer>() {
@Override
public Integer call() throws Exception {
if (BEANS.get(ICredentialVerificationService.class).login(username, password)) {
return ICredentialVerifier.AUTH_OK;
}
return ICredentialVerifier.AUTH_FAILED;
}
});
Note: Depending on the access check you want to perform in backend, you could use a fixed subject for such not authenticated calls to the backend:
final Subject subject = new Subject();
subject.getPrincipals().add(new SimplePrincipal("access-check-user"));
subject.setReadOnly();
return subject;
Regards,
Paolo
[Updated on: Thu, 23 March 2017 16:46] Report message to a moderator |
|
|
|
|
Powered by
FUDForum. Page generated in 0.02202 seconds
Search
Help
Register
Login
Home
