| Spring Security on multiple bundles [message #709866] |
Thu, 04 August 2011 08:12  |
Eclipse User |
|
|
|
Hi,
I have got 3 modules (UI, business, DAO) for my application. I must use Spring security both in UI and Business. So I created another Spring security bundle like this :
<bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="BF93JFJ091N00Q7HF"/>
</bean>
<bean id="_authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>
AND IN MY OTHER XML:
<osgi:service id="authenticationManagerOsgi"
ref="_authenticationManager"
interface="org.springframework.security.authentication.AuthenticationManager" />
So I try to use the service from my UI (web) bundle
<osgi:reference id="_authenticationManager"
interface="org.springframework.security.AuthenticationManager">
</osgi:reference>
But I got an error when I start the UI bundle using the service of my Security Bundle :
NFO: Illegal access: this web application instance has been stopped already. Could not load org.springframework.osgi.util.internal.PrivilegedUtils. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.
java.lang.IllegalStateException
at org.eclipse.gemini.web.tomcat.internal.loading.BundleWebappClassLoader.loadClass(BundleWebappClassLoader.java:249)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at org.eclipse.virgo.web.core.internal.WebAppClassLoaderDelegateHook.postFindClass(WebAppClassLoaderDelegateHook.java:64)
at org.eclipse.virgo.osgi.extensions.equinox.hooks.PluggableDelegatingClassLoaderDelegateHook.postFindClass(PluggableDelegatingClassLoaderDelegateHook.java:59)
at org.eclipse.osgi.internal.loader.BundleLoader.searchHooks(BundleLoader.java:520)
at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:486)
The package org.springframework.osgi.util.internal seems no more exists in the latest Virgo release :
osgi> bundle 4org.springframework.osgi.core_1.2.1 [4]
Id=4, Status=ACTIVE Data Root=C:\Users\xxx\Desktop\icones\virgo-web-server-2.1.1.RELEASE\work\osgi\configuration\org.eclipse.osgi\bundles\36\data\store\org.eclipse.osgi\bundles\4\data...
No registered services.
No services in use.
Exported packages
org.springframework.osgi; version="1.2.1"[exported]
org.springframework.osgi.bundle; version="1.2.1"[exported]
org.springframework.osgi.compendium.cm; version="1.2.1"[exported]
org.springframework.osgi.compendium.config; version="1.2.1"[exported]
org.springframework.osgi.config; version="1.2.1"[exported]
org.springframework.osgi.context; version="1.2.1"[exported]
org.springframework.osgi.context.event; version="1.2.1"[exported]
org.springframework.osgi.context.support; version="1.2.1"[exported]
org.springframework.osgi.service; version="1.2.1"[exported]
org.springframework.osgi.service.exporter; version="1.2.1"[exported]
org.springframework.osgi.service.exporter.support; version="1.2.1"[exported]
org.springframework.osgi.service.importer; version="1.2.1"[exported]
org.springframework.osgi.service.importer.event; version="1.2.1"[exported]
org.springframework.osgi.service.importer.support; version="1.2.1"[exported]
org.springframework.osgi.util; version="1.2.1"[exported]
Imported packages
org.springframework.aop.support; version="3.0.0.REL
...
The latest release having that package seems to be Spring DM Core 1.1.3.RELEASE .
Is there a simple way to solve that ?
Thanks.
[Updated on: Thu, 04 August 2011 08:59] by Moderator |
|
|
|
|
|
| Re: Spring Security on multiple bundles [message #798845 is a reply to message #709866] |
Wed, 15 February 2012 01:18  |
| Eclipse User |
|
|
|
Hi,
I'm trying the same way to expose authenticationManager using OSGI, here is my spring security xml in business:
module-context.xml
<bean id="_authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider" />
<ref bean="anonymousAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="passwordEncoder">
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
</property>
<property name="userDetailsService" ref="userService" />
<property name="hideUserNotFoundExceptions" value="false" />
</bean>
<bean id="anonymousAuthenticationProvider"
class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="SomeUniqueKeyForThisApplication" />
</bean>
<!-- Usernames/Passwords are rod/koala dianne/emu scott/wombat peter/opal -->
<sec:user-service id="userService">
<sec:user name="rod" password="a564de63c2d0da68cf47586ee05984d7"
authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<sec:user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e"
authorities="ROLE_USER,ROLE_TELLER" />
<sec:user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a"
authorities="ROLE_USER" />
<sec:user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8"
authorities="ROLE_USER" />
</sec:user-service>
osgi-context.xml:
<osgi:service ref="_authenticationManager"
interface="org.springframework.security.authentication.AuthenticationManager" />
here is in the web:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:osgi="http://www.springframework.org/schema/osgi"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies
security that way <protect-pointcut expression="execution(* bigbank.*Service.post*(..))"
access="ROLE_TELLER"/> -->
</global-method-security>
<http use-expressions="true">
<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')" />
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
<intercept-url pattern="/images/**" access="permitAll" />
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login/>
<logout/>
<remember-me />
</http>
</beans:beans>
osgi-context.xml:
<osgi:reference id="_authenticationManager"
interface="org.springframework.security.authentication.AuthenticationManager" />
But I always get this error:
[2012-02-15 13:35:09.195] ERROR Thread-128 org.springframework.web.context.ContextLoader Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authentication.ProviderManager#0': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean] while setting bean property 'parent'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#6': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add an <authentication-manager> element to your configuration (with child <authentication-provider> elements) ?
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:281)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
Any idea why this problem happens? It seems that I need to provide authentication-manager in my web bundle xml, but I do not want that since I want to have multiple web bundle to use the same authentication-manager, such that user would not be prompted to login again and again..
I've tried everything including changing the bean id into "authenticationManager".
I also tried to change the bean id into "org.springframework.security.authenticationManager"
but I will get another error:
nested exception is java.lang.NoSuchMethodException: $Proxy225.isEraseCredentialsAfterAuthentication()
Which I know because AuthenticationManager interface does not have that method.
Any idea on how I can solve this problem?
Is it an existing problem in Spring Security 3.0?
Really appreciate any reply
|
|
|
Powered by
FUDForum. Page generated in 0.06469 seconds
Home