Custom security filter calling a scout service [message #1223485] |
Mon, 23 December 2013 09:31  |
Eclipse User |
|
|
|
I'm using a data store which is not a traditional relational database, namely Neo4j, and I want to implement a security filter that will handle authenticating users against their username/password details stored in the Neo4j database.
At present, I have a Scout server only "persistence service" providing various data access methods around my Neo4j instance, and I'd like to keep it that way. It seems, however, that when I attempt to call my persistence service from the security filter, it fails to initialise?
Basically, when my client starts up, they're presented with the login box, the inputs from which are passed through to my security filter. In my filter, I have some code like this (which should essentially retrieve the user details from the persistence store):
IPersistenceService ps = SERVICES.getService(IPersistenceService.class);
Map<String, Object> user = ps.loadSimple("User", "Username", username);
Unfortunately, it's crashing with a null pointer exception on the reference to "ps" - clearly the request to get the service at this point in time is failing.
The delivered DataSourceSecurityFilter avoids the subject entirely by making its own connection to the data store, which isn't going to be so simple or desirable for me.
How can I ensure my persistence service is started up and running in time to be able to service the filter?
|
|
|
Re: Custom security filter calling a scout service [message #1223797 is a reply to message #1223485] |
Tue, 24 December 2013 09:47  |
Eclipse User |
|
|
|
Your analysis is correct.
I am not an expert in this area and we have a lack of documentation in this domain. To be able to perform a Service Lookup [e.g. SERVICES.getService(..)] you need to be in a Scout context.
For your use case, you might try to schedule an org.eclipse.scout.rt.server.ServerJob. I am not sure if my proposal is correct but it works:
ServerJob job = new ServerJob("security-filter-job", new ServerSession()) {
@Override
protected IStatus runTransaction(IProgressMonitor monitor) throws Exception {
//Here you can call SERVICES.getService(..)
//Return a status depending on your query in your IPersistenceService
return Status.OK_STATUS;
}
};
IStatus status = job.runNow(new NullProgressMonitor());
job.throwOnError();
//Use the status to decide if the user is valid or not.
It is holiday time, so I am not able to check my approach with people who know the whole ServerJob/Authentication/SecurityFilter stuff better. Do not hesitate to give feedback and to ping us back, if you want to have precisions.
|
|
|
Powered by
FUDForum. Page generated in 0.02725 seconds