I am using struts 2 login interceptor. Code is working fine. In my application many popup windows have used.when I open my popup window and logout from my main window popup window showing login page as I coded but only for this scenario, i want that it will showing any message ( either session expired or u have already logged out) instead of login page.
Please go thru my code if any modification is required
LoginInterceptor.java
public class LoginInterceptor extends AbstractInterceptor implements
StrutsStatics{
private AdminUserSessionInfo objAdminUserSessionInfo = new AdminUserSessionInfo();
private static final long serialVersionUID = 1L;
private static final Log log = LogFactory.getLog(LoginInterceptor.class);
private static final String LOGIN_ATTEMPT = "loginAttempt";
private static final String LOGIN_OUT = "loginOut";
private static final String USER_HANDLE = "loggedInUser";
Map sessionMap = null;
public void init() {
log.info("Intializing LoginInterceptor");
}
public void destroy() {
}
public String intercept(ActionInvocation invocation) throws Exception {
final ActionContext context = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) context
.get(HTTP_REQUEST);
HttpServletResponse response = (HttpServletResponse) context
.get(HTTP_RESPONSE);
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
HttpSession session = request.getSession(true);
Object user = session.getAttribute(USER_HANDLE);
String loginOut = request.getParameter(LOGIN_OUT);
if (user == null) {
String loginAttempt = request.getParameter(LOGIN_ATTEMPT);
System.out.println("loginAttemp---->"+loginAttempt);
/* The user is attempting to log in. */
if (!StringUtils.isBlank(loginAttempt)) {
return invocation.invoke();
}
return "login";
} else {
return invocation.invoke();
}
}
web.xml
<interceptors>
<interceptor class="org.iaf.aos.common.LoginInterceptor"
name="loginInterceptor"></interceptor>
<interceptor-stack name="loginStack">
<interceptor-ref name="loginInterceptor" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="loginStack"></default-interceptor-ref>
<global-results><result name="login">aos.jsp</result></global-results>
<action name="checkUserLogin" class="org.iaf.aos.web.login.action.AdminUserAction" method="checkUserLogin">
<!-- <result name="success">index.jsp</result> -->
<interceptor-ref name="loginStack"></interceptor-ref>
<result name="success" type="chain">HomePage</result>
<result name="error">WEB-INF/jsp/admin/Error.jsp</result>
<result name="selectRole">aos1.jsp</result>
<!--<result name="selectRole">WEB-INF/jsp/admin/SelectRole.jsp</result>-->
</action>
<action name="home">
<!-- <result>index.jsp</result>-->
<interceptor-ref name="loginStack"></interceptor-ref>
<result name="success" type="chain">HomePage</result>
</action>
<action name="logOutUser" class="org.iaf.aos.web.login.action.LogOutUserAction">
<interceptor-ref name="loginStack"></interceptor-ref>
<result name="logout">WEB-INF/jsp/admin/LoggedOut.jsp
</result>
</action>
LogOutUserAction.java
public class LogOutUserAction extends ActionSupport {
private static final long serialVersionUID = 1L;
public String execute() throws Exception {
System.out.println("inside :: LogOutUserAction------");
Map session = ActionContext.getContext().getSession();
session.remove("loggedInUser");
return "logout";
}
}
logout.jsp
<td width="*" align="right" valign="top">
<s:url var="urlLogOut" action="logOutUser.action">
<s:param name="loginOut" value="%{'2'}"/>
</s:url>
<sx:a href="%{#urlLogOut}" targets="divAddEditUser">
<font color="white">Log Out</font>
</sx:a>
<!--<font color="white">Log Out</font>
--></td>
</tr>
AdminUserAction.java
ServletActionContext.getRequest().getSession().setAttribute("loggedInUser", loginId);
return "selectRole";
You will have to do that explicitly write that logic, It wont do by default.
In your logout action after removing the user from session, invalidate it too.
session.remove("loggedInUser");
session.invalidate();
session = null;
Then in your interceptor you check if session is valid or not, if not then you add an attribute, stating your session has either expired or you have logged out.
So your interceptor code become something like this:
HttpSession session = request.getSession(true);
if(session == null){
request.setAttribute("SessionExpired","Your session has expired or you have logged out");
}
Object user = session.getAttribute(USER_HANDLE);
Then if your jsp page when you show the login screen you check if request has "SessionExpired" attribute, if yes show that to the user.
Related
adminpage.jsp
I am iterating the users list from map and showing it in UI. Trying to send Yes/No values selected by user for agRestricted and processing it in the approve action.
<logic:iterate name="usersDetails" id="user" indexId="index">
<td><bean:write name="user" property="agName" /></td>
<td>
<html:select property="agRestricted" name="user">
<html:option value="Yes">Yes </html:option>
<html:option value="No">No</html:option>
</html:select>
</td>
<td>
<html:button property="Approve" value="" title="Approve" onclick="adminApprove()"></html:button>
</td>
</logic:iterate>
ApproveAction.java
In the approve action I am trying to read agRestricted value sent in form on submission. but Iam getting null here. Am I doing anything wrong.
public ActionForward approve(ActionMapping mapping, ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws Exception {
RegistrationForm registrationForm = (RegistrationForm) form;
if (loggingService.isInfoEnabled()) {
loggingService.logInfo(this, "is AG Restricted", agRestricted);
} // if{}//printing null
}
RegistrationForm.java
POJO Class for setting the form variables.
public class RegistrationForm extends org.apache.struts.action.ActionForm {
private String agRestricted;
private String agName;
public String getAgRestricted() {
return agRestricted;
}
public void setAgRestricted(String agRestricted) {
if (loggingService.isInfoEnabled()) {
loggingService.logInfo(this, "is AG Restricted", agRestricted);
} // if{}//printing null
this.agRestricted = agRestricted;
}
public String getAgName() {
return agName;
}
public void setAName(String agName) {
this.agName = agName;
}
}
adminpage.js
function adminApprove() {
var newUrl2 = './adminpage.do';
document.forms[0].action = newUrl2;
document.forms[0].submit();
}
struts-config.xml
<action input="/adminApprove" name="RegistrationForm"
path="/adminpage" scope="request"
type="com.cts.assetserv.core.web.action.ApproveAction" parameter="method">
<forward name="Success" path="/adminpage.do" />
<forward name="Error" path="/adminpage.do" />
</action>
Now I know there are lot of questions on this, but I have faced no luck at all and thought to ask a question here.
I have an application which just runs a splashscreen followed by a MainActivity(Which is just a WebView)
Now I integrated this with OneSignal for receiving push notifications.
Everything works good, I mean I get a notification when sent through the onesignal website to my phone - but the thing I am facing is, tapping the notification does not get my ResultActivity(Just a activity displaying a Toast of message).
My code snippets looks as below:
splashscreen.java:
public class splashscreen extends Activity {
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.splash);
Thread splashThread = new Thread() {
#Override
public void run() {
try {
int waited = 0;
while (waited < 5000) {
sleep(100);
waited += 100;
}
} catch (InterruptedException e) {
// do nothing
} finally {
finish();
Intent i = new Intent();
i.setClassName("com.google",
"com.google.Main");
startActivity(i);
}
}
};
splashThread.start();
}
#Override
protected void onPause() {
super.onPause();
OneSignal.onPaused();
}
#Override
protected void onResume() {
super.onResume();
OneSignal.onResumed();
}
}
Main.java:
#SuppressLint("SetJavaScriptEnabled") public class Main extends Activity {
/** Called when the activity is first created. */
WebView web;
private static Activity currentActivity;
Intent resultIntent = new Intent(this, ResultActivity.class);
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
currentActivity = this;
web = (WebView) findViewById(R.id.my_webview);
web.setWebViewClient(new myWebClient());
web.getSettings().setJavaScriptEnabled(true);
web.loadUrl("http://google.com");
OneSignal.init(this, "xxxxxxx", "xxx-xxx-xxxx-xxxx-xxxxxx", new ExampleNotificationOpenedHandler());
}
#Override
public boolean onCreateOptionsMenu(Menu menu){
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.main, menu);
return true;
}
#Override
public boolean onOptionsItemSelected(MenuItem item) {
// Handle item selection
switch (item.getItemId()) {
case R.id.exit:
finish();
return true;
default:
return super.onOptionsItemSelected(item);
}
}
public class myWebClient extends WebViewClient
{
#Override
public void onPageStarted(WebView view, String url, Bitmap favicon) {
// TODO Auto-generated method stub
super.onPageStarted(view, url, favicon);
}
public boolean shouldOverrideUrlLoading(WebView view, String url) {
String url2="http://google.com";
// all links with in ur site will be open inside the webview
//links that start with your domain example(http://www.example.com/)
if (url != null && url.startsWith(url2)){
return false;
}
// all links that points outside the site will be open in a normal android browser
else {
view.getContext().startActivity(
new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
return true;
}
}
}
// To handle "Back" key press event for WebView to go back to previous screen.
#Override
public boolean onKeyDown(int keyCode, KeyEvent event)
{
if ((keyCode == KeyEvent.KEYCODE_BACK) && web.canGoBack()) {
web.goBack();
return true;
}
return super.onKeyDown(keyCode, event);
}
#Override
protected void onPause() {
super.onPause();
OneSignal.onPaused();
}
#Override
protected void onResume() {
super.onResume();
OneSignal.onResumed();
}
// NotificationOpenedHandler is implemented in its own class instead of adding implements to MainActivity so we don't hold on to a reference of our first activity if it gets recreated.
private class ExampleNotificationOpenedHandler implements NotificationOpenedHandler {
/**
* Callback to implement in your app to handle when a notification is opened from the Android status bar or
* a new one comes in while the app is running.
* This method is located in this activity as an example, you may have any class you wish implement NotificationOpenedHandler and define this method.
*
* #param message The message string the user seen/should see in the Android status bar.
* #param additionalData The additionalData key value pair section you entered in on onesignal.com.
* #param isActive Was the app in the foreground when the notification was received.
*/
#Override
public void notificationOpened(String message, JSONObject additionalData, boolean isActive) {
String messageTitle = "OneSignal Example" + isActive, messageBody = message;
try {
if (additionalData != null) {
if (additionalData.has("title"))
messageTitle = additionalData.getString("title");
if (additionalData.has("actionSelected"))
messageBody += "\nPressed ButtonID: " + additionalData.getString("actionSelected");
messageBody = message + "\n\nFull additionalData:\n" + additionalData.toString();
}
} catch (JSONException e) { }
/*
new AlertDialog.Builder(Main.currentActivity)
.setTitle(messageTitle)
.setMessage(messageBody)
.setCancelable(true)
.setPositiveButton("OK", null)
.create().show();
*/
NotificationCompat.Builder mBuilder =
new NotificationCompat.Builder(Main.currentActivity)
.setSmallIcon(R.drawable.cc)
.setContentTitle(messageTitle)
.setDefaults(
Notification.DEFAULT_SOUND
| Notification.DEFAULT_VIBRATE
| Notification.FLAG_AUTO_CANCEL)
.setContentText(messageBody);
resultIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
PendingIntent resultPendingIntent =
PendingIntent.getActivity(
Main.currentActivity,
0,
resultIntent,
PendingIntent.FLAG_UPDATE_CURRENT
| PendingIntent.FLAG_ONE_SHOT
);
mBuilder.setContentIntent(resultPendingIntent);
NotificationManager mNotifyMgr =
(NotificationManager) getSystemService(NOTIFICATION_SERVICE);
mNotifyMgr.notify(001, mBuilder.build());
}
}
}
ResultActivity.java:
public class ResultActivity extends Activity {
/** Called when the activity is first created. */
#Override
protected void onCreate(Bundle savedInstanceState) {
// TODO Auto-generated method stub
super.onCreate(savedInstanceState);
/*
ImageView image = new ImageView(this);
image.setImageDrawable(getResources().getDrawable(R.drawable.ic_launcher));
setContentView(image);
Toast.makeText(getApplicationContext(),
"Do Something NOW",
Toast.LENGTH_LONG).show();
*/
super.onCreate(savedInstanceState);
setContentView(R.layout.splash);
}
}
Manifest:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.google"
android:versionCode="1"
android:versionName="1.0" >
<uses-sdk
android:minSdkVersion="8"
android:targetSdkVersion="21" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<permission android:name="com.google.permission.C2D_MESSAGE" android:protectionLevel="signature" />
<uses-permission android:name="com.google.permission.C2D_MESSAGE" />
<application
android:allowBackup="true"
android:icon="#drawable/ic_launcher"
android:label="#string/app_name"
android:theme="#android:style/Theme.NoTitleBar.Fullscreen" >
<meta-data android:name="com.google.android.gms.version"
android:value="#integer/google_play_services_version" />
<activity android:name="com.onesignal.NotificationOpenedActivity" android:theme="#android:style/Theme.NoDisplay">
</activity>
<receiver
android:name="com.onesignal.GcmBroadcastReceiver"
android:permission="com.google.android.c2dm.permission.SEND" >
<intent-filter>
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
<category android:name="com.google" />
</intent-filter>
</receiver>
<service android:name="com.onesignal.GcmIntentService" />
<activity android:name=".splashscreen" android:label="#string/app_name">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity android:name=".Main" android:label="#string/app_name" >
</activity>
<activity android:name=".ResultActivity"
android:label="#string/app_name"
android:exported="true">
</activity>
<receiver
android:name="com.google.OneSignalBackgroundDataReceiver"
android:exported="false">
<intent-filter>
<action android:name="com.onesignal.BackgroundBroadcast.RECEIVE" />
</intent-filter>
</receiver>
</application>
</manifest>
I have tried all these answers but none worked:
Notification Not open Acivity onCLick
Android Status Bar Notifications - Opening the correct activity when selecting a notification
Android :Tap on Push Notification does not open Application
Android click on notification does not open the attached Activity
It is painfull to modify one line and test it on device! Since onesignal allows only testing in device. Please help or atleast guide me how to debug.
Device on which the apk was tested : Samsung Galaxy S4 running Lolipop.
Take a look at this link:
https://documentation.onesignal.com/docs/android-customizations#section-background-data-and-notification-overriding
(Search : "Changing the open action of a notification" in the page to go to the exact paragraph).
And this is an example:
http://androidbash.com/android-push-notification-service-using-onesignal/
I don't have time to read your code carefully, but seems like it has some problems:
You initialize OneSignal in the wrong place.
"Make sure you are initializing OneSignal with
setNotificationOpenedHandler in the onCreate method in your
Application class. You will need to call startActivity from this callback" (OneSignal's document).
You don't need any other receivers in AndroidManifest to catch intent and open your target activity, OneSignal.NotificationOpenedHandler already handle this. But don't forget this line to prevent OneSignal open your launcher activity:
<application ...>
<meta-data android:name="com.onesignal.NotificationOpened.DEFAULT" android:value="DISABLE" />
</application>
I use this solution in my app and it works fine. Because it's the way it is.
OneSignal.init must be called from your launcher Activity, you will need to move it to your splashscreen Activity. This will get your ExampleNotificationOpenedHandler to fire when you open a OneSignal notification.
Make sure to also copy the calls to OneSignal.onPaused(); and OneSignal.onResumed(); into your splashscreen Activity. These need to be called in every Activity in the onPuase() and onResume() methods.
I'm trying to upgrade our current application to CXF 3 and WSS4J 2. This is causing me quite a headache.
The current application code for the client:
private void secureWebService( Client client, final Credentials credentials ) {
// set some WS-Security information
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN );
outProps.put( WSHandlerConstants.USER, credentials.getUsername() );
outProps.put( WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT );
// Callback used to retrieve password for given user.
outProps.put( WSHandlerConstants.PW_CALLBACK_REF, new CallbackHandler() {
#Override
public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword( credentials.getPassword() );
}
});
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor( outProps );
client.getOutInterceptors().clear();
client.getOutInterceptors().add( wssOut );
}
On the Server side...
public class ServerPasswordCallback implements CallbackHandler {
public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[0];
boolean result = false;
try {
LoginContext lc = new LoginContext( container, new CallbackHandler() {
public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException {
NameCallback nc = (NameCallback)callbacks[0];
nc.setName( myGetName() );
PasswordCallback pc2 = (PasswordCallback)callbacks[1];
String clientPasssword = pc.getPassword(); //Used to contain the password but is now NULL
pc2.setPassword( clientPasssword.toCharArray() );
}
} );
lc.login();
result = true;
} catch( LoginException le ) {
le.printStackTrace(); //current stack trace is a NULLPointerException since "clientPassword" is NULL
// We haven't authenticated, so false will be returned
} catch( SecurityException se ) {
throw new IOException( "Cannot create LoginContext. " + se.getMessage() );
}
return result;
}
}
My JAX-WS Endpoint Config:
<bean id="wss4jPasswordCallback" class="com.mycompany.webservice.security.ServerPasswordCallback"/>
<jaxws:endpoint id="customerEndpoint" implementor="#customerWebService" address="/Customer">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PlainText"/>
<entry key="passwordCallbackRef">
<ref bean="wss4jPasswordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
<bean class="com.mycompany.webservice.security.Wss4jPrincipalInjectorInterceptor"/>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<bean class="com.mycompany.webservice.security.Wss4jPrincipalRemoverInterceptor"/>
</jaxws:outInterceptors>
<jaxws:outFaultInterceptors>
<bean class="com.mycompany.webservice.security.Wss4jPrincipalRemoverInterceptor"/>
</jaxws:outFaultInterceptors>
</jaxws:endpoint>
Specifically, the WSPasswordCallback object is now passing NULL rather than the password as it used to. From my reading, CXF just chose to stop doing this with insufficient documentation regarding what I would do for an upgrade path. What is an upgrade path for this?
Also, I've noticed that WSS4J is changing where it lives. It has moved from "org.apache.ws.security" to "org.apache.wss4j.common.ext". I have also updated all my constants to "org.apache.wss4j.dom.WSConstants" & "org.apache.wss4j.dom.handler.WSHandlerConstants" to get things to compile. This also has drastically changed the old "org.apache.ws.security.validate.Validator" class in "org.apache.commons.validator.Validator". The classes are quite different now. Maybe "org.apache.wss4j.dom.validate.KerberosTokenValidator" is the new replacement? Again, I could find no documentation for this fact.
Please note: This is all working code until moving to the new CXF and WSS4J version!
Due to the significant time I spent on this issue, I wanted to make sure I provided my solution. This may not be for everyone, but if your code looks like my question, this should get you on the right track.
First, what was the Validator class is now an interface after CXF 3. What I have working is the org.apache.wss4j.dom.validate.UsernameTokenValidator in place of what was org.apache.ws.security.validate.Validator. This critical piece of info was absent in my searches.
Therefore, if you are using CallbackHandler for doing custom authentication, you need to switch to the UsernameTokenValidator. Here is what my code now looks like.
JAX-WS Config:
<!-- Bean for custom authentication of web service -->
<bean id="UsernameTokenLDAPValidator" class="com.mycompany.webservice.security.UsernameTokenLDAPValidator"/>
<jaxws:endpoint id="customerEndpoint" implementor="#customerWebService" address="/Customer">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
</map>
</constructor-arg>
</bean>
<bean class="com.mycompany.webservice.security.Wss4jPrincipalInjectorInterceptor"/>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<bean class="com.mycompany.webservice.security.Wss4jPrincipalRemoverInterceptor"/>
</jaxws:outInterceptors>
<jaxws:outFaultInterceptors>
<bean class="com.mycompany.webservice.security.Wss4jPrincipalRemoverInterceptor"/>
</jaxws:outFaultInterceptors>
<jaxws:properties>
<entry key="ws-security.enable.nonce.cache" value="false" />
<entry key="ws-security.enable.timestamp.cache" value="false" />
<entry key="ws-security.ut.validator" value-ref="UsernameTokenLDAPValidator"/>
</jaxws:properties>
</jaxws:endpoint>
NEW UsernameTokenLDAPValidator class
public class UsernameTokenLDAPValidator extends UsernameTokenValidator {
public Credential validate( Credential credential, RequestData request ) throws WSSecurityException {
UsernameToken userToken = credential.getUsernametoken();
final String userId = userToken.getName();
final String password = userToken.getPassword();
String securityDomainName = "SecurityDomainNameNameOfJBOSSConfig"; //<login-module>
LoginContext lc;
try {
lc = new LoginContext( securityDomainName, new CallbackHandler() {
public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException {
NameCallback nc = (NameCallback)callbacks[0];
nc.setName( userId );
PasswordCallback pc2 = (PasswordCallback)callbacks[1];
pc2.setPassword( password.toCharArray() );
}
} );
lc.login();
} catch( LoginException e ) {
throw new WSSecurityException( ErrorCode.FAILED_AUTHENTICATION, e );
}
return credential;
}
}
Notes:
I removed my old CallbackHandler class (ServerPasswordCallback) (in question)
I did not make any changes to the application code for the client (in question)
It sounds like you are upgrading from an old version of CXF that used WSS4J 1.5.x From WSS4J 1.6.x, the CallbackHandler is no longer supplied with the password, but must instead set the password on the Callback. See here:
http://coheigea.blogspot.ie/2011/02/usernametoken-processing-changes-in.html
Colm.
In my application, a user may create an account freely, and it needs to own a queue (or topic) to communicate 2 backend processes between them. I don't want to have to modify activemq's configuration every time that someone creates an account. I have already created a jaasAuthenticationPlugin and it works fine. Here is the relevant part of my activemq.xml file:
<plugins>
<!-- 'activemq-domain' defined in conf/login.conf -->
<jaasAuthenticationPlugin configuration="activemq-domain" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="foobarQueue"
write="foobarGroup"
read="foobarGroup"
admin="foobarGroup"
/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
As you may deduct, the authentication plugin is authenticating a user (foobar in this example) and putting the user in the foobarGroup group. The AuthorizationEntry is granting read, write and admin privileges to the foobarQueue to this foobarGroup. This is working well, but now if I create a new user, I must come to this file and add a new AuthorizationEntry. Is it possible with a simple configuration line in the activemq.xml to do something like:
<authorizationEntry
queue="<% Username %>"
write="<% Username %>"
read="<% Username %>"
admin="<% Username %>"
/>
or should I write some JAAS authorization class to do that?
Finally I have written a class to handle the Authorization part. It was a bit difficult because documentation is difficult to find and I couldn't find any good example. Digging in the source code of the default LDAPAuthorizationMap was key. Anyway, the source for anyone interested:
package com.example.activemq;
import org.apache.activemq.advisory.AdvisorySupport;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.activemq.security.AuthorizationMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.HashSet;
import java.util.Set;
public class OwnedUserQueueAuthorizator implements AuthorizationMap {
private static final Log log =
LogFactory.getLog(OwnedUserQueueAuthorizator.class);
private boolean debug = false;
// the Destination will be the name of the user, and we should return that
// the group with user name has read,write and admin privileges to the
// topic/queue named like the username
// for temporary destinations, if null is returned, then everybody has
// permission.
public Set<GroupPrincipal> getTempDestinationAdminACLs() {
return null;
}
public Set<GroupPrincipal> getTempDestinationReadACLs() {
return null;
}
public Set<GroupPrincipal> getTempDestinationWriteACLs() {
return null;
}
// for persistent destinations
public Set<GroupPrincipal> getAdminACLs(ActiveMQDestination destination) {
if (debug) {
log.debug("getAdminACLs: " + destination.getPhysicalName());
}
return getACLs(destination);
}
public Set<GroupPrincipal> getReadACLs(ActiveMQDestination destination) {
if (debug) {
log.debug("getReadACLs: " + destination.getPhysicalName());
}
return getACLs(destination);
}
public Set<GroupPrincipal> getWriteACLs(ActiveMQDestination destination) {
if (debug) {
log.debug("getwriteACLs: " + destination.getPhysicalName());
}
return getACLs(destination);
}
private Set<GroupPrincipal> getACLs(ActiveMQDestination destination) {
Set<GroupPrincipal> result;
if (AdvisorySupport.isAdvisoryTopic(destination)) {
result = getACLsForAdvisory();
} else {
result = new HashSet<GroupPrincipal>();
// Destination should be something like UUID or UUID.whatever...,
// so we must add only the first component as the group principal
result.add(new GroupPrincipal(
destination.getDestinationPaths()[0])
);
}
if (debug) {
String s = "";
for (GroupPrincipal gp : result) {
s += ", " + gp.getName();
}
log.debug("groupPrincipals: " + "[" + s.substring(2) + "]");
}
return result;
}
private Set<GroupPrincipal> getACLsForAdvisory() {
Set<GroupPrincipal> result = new HashSet<GroupPrincipal>();
GroupPrincipal g = new GroupPrincipal("advisories");
result.add(g);
return result;
}
// Properties
// -------------------------------------------------------------------------
// if the <bean> definition in the activemq.xml has some
// <property name="foo" value="..." />
// defined, they will call this.setFoo($value), so, even if these get/set
// methods aren't called from here, they are really needed.
public void setDebug(String debug) {
this.debug = "true".equalsIgnoreCase(debug);
}
public String getDebug() {
return String.valueOf(debug);
}
}
The conf/activemq.xml file:
<beans ...>
...
<broker ...>
...
<plugins>
<!-- 'activemq-domain' defined in conf/login.conf -->
<jaasAuthenticationPlugin configuration="activemq-domain" />
<authorizationPlugin>
<map>
<bean id="OwnedUserQueueAuthorizationMap"
class="com.example.activemq.OwnedUserQueueAuthorizator"
xmlns="http://www.springframework.org/schema/beans">
<property name="debug" value="false"/>
</bean>
</map>
</authorizationPlugin>
</plugins>
...
</broker>
...
</beans>
I'm trying to write a custom method security interceptor. However, it isn't using the authentication manager I added to the bean properties in my security context and returning null when I check to see if the authentication manager exists. Could anyone shed light on why the authentication manager bean property isn't being used? I'm using spring security 3.0.5 on WebSphere 7.0
Here's the bean containing the method interceptor
<beans:bean id="methodInterceptor"
class="bigbank.security.CustomMethodSecInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="universalAccessDecisionManager" />
<beans:property name="securityMetadataSource" ref="tspmMethodSecurityMetaData" />
Here's my method security interceptor
public class CustomMethodSecInterceptor extends MethodSecurityInterceptor {
private static final Log logger = LogFactory
.getLog(WebSphere2SpringSecurityPropagationInterceptor.class);
private AuthenticationManager authenticationManager = null;
private AuthenticationDetailsSource authenticationDetailsSource = new WebSpherePreAuthenticatedAuthenticationDetailsSource();
private final WASUsernameAndGroupsExtractor wasHelper;
public CustomMethodSecInterceptor() {
wasHelper = new DefaultWASUsernameAndGroupsExtractor();
}
#Override
public Object invoke(MethodInvocation mi) throws Throwable {
try {
logger.debug("Performing Spring Security authentication with WebSphere credentials");
System.out.println("##going through ss authentication");
authenticateSpringSecurityWithWASCredentials();
InterceptorStatusToken token = super.beforeInvocation(mi);
logger.debug("Proceeding with method invocation");
Object result = mi.proceed();
return super.afterInvocation(token, result);
} finally {
logger.debug("Clearing Spring Security security context");
SecurityContextHolder.clearContext();
}
}
private void authenticateSpringSecurityWithWASCredentials() {
Assert.notNull(authenticationManager); // This is where the error is coming up
Assert.notNull(authenticationDetailsSource);
String userName = wasHelper.getCurrentUserName();
if (logger.isDebugEnabled()) {
logger.debug("Creating authentication request for user " + userName);
}
PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(
userName, "N/A");
authRequest.setDetails(authenticationDetailsSource.buildDetails(null));
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user " + userName + ": "
+ authRequest);
}
Authentication authResponse = authenticationManager
.authenticate(authRequest);
if (logger.isDebugEnabled()) {
logger.debug("Authentication response for user " + userName + ": "
+ authResponse);
}
SecurityContextHolder.getContext().setAuthentication(authResponse);
}
public void setAuthenticationManager(
AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}
Here's the error:
Caused by: java.lang.IllegalArgumentException: An AuthenticationManager is required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:118)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 119 more
You have overridden the setAuthenticationManager method, so when it is invoked by Spring to inject the AuthenticationManager, it doesn't set the corresponding field in AbstractSecurityInterceptor.
Since the base class contains a getter for this property, you would be best to remove the field and setter method, and just use the getter to access the authentication manager in your code.