0

ZK Spring Security - ACLs Integration - Domain Object Security

asked 2011-04-10 11:52:26 +0800

gesuinonapoli gravatar image gesuinonapoli
51 1
http://gesuinonapoli.blog...

updated 2011-04-11 08:59:26 +0800

Hi all, I use the last zkspring-security-3.0.jar library to secure my zk application. I worked on Domain Object Security (ACLs) and now i'm trying to integrate this in zk.

ZK have an utility class SecurityUtil.java that permit to interrogate the SpringSecurity mechanism to obtain information about permissions, See this for information.

Now when i call

SecurityUti.isAccessible("WRITE", domainObject)
a nullpointer exception is throws when the source try to parsePermissions with the permissionFactory in effect this variable is never initialized in the code.

All the needed objects are initialized by this code:

private static void initializeIfRequired() {
        if (_applicationContext != null) {

            return;

        }

        _applicationContext = SpringUtil.getApplicationContext();

        Map map = new HashMap();
        ApplicationContext context = _applicationContext;

        while (context != null) {
            map.putAll(context.getBeansOfType(AclService.class));
            context = context.getParent();
        }

        if (map.size() != 1) {
            throw new UiException(
                "Found incorrect number of AclService instances in application context - you must have only have one!");
        }

        _aclService = (AclService) map.values().iterator().next();

        map = _applicationContext.getBeansOfType(SidRetrievalStrategy.class);

        if (map.size() == 0) {
            _sidRetrievalStrategy = new SidRetrievalStrategyImpl();
        } else if (map.size() == 1) {
            _sidRetrievalStrategy = (SidRetrievalStrategy) map.values().iterator().next();
        } else {
            throw new UiException("Found incorrect number of SidRetrievalStrategy instances in application "
                    + "context - you must have only have one!");
        }

        map = _applicationContext.getBeansOfType(ObjectIdentityRetrievalStrategy.class);

        if (map.size() == 0) {
            _objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
        } else if (map.size() == 1) {
            _objectIdentityRetrievalStrategy = (ObjectIdentityRetrievalStrategy) map.values().iterator().next();
        } else {
            throw new UiException("Found incorrect number of ObjectIdentityRetrievalStrategy instances in "
                    + "application context - you must have only have one!");
        }
    }

but no initialization is present for permissionFactory.
The question is : Is this a bug or have I to initialize permissionFactory in another way?

At moment I solved this with a workaround, i rewrite the initializeIfRequired method and i inserted the initialization of the permissionFactory in this way:

 if(permissionFactory==null){
            	permissionFactory= new DefaultPermissionFactory();
            }

and now all works correcty.

Someone can help me? Thank you.

delete flag offensive retag edit

4 Replies

Sort by ยป oldest newest

answered 2011-04-14 08:42:23 +0800

gesuinonapoli gravatar image gesuinonapoli
51 1
http://gesuinonapoli.blog...

No one has ever had this problem or I was unclear in the exposition?

link publish delete flag offensive edit

answered 2011-04-16 09:33:07 +0800

gesuinonapoli gravatar image gesuinonapoli
51 1
http://gesuinonapoli.blog...

For this problem i opened an issue on zkspring google code project zkspring google code project.
I have also provided a simple solution to this issue.

link publish delete flag offensive edit

answered 2011-04-19 11:22:39 +0800

jaider2523 gravatar image jaider2523
132 1

Hello gesuinonapoli,

Actually I can not help because I have not happened yet, but I write for another purpose, I also want to apply security spring to my web project, but with connection to mysql database in this forum but nobody helps me or gives me codes clear to do so, took several weeks to try and so far I have not been able to achieve, if you so you can communicate you able to do my e [email protected] .... I would appreciate it.

link publish delete flag offensive edit

answered 2011-04-20 04:54:18 +0800

gesuinonapoli gravatar image gesuinonapoli
51 1
http://gesuinonapoli.blog...

updated 2011-04-20 05:12:50 +0800

I jaider2523 you can start following this two links:
1. Security Database Schema
2. Spring Security 3 database schemas for MySQL

the second one is a database security schema for mysql.

Then the the simple way to integrate spring-security and your mysql db is to put this into your applicationContext-security.xml.
This authentication-provider use a jdbc-user-service (but there 'are many others providers)

.....
 <security:authentication-provider>
        <security:jdbc-user-service
                data-source-ref="dataSource"
                authorities-by-username-query="INSERT HERE YOUR SELECT ON AUTHORITIES TABLE"
                users-by-username-query="INSERT HERE YOUR SELECT ON USER TABLE"/>
        <security:password-encoder hash="sha">
            <security:salt-source user-property="login" />
        </security:password-encoder>
    </security:authentication-provider>
...

link publish delete flag offensive edit
Your reply
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2011-04-10 11:52:26 +0800

Seen: 783 times

Last updated: Apr 20 '11

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More