printx
Sep 2nd, 2005, 12:59 AM
Hello,
I am trying access my beans through RMI from a command line client and use MethodSecurityInterceptor to
1. allow client connections to the service
2. allow certain users method access by role
At this point my services seem to work, but I am not asked about any credentials and can access my exported beans still without any authentication. Could some guru have a a look on the following code and give me some hint to achieve client side authentication and serverside method access by user name?
-- Exported beans --
<bean id="rmi.registry" class="org.springframework.remoting.rmi.RmiRegistryFactor yBean"/>
<!-- Exportable hello bean -->
<bean id="halloService.export" class="org.printx.remoteServices.HalloServiceImpl"/>
<!-- Export hello bean -->
<bean id="halloService.exporter" class="org.springframework.remoting.rmi.RmiServiceExporte r">
<property name="service">
<ref bean="halloService.export"/>
</property>
<property name="serviceName">
<value>HalloService</value>
</property>
<property name="serviceInterface">
<value>org.printx.remoteServices.HalloService</value>
</property>
<property name="registryPort">
<value>1099</value>
</property>
</bean>
<!-- Remote bean -->
<bean id="halloService" class="org.springframework.remoting.rmi.RmiProxyFactoryBe an">
<property name="serviceUrl">
<value>rmi://127.0.0.1:1099/HalloService</value>
</property>
<property name="serviceInterface">
<value>org.printx.remoteServices.HalloService</value>
</property>
</bean>
-- Authentication code --
<bean id="memoryAuthenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemory DaoImpl">
<property name="userMap">
<value>
bednarz=bednarz1234,ROLE_ADMIN, ROLE_TELLER
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider">
<property name="authenticationDao">
<ref local="memoryAuthenticationDao"/>
</property>
</bean>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- Allows remote clients to check if a username/password is valid -->
<bean id="remoteAuthenticationManager" class="net.sf.acegisecurity.providers.rcp.RemoteAuthentic ationManagerImpl">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
</bean>
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.UnanimousBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/secure/super/.*\Z=ROLE_WE_DONT_HAVE
\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
</value>
</property>
</bean>
<!-- this interceptor sets bean access security -->
<bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance. MethodSecurityInterceptor">
<property name="validateConfigAttributes"><value>false</value></property>
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="objectDefinitionSource">
<value>
org.printx.remoteServices.HalloService.sayFullHall o=ROLE_TELLER
org.printx.remoteServices.HalloService.saySimpleHa llo=ROLE_TELLER
</value>
</property>
</bean>
<!-- Autoproxy bean security -->
<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNa meAutoProxyCreator">
<property name="interceptorNames">
<list>
<value>securityInterceptor</value>
</list>
</property>
<property name="beanNames">
<list>
<value>halloService.export</value>
</list>
</property>
</bean>
-- server.java --
AppContext.factory.getBean("autoProxyCreator");
AppContext.factory.getBean("rmi.registry");
AppContext.factory.getBean("halloService.exporter");
-- client.java --
HalloService halloService = (HalloService) AppContext.factory.getBean("halloService");
// this should not work (I expect an exception because of missing athentication before ) <--------------------------------
halloService.saySimpleHallo("user","password");
-- HalloServiceImpl.java --
public class HalloServiceImpl implements HalloService {
public String sayFullHallo(String user, String password) {
System.out.println("Remote client: " + user);
return "Hallo " + user + " , your password ist: " +password;
}
public String saySimpleHallo(String user, String password) {
System.out.println("Remote client: " + user);
return "Hallo " + user + " , your password ist: " +password;
}
}
Have someone a big view and can give me a more complete example? I think, that I have to export also the remoteAuthenticationManager and that MethodSecurityInterceptor is not working in my example. Can some body give my a more complete example?
Thank you very much,
Andreas Bednarz
Germany
I am trying access my beans through RMI from a command line client and use MethodSecurityInterceptor to
1. allow client connections to the service
2. allow certain users method access by role
At this point my services seem to work, but I am not asked about any credentials and can access my exported beans still without any authentication. Could some guru have a a look on the following code and give me some hint to achieve client side authentication and serverside method access by user name?
-- Exported beans --
<bean id="rmi.registry" class="org.springframework.remoting.rmi.RmiRegistryFactor yBean"/>
<!-- Exportable hello bean -->
<bean id="halloService.export" class="org.printx.remoteServices.HalloServiceImpl"/>
<!-- Export hello bean -->
<bean id="halloService.exporter" class="org.springframework.remoting.rmi.RmiServiceExporte r">
<property name="service">
<ref bean="halloService.export"/>
</property>
<property name="serviceName">
<value>HalloService</value>
</property>
<property name="serviceInterface">
<value>org.printx.remoteServices.HalloService</value>
</property>
<property name="registryPort">
<value>1099</value>
</property>
</bean>
<!-- Remote bean -->
<bean id="halloService" class="org.springframework.remoting.rmi.RmiProxyFactoryBe an">
<property name="serviceUrl">
<value>rmi://127.0.0.1:1099/HalloService</value>
</property>
<property name="serviceInterface">
<value>org.printx.remoteServices.HalloService</value>
</property>
</bean>
-- Authentication code --
<bean id="memoryAuthenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemory DaoImpl">
<property name="userMap">
<value>
bednarz=bednarz1234,ROLE_ADMIN, ROLE_TELLER
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider">
<property name="authenticationDao">
<ref local="memoryAuthenticationDao"/>
</property>
</bean>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- Allows remote clients to check if a username/password is valid -->
<bean id="remoteAuthenticationManager" class="net.sf.acegisecurity.providers.rcp.RemoteAuthentic ationManagerImpl">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
</bean>
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.UnanimousBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
</list>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/secure/super/.*\Z=ROLE_WE_DONT_HAVE
\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
</value>
</property>
</bean>
<!-- this interceptor sets bean access security -->
<bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance. MethodSecurityInterceptor">
<property name="validateConfigAttributes"><value>false</value></property>
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="objectDefinitionSource">
<value>
org.printx.remoteServices.HalloService.sayFullHall o=ROLE_TELLER
org.printx.remoteServices.HalloService.saySimpleHa llo=ROLE_TELLER
</value>
</property>
</bean>
<!-- Autoproxy bean security -->
<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNa meAutoProxyCreator">
<property name="interceptorNames">
<list>
<value>securityInterceptor</value>
</list>
</property>
<property name="beanNames">
<list>
<value>halloService.export</value>
</list>
</property>
</bean>
-- server.java --
AppContext.factory.getBean("autoProxyCreator");
AppContext.factory.getBean("rmi.registry");
AppContext.factory.getBean("halloService.exporter");
-- client.java --
HalloService halloService = (HalloService) AppContext.factory.getBean("halloService");
// this should not work (I expect an exception because of missing athentication before ) <--------------------------------
halloService.saySimpleHallo("user","password");
-- HalloServiceImpl.java --
public class HalloServiceImpl implements HalloService {
public String sayFullHallo(String user, String password) {
System.out.println("Remote client: " + user);
return "Hallo " + user + " , your password ist: " +password;
}
public String saySimpleHallo(String user, String password) {
System.out.println("Remote client: " + user);
return "Hallo " + user + " , your password ist: " +password;
}
}
Have someone a big view and can give me a more complete example? I think, that I have to export also the remoteAuthenticationManager and that MethodSecurityInterceptor is not working in my example. Can some body give my a more complete example?
Thank you very much,
Andreas Bednarz
Germany