PDA

View Full Version : Help: why the rcp app client 's every call need auth.?


lin_xd
Oct 6th, 2005, 10:54 PM
I dev a springrcp app, use acegi as user rights management,
and exposing services using HTTP invokers,I login at client startup ,but I find the every client call to export service will cause a authentication, (verify user name and password,set session Context),which cause to a serious overhead of system performance and resource. how can I deal it? and I use the Acegi right?

The system config as:
in client 's XML :

<bean id="remoteAuthenticationManager" class="org.springframework.remoting.httpinvoker.HttpInvok erProxyFactoryBean">
<property name="serviceInterface">
<value>net.sf.acegisecurity.providers.rcp.RemoteAuthentic ationManager</value>
</property>
<property name="serviceUrl">
<value>http://${serverName}:${httpPort}${contextPath}/RemoteAuthenticationManager-hessian</value>
</property>
</bean>

<!-- Automatically propagates ContextHolder-managed Authentication principal
and credentials to a HTTP invoker BASIC authentication header -->
<bean id="httpInvokerRequestExecutor" class="net.sf.acegisecurity.context.httpinvoker.Authentic ationSimpleHttpInvokerRequestExecutor"/>

<bean id="inpateintDepositManagement" class="org.springframework.remoting.httpinvoker.HttpInvok erProxyFactoryBean">
<property name="serviceUrl">
<value>http://${serverName}:${httpPort}${contextPath}/inpateintDepositManagement</value>
</property>
<property name="serviceInterface">
<value>his.common.bi.inhospital.InpateintDepositManagemen t</value>
</property>
<property name="httpInvokerRequestExecutor">
<ref local="httpInvokerRequestExecutor"/>
</property>
</bean>

and in server(tomcat 5.x):


<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
<!--ref local="rememberMeAuthenticationProvider"/-->
</list>
</property>
</bean>

<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5Passwor dEncoder"/>

<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider">
<property name="authenticationDao"><ref bean="authenticationDao"/></property>
<!--property name="userCache"><ref local="userCache"/></property>
<property name="passwordEncoder"><ref local="passwordEncoder"/></property-->
</bean>

<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFa ctoryBean"/>

<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBe an">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>

<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBa sedUserCache">
<property name="cache"><ref local="userCacheBackend"/></property>
</bean>

<bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImp l">
<property name="dataSource"><ref bean="dataSource"/></property>
</bean>

<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
</bean>

<bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilterEntryPoint">
<property name="realmName"><value>His RCP Client-Server Realm</value></property>
</bean>
<bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.Anonymous ProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
</bean>

<bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.Anonymous AuthenticationProvider">
<property name="key"><value>foobar</value></property>
</bean>

<!--bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter">
</bean-->
<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter">
<property name="context"><value>net.sf.acegisecurity.context.SecurityContextImpl</value></property>
</bean>

<!--bean id="rememberMeProcessingFilter" class="net.sf.acegisecurity.ui.rememberme.RememberMeProce ssingFilter">
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>

<bean id="rememberMeServices" class="net.sf.acegisecurity.ui.rememberme.TokenBasedRemem berMeServices">
<property name="authenticationDao"><ref local="authenticationDao"/></property>
<property name="key"><value>springRocks</value></property>
</bean>

<bean id="rememberMeAuthenticationProvider" class="net.sf.acegisecurity.providers.rememberme.Remember MeAuthenticationProvider">
<property name="key"><value>springRocks</value></property>
</bean-->

<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter">
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
</bean>

<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor">
<property name="authenticationManager">
<ref local="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref local="accessDecisionManager"/>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/**=ROLE_PATIENT,ROLE_DOCTOR
</value>
</property>
</bean>
<!--<bean id="casProcessingFilterEntryPoint" class="net.sf.acegisecurity.util.FilterToBeanProxy">
<property name="targetClass"><value>Petclinic RCP Client-Server Realm</value></property>
</bean>-->
<!--<bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter" />-->

<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerLis tener"/>

<!-- An access decision voter that reads ROLE_* configuration settings -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

<!-- Allows remote clients to check if a username/password is valid -->
<bean id="remoteAuthenticationManager" class="net.sf.acegisecurity.providers.rcp.RemoteAuthentic ationManagerImpl">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
</bean>

<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>true</value></property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>

</list>
</property>
</bean>
[/b]
lin_xd
Oct 6th, 2005, 11:05 PM
Following is a paragraph extract from the tomcat out window:

[DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor25] HttpSession is
null, but SecurityContextHolder has not changed from default: ' net.sf.acegisec
urity.context.SecurityContextImpl@1c5aedc: Null authentication'; not creating Ht
tpSession or storing SecurityContextHolder contents
[DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor25] SecurityContex
tHolder set to new context, as request processing completed
[DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor25] No HttpSession
currently exists - new SecurityContext instance associated with SecurityContext
Holder
[DEBUG,BasicProcessingFilter,http-8080-Processor25] Authorization header: null
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor25] Converted U
RL to lowercase, from: '/his-server/inpatientsearch'; to: '/his-server/inpatient
search'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor25] Candidate i
s: '/his-server/inpatientsearch'; pattern is /secure/**; matched=false
[DEBUG,AbstractSecurityInterceptor,http-8080-Processor25] Public object - authen
tication not attempted
Hibernate: select inpatientb0_.id as id, inpatientb0_.ksbm as ksbm75_, inpatient
b0_.ysbm as ysbm75_, inpatientb0_.z_bah as z4_75_, inpatientb0_.czy as czy75_, i
npatientb0_.z_bz as z6_75_, inpatientb0_.rbrq as rbrq75_, inpatientb0_.z_gxrq as
z8_75_, inpatientb0_.z_rybs as z9_75_, inpatientb0_.z_cwid as z10_75_ from z_ks
ch inpatientb0_ where (inpatientb0_.z_bz=(select inpatientf1_.z_bz from z_blje i
npatientf1_ where (inpatientf1_.z_bah=? and inpatientf1_.z_jzbs='0')) and inpati
entb0_.z_bah=?)
[DEBUG,SecurityEnforcementFilter,http-8080-Processor25] Chain processed normally

[DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor25] HttpSession is
null, but SecurityContextHolder has not changed from default: ' net.sf.acegisec
urity.context.SecurityContextImpl@f36541: Null authentication'; not creating Htt
pSession or storing SecurityContextHolder contents
[DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor25] SecurityContex
tHolder set to new context, as request processing completed
Ben Alex
Oct 10th, 2005, 06:09 PM
HttpInvoker does not by default know how to participate in HttpSessions on the server-side. As such Acegi Security has no choice but to assume the request is from an unknown user and repeat authentication. It shouldn't be too expensive to do this, because the UserCache should avoid going back to the database. If this solution is unsatisfactory, you'll need to get your rich client participating in a HttpSession in which case Acegi Security will not re-authentication on every call (well, in CVS and from 0.9.0).