proper security configuration with SessionFactory
Hello again. Is there somewhere proper configuration example or tutorial using spring, spring security and hibernate + sessionFactory?
In this one http://stackoverflow.com/questions/2...with-hibernate is missing how to proper config web.xml a despatcher-servlet.xml
First my error was "No bean named ... is defined", so i moved bean definitions from dispatcher-servlet.xml in to applicationContext-common-business.xml a add to web.xml (Beans in despatcher are loaded via component-scan)
Code:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-common-business.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
Than some NullPointers -userDAO, sessionFactory, ...
Code:
<bean name="userDetailsService"
class="cz.xkadle21.dip.service.impl.DiUserContextSecurityService" >
<constructor-arg ref="userDAO" />
<constructor-arg ref="securityUserFactory" />
</bean>
<bean id="securityUserFactory" class="cz.xkadle21.dip.factory.impl.DiSecurityUserFactory" />
<bean id="userDAO" class="cz.xkadle21.dip.dao.impl.DiUserDAO" >
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
p:location="/WEB-INF/jdbc.properties" />
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close" p:driverClassName="${hibernate.connection.driver_class}"
p:url="${hibernate.connection.url}" p:username="${hibernate.connection.username}"
p:password="${hibernate.connection.password}" />
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="configLocation">
<value>classpath:hibernate.cfg.xml</value>
</property>
<property name="configurationClass">
<value>org.hibernate.cfg.AnnotationConfiguration</value>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.show_sql">true</prop>
<!-- <prop key="hibernate.hbm2ddl.auto">update</prop> -->
</props>
</property>
</bean>
... fixed via injecting beans via contrustors and properties, but now iam facing
Code:
SEVERE: Servlet.service() for servlet spring threw exception
org.hibernate.HibernateException: No Hibernate Session bound to thread, and configuration does not allow creation of non-transactional one here
at org.springframework.orm.hibernate3.SpringSessionContext.currentSession(SpringSessionContext.java:63)
at org.hibernate.impl.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:544)
at cz.xkadle21.dip.dao.ADiHibernateGenericDAO.findByCriteria(ADiHibernateGenericDAO.java:118)
at cz.xkadle21.dip.dao.impl.DiUserDAO.findUserByUsername(DiUserDAO.java:84)
But how is that possible? Calling function has annotation @Transaction.
I think it's wrong somethink in my configuration.
Code:
@Service("userDetailsService")
public class DiUserContextSecurityService implements UserDetailsService,
IDiUserContextSecurityService {
private IDiUserDAO userDao;
private IDiSecurityUserFactory securityUserFactory;
@Autowired
public DiUserContextSecurityService(IDiUserDAO userDAO,
IDiSecurityUserFactory securityUserFactory) {
super();
this.userDao = userDAO;
this.securityUserFactory = securityUserFactory;
}
public Authentication getCurrentUser() {
return SecurityContextHolder.getContext().getAuthentication();
}
@Transactional
public User loadUserByUsername(String username) {
DiUser user = userDao.findUserByUsername(username);
UserDetails userDetails = null;
if (user != null) {
throw new UsernameNotFoundException("user not found");
}
return securityUserFactory.buildSecurityUserFromEntity(user);
}
}
