UserCredentialsDataSourceAdapter appears to be broken.
Looks like there is some sort of problem with this as any password at all is accepted as valid. I even edited the applicationContext-jdbc.xml file inside the UserCredentialsDataSourceAdapater bean to comment out the default username and password values, and it still takes any password as valid, so the UserCredentialsDataSourceAdapter must not be looked at at all!
Here is what I tried (maybe it's my mistake). I set this up in my applicationContext-jdbc.xml file:
Code:<!-- For non Sun App Servers, use java:comp/env/sureweb --> <bean id="targetDataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> <property name="jndiName"><value>jdbc/myappname</value></property> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.UserCredentialsDataSourceAdapter"> <property name="targetDataSource"><ref bean="targetDataSource"/></property> <property name="username"><value>MASTERUSERNAME</value></property> <property name="password"><value>MASTERPASSWORD</value></property> </bean> <!-- Transaction manager for Spring JDBC --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource"><ref bean="dataSource"/></property> </bean> <bean id="userAccessDAO" class="com.mycompany.myproject.dao.jdbc.UserAccessDAOJdbc" singleton="false"> <property name="dataSource"><ref bean="dataSource"/></property> </bean>
In my code I do this:
Code:public String loginButton_action() { //TODO Will need to use Spring when it is working //but for now just test with static code //Get access to Spring ApplicationContext ctx = org.springframework.web.jsf.FacesContextUtils.getWebApplicationContext(getFacesContext().getCurrentInstance()); UserCredentialsDataSourceAdapter ds = (UserCredentialsDataSourceAdapter) ctx.getBean("dataSource"); boolean bAuthenticated = true; try { log("Authenticating user " + userName.getValue()); ds.setCredentialsForCurrentThread((String)userName.getValue(), (String)password.getValue()); //Get the UserAccess information to feed to the PatientDAOJdbc class UserAccessDAOJdbc userAccessDAO = (UserAccessDAOJdbc)ctx.getBean("userAccessDAO"); List userAccessList = userAccessDAO.getUserAccessList((String)userName.getValue()); } catch (Exception ex) { log("User credentials for " + userName.getValue() + " could not be authenticated"); bAuthenticated = false; } if (bAuthenticated) { //Perform needed operations for a successful logon handleSuccessTasks(); return "loginSuccess"; } else { return "loginFail"; } }
And my DAOJdbc code looks like this:
Now, it does fail if I give it the wrong username (Email address) because of the failed (empty) retrieve, but any password at all allows this to work. It acts like it is using the username/password set up in jndi datasource.Code:public class UserAccessDAOJdbc extends JdbcDaoSupport implements UserAccessDAO { public List getUserAccessList(String retrievalID) { List userAccessList = new UserAccessQuery(getDataSource()).execute(new Object[]{retrievalID}); if (userAccessList.isEmpty()) { throw new ObjectRetrievalFailureException(UserAccess.class, retrievalID); } return userAccessList; } class UserAccessQuery extends MappingSqlQuery { public UserAccessListQuery(DataSource ds) { super(ds, "SELECT * FROM UserAccess WHERE EmailAddress=?"); declareParameter(new SqlParamter(Types.VARCHAR)); compile(); } protected Object mapRow(java.sql.ResultSet resultSet, int param) throws java.sql.SQLException { UserAccess userAccess = new UserAccess(); userAccess.setEmailAddress(resultSet.getString("EMailAddress")); userAccess.setAllAccess(resultSet.getInt("AllAccess")); return userAccess; } } }
Is this broken, or am I doing something wrong?
THANKS! :)
Reply With Quote