Results 1 to 2 of 2

Thread: SecurityContextHolder.getAuthentication().getAutho rities() returning only one ROLE

  1. Sep 21st, 2010, 09:41 AM #1
    victuriosu
    victuriosu is offline Junior Member
    Join Date
    Mar 2009
    Posts
    6

    Default SecurityContextHolder.getAuthentication().getAutho rities() returning only one ROLE

    I have a web application with Spring 2.5.6, Icefaces 1.8.2 and SpringSecurity 2.0.5.

    I've implemented my custom UserDetailsServiceImpl who searchs the user and roles in DB. Everything works nice. I return a UserDetails with more than one role for that User.

    Later in the application I call SecurityContextHolder.getAuthentication().getAutho rities() for obtaining the GrantedAuthority[] authorities but this array only contains one element.

    How could it be possible? Any help is very appreciated. I attach my UserDetailsServiceImpl and applicationContext-security.xml

    UserDetailsServiceImpl.java
    Code:
    public class UserDetailServiceImpl implements UserDetailsService {

    private UsuarioService usuarioService;
    private static final Logger log = LoggerFactory.getLogger(UserDetailServiceImpl.class);

    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException {

        CviUsuarios usr = usuarioService.findUsuarioByUsername(username);

        if (usr == null) {
            throw new UsernameNotFoundException("No existe usuario");
        }
        
        List<CviPermisos> perList = usuarioService.cargaListaPermisos(usr.getUsuId());

        GrantedAuthority[] authorities = new GrantedAuthorityImpl[perList.size()];
        int i = 0;
        for (CviPermisos per : perList) {
            authorities[i] = new GrantedAuthorityImpl(per.getPerDescabrv());
            i++;
        }

        boolean accountEnabled = true;

        boolean accountNonLocked = usuarioService.getLoginAttempts(usr.getUsuId()) < Integer.valueOf(StaticDataUtils.variableSistemaMap.get("reintentos_login"));
        boolean accountNonExpired = true;
        boolean credentialsNonExpired = usr.getUsuFechaCaducidad() != null ? usr.getUsuFechaCaducidad().compareTo(new Date()) > 0 : true;
        
        UserDetails usrDtl = new User(usr.getUsuLogin(), usr.getUsuPassword(), accountEnabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
        
        if (!accountNonLocked) {
            throw new LockedException("User account is locked", usrDtl);
        }

        if (!accountNonExpired) {
            throw new AccountExpiredException("User account has expired", usrDtl);

        }

        if (!credentialsNonExpired) {
            throw new CredentialsExpiredException("User account has expired", usrDtl);
        }

        if (!accountEnabled) {
            throw new DisabledException("User account is disabled", usrDtl);
        }
        
        //UserBean userBean = (UserBean)FacesUtils.getManagedBean("userBean");
        //userBean.initialize();
        return usrDtl;
    }

    public void setUsuarioService(UsuarioService usuarioService) {
        this.usuarioService = usuarioService;
    }
  2. Sep 21st, 2010, 09:42 AM #2
    victuriosu
    victuriosu is offline Junior Member
    Join Date
    Mar 2009
    Posts
    6

    Default applicationContext-security.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

	<beans:bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
		<beans:property name="filterInvocationDefinitionSource">
			<beans:value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</beans:value>
		</beans:property>
	</beans:bean>

	<beans:bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>

	<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
		<beans:constructor-arg value="/login.iface"/> <!-- URL redirected to after logout -->
		<beans:constructor-arg>
			<beans:list>
				<beans:ref bean="rememberMeServices"/>
				<beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
			</beans:list>
		</beans:constructor-arg>
	</beans:bean>

	<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
		<beans:property name="authenticationManager" ref="authenticationManager"/>
		<beans:property name="authenticationFailureUrl" value="/accessDenied.iface"/>
		<beans:property name="defaultTargetUrl" value="/"/>
		<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
	</beans:bean>

	<beans:bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>

	<beans:bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
		<beans:property name="authenticationManager" ref="authenticationManager"/>
		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
	</beans:bean>

	<beans:bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
		<beans:property name="key" value="changeThis"/>
		<beans:property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
	</beans:bean>

	<beans:bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
		<beans:property name="authenticationEntryPoint">
			<beans:bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
				<beans:property name="loginFormUrl" value="/login.iface"/>
				<beans:property name="forceHttps" value="false"/>
			</beans:bean>
		</beans:property>
		<beans:property name="accessDeniedHandler">
			<beans:bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
				<beans:property name="errorPage" value="/accessDenied.iface"/>
			</beans:bean>
		</beans:property>
	</beans:bean>

	<beans:bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
		<beans:property name="authenticationManager" ref="authenticationManager"/>
		<beans:property name="accessDecisionManager">
			<beans:bean class="org.springframework.security.vote.AffirmativeBased">
				<beans:property name="allowIfAllAbstainDecisions" value="false"/>
				<beans:property name="decisionVoters">
					<beans:list>
						<beans:bean class="org.springframework.security.vote.RoleVoter"/>
						<beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
					</beans:list>
				</beans:property>
			</beans:bean>
		</beans:property>
		<beans:property name="objectDefinitionSource">
			<beans:value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/secure/**=ROLE_TOTAL,ROLE_GESTION,ROLE_USUARIOS
				/**=IS_AUTHENTICATED_ANONYMOUSLY
			</beans:value>
		</beans:property>
	</beans:bean>

	<beans:bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
		<beans:property name="userDetailsService" ref="userDetailsService"/>
		<beans:property name="key" value="changeThis"/>
	</beans:bean>

	<beans:bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
		<beans:property name="providers">
			<beans:list>
				<beans:ref local="daoAuthenticationProvider"/>
				<beans:bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
					<beans:property name="key" value="changeThis"/>
				</beans:bean>
				<beans:bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
					<beans:property name="key" value="changeThis"/>
				</beans:bean>
			</beans:list>
		</beans:property>
	</beans:bean>

	<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
		<!--
                <beans:property name="passwordEncoder">
                    <beans:bean class="es.prointec.bu.supex.web.gestion.security.Md5PasswordEncoder">
                        <beans:property name="encodeHashAsBase64" value="true"/>
                    </beans:bean>
                </beans:property>
                -->
                <beans:property name="userDetailsService" ref="userDetailsService"/>
		<beans:property name="userCache">
			<beans:bean class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
				<beans:property name="cache">
					<beans:bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
						<beans:property name="cacheManager">
							<beans:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
						</beans:property>
						<beans:property name="cacheName" value="userCache"/>
					</beans:bean>
				</beans:property>
			</beans:bean>
		</beans:property>
	</beans:bean>
	
        <beans:bean id="userDetailsService" class="es.prointec.bu.supex.web.gestion.security.UserDetailServiceImpl">
		<beans:property name="usuarioService" ref="usuarioService" />
	</beans:bean>
        <!--
        <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
		<beans:property name="userProperties">
			<beans:bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
				<beans:property name="location" value="classpath:user.properties"/>
			</beans:bean>
		</beans:property>
	</beans:bean>
	-->
    <!--
	<beans:bean id="authenticationController" class="es.prointec.gcp.web.user.AuthenticationController" scope="session">
         <beans:property name="authenticationManager"><beans:ref bean="authenticationManager"/></beans:property>
     </beans:bean>
	-->
	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
	<beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
        <beans:bean id="accessDeniedBean" class="es.prointec.bu.supex.web.gestion.proxy.AccessDeniedBean" />
        <!--
        <beans:bean id="authenticationListener" class="es.prointec.bu.supex.web.gestion.security.AuthenticationListener">
            <beans:property name="usuarioService" ref="usuarioService" />
            <beans:property name="staticDataUtils" ref="StaticDataUtils" />
            <beans:property name="accessDeniedBean" ref="accessDeniedBean" />
        </beans:bean>
        -->
</beans:beans>
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules