• Post Reply Bookmark Topic Watch Topic
  • New Topic

SecurityContextPersistenceFilter where to configure it and how spring will use it  RSS feed

sajjad ahmad
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good day I am using UserCredentialsDataSourceAdapter class in my spring application b cause we can’t have a connection pool here (Proxy user not allowed) and each user has to has his own connection for each request (or for his whole session).
Below is the retrieveUser method

* This method should have the database call where we will try to get the connection for this user , if connection is successfull this means user is authorized.
* I think if we want to check any needed roles we should also check the roles in this method instead of doing it in additionalAutheticationChecks or we can use
* the ThreadModel here (recomended by Haroon)
protected UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
String password = (String) authentication.getCredentials();
if (!StringUtils.hasText(password))
throw new BadCredentialsException("Please enter password");

List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

getUserAdapter().setCredentialsForCurrentThread(us ername, password);
Connection conn= getUserAdapter().getConnection();

catch (SQLException e) {
//**This means user credentials are not correct so we should throw EmptyResultDataAccessException from here
throw new BadCredentialsException("Invalid username or password");

catch (EmptyResultDataAccessException e)
throw new BadCredentialsException("Invalid username or password");

} catch (EntityNotFoundException e) {
throw new BadCredentialsException("Invalid user");

} catch (NonUniqueResultException e) {
throw new BadCredentialsException("Non-unique user, contact administrator");

return new User(username, password,
true, // enabled
true, // account not expired
true, // credentials not expired
true, // account not locked

User is able to login as in this method I am just checking if I can make the database connection successfully using credentials then it means he is a valid user.
Now in my application after login user may want to see list of Items , when I try to click the list link I get an error like

2012-10-23 18:55:52,906 [tomcat-http--41] DEBUG org.springframework.jdbc.datasource.DriverManagerD ataSource - Creating new JDBC DriverManager Connection to [jdbcracle:thin:@EPAT]
2012-10-23 18:55:53,002 [tomcat-http--41] DEBUG org.hibernate.util.JDBCExceptionReporter - Cannot open connection [???]

I was assuming that since I have already set the credentials using setCredentialsForCurrentThread method for all the other requests from same user spring will handle the connection thing , but I understand it now since each request means a different thread on server therefore user credentials may have been lost in another thread.
And I am looking for a best possible approach here, please guide me what to do in this case.

I came to know about SecurityContextPersistenceFilter class and I am setting it as a bean in my applicationcontext.xml as

<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.Se curityContextPersistenceFilter"/>

but still face teh same problem , user is successfully logedin but when he tries to see list of items I see hibernate same problem reported by hibernate.

Note: In my application I want the user to login only once and the connection made during login should be used until he logs out or his session is invalidated, or the user credentials are being stored in a way that Spring manages the creation of new connection upon each request.
Bill Gorder
Posts: 1682
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Read the java doc for DriverManagerDataSource. Its not a real connection pool it just creates new connections. It does not look like you are uing HIbernate I see you fiddling with the connection manually there is nothing Spring managed about it. I don't see you closing your connection either.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!