• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
  • Mike London

SecurityContextPersistenceFilter where to configure it and how spring will use it

Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Good day I am using UserCredentialsDataSourceAdapter class in my spring application b cause we can’t have a connection pool here (Proxy user not allowed) and each user has to has his own connection for each request (or for his whole session).
Below is the retrieveUser method

* This method should have the database call where we will try to get the connection for this user , if connection is successfull this means user is authorized.
* I think if we want to check any needed roles we should also check the roles in this method instead of doing it in additionalAutheticationChecks or we can use
* the ThreadModel here (recomended by Haroon)
protected UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
String password = (String) authentication.getCredentials();
if (!StringUtils.hasText(password))
throw new BadCredentialsException("Please enter password");

List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

getUserAdapter().setCredentialsForCurrentThread(us ername, password);
Connection conn= getUserAdapter().getConnection();

catch (SQLException e) {
//**This means user credentials are not correct so we should throw EmptyResultDataAccessException from here
throw new BadCredentialsException("Invalid username or password");

catch (EmptyResultDataAccessException e)
throw new BadCredentialsException("Invalid username or password");

} catch (EntityNotFoundException e) {
throw new BadCredentialsException("Invalid user");

} catch (NonUniqueResultException e) {
throw new BadCredentialsException("Non-unique user, contact administrator");

return new User(username, password,
true, // enabled
true, // account not expired
true, // credentials not expired
true, // account not locked

User is able to login as in this method I am just checking if I can make the database connection successfully using credentials then it means he is a valid user.
Now in my application after login user may want to see list of Items , when I try to click the list link I get an error like

2012-10-23 18:55:52,906 [tomcat-http--41] DEBUG org.springframework.jdbc.datasource.DriverManagerD ataSource - Creating new JDBC DriverManager Connection to [jdbc:oracle:thin:@EPAT]
2012-10-23 18:55:53,002 [tomcat-http--41] DEBUG org.hibernate.util.JDBCExceptionReporter - Cannot open connection [???]

I was assuming that since I have already set the credentials using setCredentialsForCurrentThread method for all the other requests from same user spring will handle the connection thing , but I understand it now since each request means a different thread on server therefore user credentials may have been lost in another thread.
And I am looking for a best possible approach here, please guide me what to do in this case.

I came to know about SecurityContextPersistenceFilter class and I am setting it as a bean in my applicationcontext.xml as

<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.Se curityContextPersistenceFilter"/>

but still face teh same problem , user is successfully logedin but when he tries to see list of items I see hibernate same problem reported by hibernate.

Note: In my application I want the user to login only once and the connection made during login should be used until he logs out or his session is invalidated, or the user credentials are being stored in a way that Spring manages the creation of new connection upon each request.
Posts: 1682
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Read the java doc for DriverManagerDataSource. Its not a real connection pool it just creates new connections. It does not look like you are uing HIbernate I see you fiddling with the connection manually there is nothing Spring managed about it. I don't see you closing your connection either.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic