DDevelopment & Design

Spring security authentication-success-handler-ref and authentication-failure-handler-ref does not work with KerberosServiceAuthenticationProvider

I’m using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author’s blog.But you cannot use handler on form-login to catch authorization result. It’s because of inne…I’m using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author’s blog.But you cannot use handler on form-login to catch authorization result. It’s because of inne…

I’m using

SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author’s blog. But you cannot use handler on form-login to catch authorization result. It’s because of inner construction of authorization filter chain calls. Maybe it can be considered a bug? The workaround is to implement ApplicationListener<AuthenticationSuccessEvent> and ApplicationListener<AbstractAuthenticationFailureEvent> to catch proper events.

package pl.touk.app.fe.server.security;

import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; public class UserSuccessfulLoginLogger implements ApplicationListener{ @Override public void onApplicationEvent(AuthenticationSuccessEvent event) { //do something here } }

package pl.touk.app.fe.server.security;

import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; public class UserFailedLoginLogger implements ApplicationListener{ @Override public void onApplicationEvent(AbstractAuthenticationFailureEvent event) { //do something here } } Then you init beans in Spring configuration

A drawback is that one cannot have access to request and response as could have when using authentication-success-handler-ref and authentication-failure-handler-ref. But in my case I didn’t need that.

Tip! If you cannot receive AuthenticationEvents look at this page.

— Previous article

<!--:en-->Modular Web Application using Eclipse Snaps<!--:-->

Next article —

<!--:en-->Using Eclipse snippets for faster JUnit test creation (with Mockito!)<!--:-->

You May Also Like
DDevelopment & Design

Inconsistent Dependency Injection to domains with Grails

I've encountered strange behavior with a domain class in my project: services that should be injected were null. I've became suspicious as why is that? Services are injected properly in other domain classes so why this one is different?

Constructors experiment

I've created an experiment. I've created empty LibraryService that should be injected and Book domain class like this:

class Book {
    def libraryService

    String author
    String title
    int pageCount

    Book() {
        println("Finished constructor Book()")
    }

    Book(String author) {
        this()
        this.@author = author
        println("Finished constructor Book(String author)")
    }

    Book(String author, String title) {
        super()
        this.@author = author
        this.@title = title
        println("Finished constructor Book(String author, String title)")
    }

    Book(String author, String title, int pageCount) {
        this.@author = author
        this.@title = title
        this.@pageCount = pageCount
        println("Finished constructor Book(String author, String title, int pageCount)")
    }

    void logInjectedService() {
        println("    Service libraryService is injected? -> $libraryService")
    }
}
class LibraryService {
    def serviceMethod() {
    }
}

Book has 4 explicit constructors. I want to check which constructor is injecting dependecies. This is my method that constructs Book objects and I called it in controller: 

class BookController {
    def index() {
        constructAndExamineBooks()
    }

    static constructAndExamineBooks() {
        println("Started constructAndExamineBooks")
        Book book1 = new Book().logInjectedService()
        Book book2 = new Book("foo").logInjectedService()
        Book book3 = new Book("foo", 'bar').logInjectedService()
        Book book4 = new Book("foo", 'bar', 100).logInjectedService()
        Book book5 = new Book(author: "foo", title: 'bar')
        println("Finished constructor Book(Map params)")
        book5.logInjectedService()
    }
}

Analysis

Output looks like this:

Started constructAndExamineBooks
Finished constructor Book()
    Service libraryService is injected? -> eu.spoonman.refaktor.LibraryService@2affcce2
Finished constructor Book()
Finished constructor Book(String author)
    Service libraryService is injected? -> eu.spoonman.refaktor.LibraryService@2affcce2
Finished constructor Book(String author, String title)
    Service libraryService is injected? -> null
Finished constructor Book(String author, String title, int pageCount)
    Service libraryService is injected? -> null
Finished constructor Book()
Finished constructor Book(Map params)
    Service libraryService is injected? -> eu.spoonman.refaktor.LibraryService@2affcce2

What do we see?

  1. Empty constructor injects dependencies.

  2. Constructor that invokes empty constructor explicitly injects dependencies.

  3. Constructor that invokes parent's constructor explicitly does not inject dependencies.

  4. Constructor without any explicit call declared does not call empty constructor thus it does not inject dependencies.

  5. Constructor provied by Grails with a map as a parameter invokes empty constructor and injects dependencies.

Conclusion

Always explicitily invoke empty constructor in your Grail domain classes to ensure Dependency Injection! I didn't know until today either!