-
FEATURED COMPONENTS
First time here? Check out the FAQ!
I am running into a problem obtaining the authentication object from Spring's security context. The interesting thing is I see the authentication details on page views but not during ZK events, such as when a select an item in a list and open a modal window to show details. My modal's composer has logic to dump out the authentication details but is null.
I believe this thread describes what I am experiencing: http://forum.springsource.org/showthread.php?57988-getAuthentication%28%29-is-null However, their solution to the problem doesn't work with Spring 3.x I'm posting here because this seems more a problem with ZK than with Spring. The problem is ZK events create a new thread and doesn't have any reference to the authentication in spring security. Their solution suggestion that the context needs to be copied into each event thread. My problem is Spring 3.0 has removed the ThreadLocalSecurityContextHolderStrategy class. I cannot find it in the 3.0.x javadocs.
This smalltalk document doesn't appears to support Spring security 2.x and not 3.x: http://books.zkoss.org/wiki/Small_Talks/2010/April/Making_Spring_Security_Work_with_ZK
I've added the following to my zk.xml file and ended up getting class not found on ThreadLocalSecurityContextHolderStrategy
What is ZKs solution for this problem using Spring 3.0? Can anyone from ZK provide updated SmallTalk doc that address ZK 5 with Spring security 3.x in this regard. I'm frustrated with 2 days of getting no where on this problem and I appreciate your suggestions and advice.
Here's my addition to zk.xml:
<listener> <description>ThreadLocal Synchronization Listener</description> <listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class> </listener> <preference> <name>ThreadLocal</name> <value>org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy=contextHolder</value> </preference>
01:50:09,931 ERROR java.lang.ClassNotFoundException: org.springframework.security.context.ThreadLocalSecurityCo
ntextHolderStrategy from BaseClassLoader@4d9e1a6c{VFSClassLoaderPolicy@46d8d043{name=vfszip:/Z:/Servers/jboss-5.1.0.GA/s
erver/default/deploy/app.war/ domain=ClassLoaderDomain@4a906422{name=CSPDomain parentPolicy=BEFORE parent=ClassLoaderDom
ain@628d2280{DefaultDomain}} roots=[MemoryContextHandler@1146159883[path= context=vfsmemory://a482b5d-z29yi2-gzroe1t3-1-
gzrp49ms-9y real=vfsmemory://a482b5d-z29yi2-gzroe1t3-1-gzrp49ms-9y], ZipEntryHandler@580839991[path=csp.war/WEB-INF/clas
ses context=file:/Z:/Servers/jboss-5.1.0.GA/server/default/deploy/ real=file:/Z:/Servers/jboss-5.1.0.GA/server/default/d
eploy/app.war/WEB-INF/classes], DelegatingHandler@1864553122[path=app.war/WEB-INF/lib/ArialTTF.jar context=file:/Z:/Serv
ers/jboss-5.1.0.GA/server/default/deploy/ real=file:/Z:/Servers/jboss-5.1.0.GA/server/default/deploy/csp.war/WEB-INF/lib
Hi,
Right, org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy seems to be removed from spring security 3.x onwards. I looked at the SecurityContextHolder javadocs and spring security reference and there seems to be a mode option that you can set. It defaults to ThreadLocal you can expriment with other modes. My best guess is that you could solve your issue with SecurityContextHolder.MODE_INHERITABLETHREADLOCAL Refer here for more details.
Please let us know your findings.
HI,
Thanks for the references. I was looking at those docs but things were not connecting with me...until this morning. I thought I share my results in case someone else has the same issue. So here's what I did.
1) I removed the following from my zk.xml
<listener> <description>ThreadLocal Synchronization Listener</description> <listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class> </listener> <preference> <name>ThreadLocal</name> <value>org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy=contextHolder</value> </preference>
2) I added to my applicationContext-security.xml file
<beans:bean id="sysprops" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <beans:property name="targetClass"> <beans:value>java.lang.System</beans:value> </beans:property> <beans:property name="targetMethod"> <beans:value>setProperty</beans:value> </beans:property> <beans:property name="arguments"> <beans:list> <beans:value>spring.security.strategy</beans:value> <beans:value>MODE_INHERITABLETHREADLOCAL</beans:value> </beans:list> </beans:property> </beans:bean>
After these changes my code in zul files is working properly. Such as:
<textbox id="someid" value="@{win$composer.person.phone}" maxlength="10" disabled="${sec:isNoneGranted('ROLE_MGR')}"/>
Asked: 2012-03-14 01:53:18 +0800
Seen: 287 times
Last updated: Apr 25 '12