I am using a jdbc -> oracle spring authentication on an HTTP endpoint; it's working correctly.
The problem is when i provide incorrect login/passwd , i get BadCredentialsException. In my mule conf file i have an interceptor where i have access to login & password used (if success) , i tried to catch the exception but it's impossible.
It seems the authentication process hapens before the interceptor is 'active', since then, when the exception is raised all try catch blocks or testing the login/passwd from the interceptor doesn't work.
here are snippets code of mule config & from the interceptor & the exeption :
=================mule conf==========================
...
<spring:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<spring:property name="driverClassName">
<spring:value>oracle.jdbc.driver.OracleDriver</spring:value>
</spring:property>
<spring:property name="url">
<spring:value>jdbc:oracle:thin:@localhost:1521:XE</spring:value>
</spring:property>
<spring:property name="username">
<spring:value>muleuser</spring:value>
</spring:property>
<spring:property name="password">
<spring:value>muleuser</spring:value>
</spring:property>
</spring:bean>
<spring:beans>
<ss:authentication-manager alias="authenticationManager" />
<ss:authentication-provider>
<ss:jdbc-user-service data-source-ref="dataSource" />
</ss:authentication-provider>
</spring:beans>
<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="memory-dao" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
<security-manager>
<password-encryption-strategy name="passwordEncryption"
password="password" />
</security-manager>
<custom-transformer name="StringToNameString"
class="ma.atexo.transformers.StringToNameString" />
<custom-transformer name="HttpRequestToNameString"
class="ma.atexo.transformers.HttpRequestToNameString" />
<custom-transformer name="ExceptionToString"
class="ma.atexo.transformers.ExceptionToString" />
<custom-transformer name="HttpRequestToParameter"
class="org.mule.transport.servlet.transformers.HttpRequestToParameter" />
<custom-transformer name="ObjectToString"
class="ma.atexo.transformers.ObjectToString" />
<jms:activemq-connector name="jmsConnector"
maxRedelivery="1" brokerURL="tcp://localhost:61616" specification="1.1"
durable="true" persistentDelivery="true">
</jms:activemq-connector>
<message-properties-transformer name="PlainTextResponseTransformer">
<add-message-property key="Content-Type" value="text/plain" />
</message-properties-transformer>
<model name="helloSample">
<service name="GreeterUMO">
<inbound>
<inbound-endpoint address="http://localhost:8888"
transformer-refs="HttpRequestToNameString" synchronous="true" >
<not-filter>
<wildcard-filter pattern="/favicon.ico" />
</not-filter>
<mule-ss:http-security-filter realm="mule" />
<message-properties-transformer name="NettoyeurDeMessageProperties">
<delete-message-property key="Accept_Charset" />
<delete-message-property key="Accept_Encoding" />
<delete-message-property key="Accept_Language" />
<delete-message-property key="Cache_Control" />
</message-properties-transformer>
</inbound-endpoint>
</inbound>
<component>
<custom-interceptor class="org.mule.server.LoginInterceptoronlyhttp" />
<prototype-object class="org.mule.server.LoginInterceptoronlyhttp" />
</component>
<outbound>
<pass-through-router>
<jms:outbound-endpoint connector-ref="jmsConnector" queue="FICHIER" />
</pass-through-router>
</outbound>
</service>
</model>
==========================================
======================Interceptor snippet ===============================
//try catch block are ineffective even catching the exception i get
public class LoginInterceptoronlyhttp implements Interceptor {
public MuleMessage intercept(Invocation invocation) throws MuleException{
if (invocation.getMessage().getPayload() != null) {
SecurityContext securityContext =invocation.getEvent().getSession().getSecurityContext();
if (securityContext == null) {
throw new DefaultMuleException("No SecurityContext present");
}
User user = (User) securityContext.getAuthentication().getPrincipal();
String username=user.getUsername().toString();
try { //some db treatment
Logmule unlogmule= new Logmule();
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
unlogmule.setIntanceMule(1);
unlogmule.setDateEnvoi(format.format(new Date()));
unlogmule.setMuleMessageId(invocation.getMessage().getPayload().toString());
unlogmule.setStatut1("R1");
SaveDataToOracle.createLogMume(unlogmule);
}
catch (Exception e) {}
}
return invocation.getMessage();
}
}
=====================exception stacktrace============================
********************************************************************************
Exception stack is:
1. Bad credentials (org.springframework.security.BadCredentialsException)
org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider:124 (null)
2. Authentication Attempt Failed. Message payload is of type: String (org.mule.api.security.UnauthorisedException)
org.mule.security.MuleSecurityManager:95 (http://www.mulesource.org/docs/site/current2/apidocs/org/mule/api/security/UnauthorisedException.html)
********************************************************************************
Root Exception stack trace:
org.springframework.security.BadCredentialsException: Bad credentials
at org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:124)
at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188)
at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
at org.mule.module.spring.security.SpringProviderAdapter.authenticate(SpringProviderAdapter.java:69)
at org.mule.security.MuleSecurityManager.authenticate(MuleSecurityManager.java:89)
at org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:138)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:181)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:335)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:252)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:193)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:273)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:227)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:190)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Unknown Source)
********************************************************************************
any idea ? i searched the web but found nothing
plz help me !
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
HTH
A
--
Antoine Borg , Director of Services | Tel: +32 28 504 696
ricston Ltd., BP 2, 1180 Uccle, Brussels, BELGIUM
See our full schedule of Mule and Android courses online: Ricston Course
Schedules <http://www.ricston.com/courses/schedules>
email: antoin...@ricston.com <mailto:antoin...@ricston.com> |
twitter: twitter.com/antoinericston <http://www.twitter.com/antoinericston>
----------
* Disclaimer* - This email and any files transmitted with it are
confidential and contain privileged or copyright information. You must
not present this message to another party without first gaining
permission from the sender. If you are not the intended recipient you
must not copy, distribute or use this email or the information contained
in it for any purpose other than to notify us. If you have received this
message in error, please notify the sender immediately and delete this
email from your system. We do not guarantee that this material is free
from viruses or any other defects although due care has been taken to
minimise the risk. Any views stated in this communication are those of
the actual sender and not necessarily those of Ricston Ltd. or its
subsidiaries.
Exception stack is:
1. Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. . Message payload is of type: String (org.mule.api.security.UnauthorisedException)
org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter:164 (http://www.mulesource.org/docs/site/current2/apidocs/org/mule/api/security/UnauthorisedException.html)
********************************************************************************
Root Exception stack trace:
org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. . Message payload is of type: String
at org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:164)
at org.mule.security.AbstractEndpointSecurityFilter.authenticate(AbstractEndpointSecurityFilter.java:181)
at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:335)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:252)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:193)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:273)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:227)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:190)
at org.mule.work.WorkerContext.run(WorkerContext.java:310)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
at java.lang.Thread.run(Unknown Source)
********************************************************************************
so the default-connector-exception-strategy gets activated with this exception which is not the source of my pb;it's not 'harmful' since everything is ok after validating a login/passwd in the dialog box.
the real problem is that i can't catch the spring exception (badcredentialsexception) until now even with different catch strategies.
Have you tried using exception strategies? That is the place to catch
exceptions in a Mule application
HTH
---------------------------------------------------------------------
I used different kinds of exception strategies in different places in mule conf file but nothing could catch "BadCredentialsException" thrown by spring
I wish somone got the answer !
WARN 2011-09-01 14:10:00,609 [[UserServices].httpsConnector.receiver.10] org.mule.processor.SecurityFilterMessageProcessor: Outbound Request was made but was not authenticated: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:160)
at org.mule.security.AbstractAuthenticationFilter.authenticate(AbstractAuthenticationFilter.java:70)
at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:60)
at org.mule.security.AbstractEndpointSecurityFilter.doFilter(AbstractEndpointSecurityFilter.java:53)
at org.mule.processor.SecurityFilterMessageProcessor.process(SecurityFilterMessageProcessor.java:59)
at org.mule.processor.ExceptionHandlingMessageProcessor.process(ExceptionHandlingMessageProcessor.java:25)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:185)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:158)
at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:145)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:247)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:206)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:164)
at org.mule.work.WorkerContext.run(WorkerContext.java:309)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:987)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:528)
at java.lang.Thread.run(Thread.java:662)
ERROR 2011-09-01 14:10:00,610 [[UserServices].httpsConnector.receiver.10] org.mule.exception.DefaultServiceExceptionStrategy:
********************************************************************************
Message : Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
Code : MULE_ERROR-54999
--------------------------------------------------------------------------------
Exception stack is:
1. Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String (org.mule.api.security.UnauthorisedException)
org.mule.transport.http.filters.HttpBasicAuthenticationFilter:160 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/security/UnauthorisedException.html)
--------------------------------------------------------------------------------
Root Exception stack trace:
org.mule.api.security.UnauthorisedException: Registered authentication is set to org.mule.module.spring.security.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint https://localhost:65114/eas. Message payload is of type: String
at org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:160)
at org.mule.security.AbstractAuthenticationFilter.authenticate(AbstractAuthenticationFilter.java:70)
at org.mule.security.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:60)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************