挂毯覆盖身份验证器

Question

我正在尝试使用一个用于tapestry安全性(org.tynamo.security)的自定义身份验证器。

我有一个自定义认证器

public class EnvironmentalRealmAuthenticator extends ModularRealmAuthenticator

在我的模块中，我重写了Tapestry (ModularRealmAuthenticator)的默认身份验证器：

public static void bind(final ServiceBinder binder) {

    binder.bind(Authenticator.class, EnvironmentalRealmAuthenticator.class).withId("EnvironmentalRealmAuthenticator");
}

@Contribute(ServiceOverride.class)
public static void setupOverrides(final MappedConfiguration<Class, Object> configuration, @Local final Authenticator override) {
    configuration.add(Authenticator.class, override);
}

但是，这会导致缓存在注销时不被清除--我怀疑这是由Shiro的DefaultSecurityManager检测身份验证者是否监听注销引起的：

Authenticator authc = getAuthenticator();
if (authc instanceof LogoutAware) {
    ((LogoutAware) authc).onLogout(principals);
}

由于EnvironmentalRealmAuthenticator被绑定为Tapestry服务，它最初作为代理注入，因此authc instanceof LogoutAware生成false --这就是为什么在Tynamo的SecurityModule中以不同的方式绑定默认ModularRealmAuthenticator的原因：

// TYNAMO-155 It's not enough to identify ModularRealmAuthenticator by it's Authenticator interface only
// because Shiro tests if the object is an instanceof LogoutAware to call logout handlers
binder.bind(ModularRealmAuthenticator.class);

但是，当我试图以这种方式覆盖我的EnvironmentalRealmAuthenticator时

binder.bind(EnvironmentalRealmAuthenticator.class).withId("EnvironmentalRealmAuthenticator");

这导致以下例外情况：

由: java.lang.IllegalStateException:构造服务'ServiceOverride‘导致递归失败:服务在某种程度上依赖于自身。请通过org.apache.tapestry5.ioc.internal.services.ServiceOverrideImpl(Map) (at ServiceOverrideImpl.java:31)通过org.apache.tapestry5.ioc.modules.TapestryIOCModule.bind(ServiceBinder) (at TapestryIOCModule.java:52)查看对其他服务的引用，该服务本身依赖于服务“ServiceOverride”.

Answer 1

我似乎找到了一种(相当讨厌的)方法。我没有覆盖Authenticator本身，而是重写了WebSecuritymanager：

public static void bind(final ServiceBinder binder) {
    binder.bind(EnvironmentalRealmAuthenticator.class).withId("EnvironmentalRealmAuthenticator");
    binder.bind(WebSecurityManager.class, EnvironmentalSecurityManager.class).withId("EnvironmentalSecurityManager");
}

@Contribute(ServiceOverride.class)
public static void setupOverrides(final MappedConfiguration<Class, Object> configuration, @Local final WebSecurityManager override) {
    configuration.add(WebSecurityManager.class, override);
}

这样，我就不必将EnvironmentalRealmAuthenticator与其接口绑定。为了能够识别新的Authenticator，我对模块进行了注释：

@Marker(Primary.class)

然后，EnvironmentalSecurityManager的植入如下所示：

/**
 * Used to properly (and uniquely) identify the authenticator (without having to override it)
 */
public class EnvironmentalSecurityManager extends TapestryRealmSecurityManager {

    private final Logger logger = LoggerFactory.getLogger(EnvironmentalSecurityManager.class);

    /**
     * Mind the @Primary annotation, used to identify the EnvironmentalRealmAuthenticator
     */
    public EnvironmentalSecurityManager(final @Primary Authenticator authenticator, final SubjectFactory subjectFactory, final RememberMeManager rememberMeManager, final Collection<Realm> realms) {

        super(authenticator, subjectFactory, rememberMeManager, realms);
        logger.debug("Created EnvironmentalSecurityManager - class of authenticator is {}", authenticator.getClass());
    }
}

这样，我就可以保证使用正确的Authenticator，而不必实际覆盖它。

Answer 2

如果不看到导致该异常的setupOverrides方法的最终版本，我就无法确定。

但是，你试过这个吗？

public static void bind(final ServiceBinder binder) {

    binder.bind(EnvironmentalRealmAuthenticator.class);
}

@Contribute(ServiceOverride.class)
public static void setupOverrides(final MappedConfiguration<Class, Object> configuration, EnvironmentalRealmAuthenticator override) {
    configuration.add(Authenticator.class, override);
}