cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

[y6.2] Backoffice: Enriching the session with custom attributes as soon as a backoffice user logs in

Go to solution
Former Member

on ‎2017 Mar 09 6:09 PM

0 Kudos
1,655

Whenever a backoffice user logs in, I would like to enrich their session with custom name/value-mappings (which I later would like to use within a Flexible Search query).

To be more precise, I have created a relationship between PointOfService and Employee. The relationship defines which point of services an employee is allowed to manage. My approach is to accumulate all point of services (POS) that are assigned to the employee as soon as they log in into backoffice. I would store the POS's PKs into the session and then add a Personalization rule that restricts the employee to the previously collected POSs.

My aim is to achieve this without modifying any stock code, that means I would like to rely solely on the features the Spring framework offers (Dependency injection, AOP) in order to keep my application modular and maintainable.

What I have done so far

1. Overriding behavior with beans/aliases

I found that the method(s) [Backoffice|ResetConfiguration]AuthenticationSuccessHandler.onAuthenticationSuccess() are being called whenever a user logs in into backoffice. The instantiation is configured in backoffice/web/webroot/WEB-INF/lib/backoffice-core-[...].jar/META-INF/backoffice-core-spring-security.xml. My first approach was to inject my code by overriding the [backoffice|resetConfiguration]AuthenticationSuccessHandler beans.

However, as others have already reported I am unable to override the beans' definitions within my own custombackoffice-backoffice-spring.xml; related topics below:

I strongly assume that the problem lies in the processing sequence: My bean/alias definition would have to be processed after the original bean definition and before their actual usage in <form-login [...] authentication-success-handler-ref="backofficeAuthenticationDetailsSource" [...]> within the stock backoffice-spring-security.xml. I guess that the regular process of merging spring.xml files across all defined extensions does not apply in this context.

2. Using Spring AOP

Since I prefer not to touch any hybris stock code / configuration, my second approach was to use AOP to solve my problem. Within my custom backoffice-related extension custombackoffice, I implemented an aspect that shall react to calls to com.hybris.cockpitng.util.web.authorization.BackofficeAuthenticationSuccessHandler.onAuthenticationSuccess:

 package my;
 // ...
 @Aspect
 public class MyAspect {
     private UserService userService;
 
     @Around("execution(void com.hybris.cockpitng.util.web.authorization.ResetConfigurationAuthenticationSuccessHandler.onAuthenticationSuccess(..)) && args(request, response, authentication)")
     public void myAdvice(ProceedingJoinPoint jp, HttpServletRequest req, HttpServletResponse res, final Authentication auth) throws Throwable {
         // ...
         jp.proceed();
         // ...
         EmployeeModel u = userService.getUserForUID(auth.getName(),
                 EmployeeModel.class); // #FAILING LINE#
         // ...
         request.getSession().setAttribute(...);
     }
 }

I configured AOP by creating an aop.xml configuration file in custombackoffice/resources/META-INF

 <aspectj>
   <weaver options="-showWeaveInfo -verbose">
     <include within="com.hybris.cockpitng.util.web.authorization..*" />
     <include within="my..*" />
   </weaver>
   <aspects>
      <aspect name="my.MyAspect" />
   </aspects>
 </aspectj>

and configured the aspect's bean in custombackoffice/resources/custombackoffice-spring.xml:

 <bean id="myAspect" class="my.MyAspect" factory-method="aspectOf">
     <property name="userService" ref="userService" />
 </bean>

However, when I let this configuration run I receive an exception:

 java.lang.NullPointerException
         at de.hybris.platform.servicelayer.session.impl.DefaultSessionService.executeInLocalView(DefaultSessionService.java:94)
         at de.hybris.platform.servicelayer.search.impl.DefaultFlexibleSearchService.getJaloResult(DefaultFlexibleSearchService.java:396)
         at de.hybris.platform.servicelayer.search.impl.DefaultFlexibleSearchService.search(DefaultFlexibleSearchService.java:168)
         at de.hybris.platform.servicelayer.internal.dao.DefaultGenericDao.find(DefaultGenericDao.java:53)
         at de.hybris.platform.servicelayer.user.daos.impl.DefaultUserDao.findUserByUID(DefaultUserDao.java:36)
         at de.hybris.platform.servicelayer.user.impl.DefaultUserService.getUserForUID(DefaultUserService.java:90)
         at de.hybris.platform.servicelayer.user.impl.DefaultUserService.getUserForUID(DefaultUserService.java:103)
         at my.MyAspect.aspect(MyAspect.java:#FAILING LINE#)

The exception happens on the userService.getUserForUID line due to DefaultSessionService.getOrCreateCurrentJaloSession() returning null. While investigating this issue I found that services (including userService) perform their operation on the junit tenant while my advice runs. Their field AbstractService.currentTenant holds a reference to the junit tenant.

I then took a closer look on the server starting procedure which delivers following log (excerpt):

 [PlatformInPlaceClassLoader@462b582b] info AspectJ Weaver Version 1.8.5 built on Thursday Jan 29, 2015 at 01:03:58 GMT
 [...]
 [PlatformInPlaceClassLoader@462b582b] info using configuration /C:/y-6.2/hybris/bin/custom/custombackoffice/resources/META-INF/aop.xml
 [...]
 [PlatformInPlaceClassLoader@462b582b] info register aspect my.MyAspect
 [...]
 [32mINFO  [localhost-startStop-1] [TenantActivationAspect] Configured tenant <<master>> for aspect
 [...]
 [InnerLoader@3ced5597] info register aspect my.MyAspect
 [32mINFO  [localhost-startStop-1] (junit) [TenantActivationAspect] Configured tenant <<junit>>[327654167] for aspect

Noticeably, my aspect is being registered for both the master and junit tenant. My initial guess was that the advice is executed twice (one time for "master", the second time for "junit") but this is not the case. The advice is only executed in the junit tenant context.

Furthermore, I forced the hybris server to start without the junit tenant activated. I thus added

 installed.tenants=

to my config/local.properties configuration. This works!

3. Solving the problem with a different approach

Right now, I am going to tackle the problem by supplying overriden versions of the Default[User|Session]Service services since this approach looks more promising and controllable to me.

However, I am still curious on how to successfully pursue my two initial approaches:

  1. Is it possible to override beans that are referenced by the stock backoffice-spring-security.xml only by means of Spring's dependency injection (that means without actually touching it)?

  2. What is the deal with backoffice aspects? Why is the JUnit tenant being used instead of the master tenant? Could this actually be a bug?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Former Member
‎2018 May 20 8:34 AM

Hello,

thanks for your question here. It made me not lose hope because I tried all the things you also linked to without success. I however do not feel as comfortable with aspects so I continued my investigation and I found the Bean Extenders Mechanism. https://help.hybris.com/6.7.0/hcd/94ac56a0aa9f486490bbe1251d994457.html#loio94ac56a0aa9f486490bbe125...

With that I was able to change properties and beans originally set up in platform backoffice and now I populate additional things in the new session after login with a custom implementation of BackofficeCockpitUserService.

former_member623026
Explorer
‎2019 Jul 05 3:52 PM
0 Kudos

Hi , could you explain more details how you did, please? Thank you

Former Member
‎2019 Jul 08 8:19 AM

Create an extended bean from the BackofficeCockpitUserService and override the method needed. Add your logic in the overridden method. 

 @Override
     public void setCurrentUser(String userID) {
         super.setCurrentUser(userID);
         final EmployeeModel currentUser = (EmployeeModel) getUserService().getCurrentUser();
         setSiteOnSession(currentUser);
         updateLastLogin(currentUser);
         ...
     }

Then use the extender mechanism available in cockpits and Backoffice spring xml to add changes to any already configured Hybris bean in Backoffice for your Backoffice extension. In the authentication success handler you will be able to add things to the session created using the new and cool BackofficeCockpitUserService after the successful authentication.

 <cng:property-extender bean="backofficeAuthenticationSuccessHandler" property="cockpitUserService">
         <ref bean="newAndCoolBackofficeCockpitUserService" />
 </cng:property-extender>

Have a nice day

View Entire Topic
pooja1_
Explorer
‎2020 Jul 01 9:46 AM
0 Kudos

Hi,

Please move your java file (custom file that extends backofficeAuthenticationSuccessHandler) in backoffice content i.e customBackoffice/backoffice/src folder. It should not be inside customBackoffice/src folder.

It worked for me. I was supposed to capture last login time of employee while he/she login into backoffice.

Show replies
Show replies
former_member809924
Explorer
‎2022 Aug 11 6:27 AM
0 Kudos

Hi Pooja,

Can you share what needs to be configure in xml file for this custom Handler ?

Ask a Question