Saturday, May 31, 2008

Hibernate 3 session createCriteria returns duplicated entities

Just ran into a minor problem with Hibernate 3, and thought might worth recording the solution and notes here.

Problem statement:

When using Hibernate Session.createCriteria(Class persistentClass) method to fetch a list of entities based on the given class type, the return result will contain duplicated instances if the entity has many-to-many eager-fetch relationship, see HB-520 for more details on this issue.

Solution:

For my specific problem, the solution is pretty simple all I had to do is add a transformer

setResultTransformer(CriteriaSpecification.DISTINCT_ROOT_ENTITY)

this way Hibernate will remove all duplicated entities from the return list. Although this simple solution will not work for more complicated scenario, when you have pagination or other requirement, in which a custom query might be used to provide more control and flexibility.

Code syntax highlighter for Blogger

In my previous post, in order to display some xml code nicely on Blogger I did some research and finally found a nice little javascript/css library called SyntaxHighlighter which does pretty awesome job for most of the mainstream programming languages. On top of that it is also extremely easy to setup and does require any server side programming capability from your hosting company. It also has a one neat feature to remove the annoying "br" line breakers that Blogger automatically generates for you.

Give a try, it will make it a lot easier and prettier for you to post some example code on your blog.

Thursday, May 29, 2008

Integrating Spring Security 2 with Active Directory

Recently I worked on getting newly released Spring Security (formerly known as Acegi Security) to work with Microsoft Active Directory LDAP server. Although the configuration for Spring Security has massively improved comparing to the early days of Acegi, however since Active Directory has its own format plus some bugs in the early release (I am using 2.0.1 right now since thats the latest one in public Maven repository) therefore integration is not as straightforward as I expected. Thats why I decided to record the finding here in my Daylog.

Firstly we need to setup http security:









here it was configured to protect everything under protected folder using Basic authentication and also forcing the HTTPS protocol.

Secondly, we need to connect to the LDAP server:





Then, we need to let Spring Security know where to search for the users:






in my case the search base is "ou=Offices" but based on your LDAP setting it might be different. The strange looking "(sAMAccountName={0})" is the Active Directory specific syntax for matching the user name.

Last but definitely not least, we need to setup our authentication provider:


class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"
autowire="default">


class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">


class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

value="(sAMAccountName={0})">






class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">










If you are familiar with Spring 2.x configuration you probably will start asking why all of sudden I switched from name space based security configuration to manual bean based approach. The reason is that a known bug (SEC-836 - its fixed in 2.0.2 release which is currently not yet available in Maven) in Spring Security prevent the group search from scanning the sub-tree
, therefore if your group tree has multiple levels the search will not return the right result.

Last note, all your roles defined in your directory will be returned in upper case with "ROLE_" prefix appended. This configuration was created and tested with Spring 2.5.2 and Spring Security 2.0.1.