0

I am using Eclipse Scout 22 and I connect my Scout application to a REST server using a modified credential verifier for user authentication. I just discovered that if I try to login using any other username apart from admin, login fails, and I get the following message on the Eclipse IDE console

No UserAgent set on calling context; include default in service-request

2023-01-28 18:17:45,280 WARN  [qtp1624820151-19] org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.interceptRequest(AbstractServiceTunnel.java:84) - No UserAgent set on calling context; include default in service-request - MDC[]

Here is my credential verifier

package org.eclipse.scout.apps.ygapp.shared.security;

public class RestCredentialVerifier implements ICredentialVerifier {
  private static final Logger LOG = LoggerFactory.getLogger(RestCredentialVerifier.class);

@Override
public int verify(String username, char[] passwordPlainText) throws IOException {
   LOG.debug("Method \"verify\" in RestCredentialVerifier. User " + username);

   // Test for missing username or password
   if (StringUtility.isNullOrEmpty(username) || passwordPlainText == null
      || passwordPlainText.length == 0) {
     throw new VetoException(TEXTS.get("MissingUsernameOrPassword")); 
   }

   // Test for non-conforming password
   // Password MUST have between 8 to 20 characters with a minimum of one uppercase, one lowercase,
   // one number, one special character and without spaces
   if ((passwordPlainText.length < 8) || (passwordPlainText.length > 20)) {
     throw new VetoException(TEXTS.get("ThePasswordMustHaveBetween820Characters"));  
   }

   Subject subject = new Subject();
   subject.getPrincipals().add(new SimplePrincipal("system"));
   subject.setReadOnly();  

   RunContext runContext = RunContexts.empty().withLocale(Locale.getDefault()); // OK
   // RunContext runContext = RunContexts.copyCurrent(true).withSubject(subject);  // Fails

   Map<String, String> result = runContext.call(new Callable<Map<String, String>>() {
     @Override
     public Map<String, String> call() throws Exception {
       return BEANS.get(IRestAuthenticationService.class).verify(username, passwordPlainText));
     }
   });

   LOG.debug("Leaving method \"verify\" in RestCredentialVerifier. User " + username);
   if (result.containsKey("message")
    && result.get("message").equals(TEXTS.get("YouAreNowConnectedToTheServer"))) {
     return AUTH_OK;
   } else {
     return AUTH_FAILED;
   }
 }
}

Thanks a lot for your kind assistance.

Cheers,

JDaniel

JDaniel
  • 100
  • 4
  • 9

0 Answers0