Where to look for info about how JWTAuthenticator stores data under the hood without AuthenticatorRepository implementation


#1

Hi, could you please post a link or some info how JWTAuthenticatorService stores data under the hood without AuthenticatorRepository implementation. I see that JWTAuthenticatorService possibly uses CacheLayer but how does it work there and should repository be created for better persistance?

class SilhouetteModule extends AbstractModule with ScalaModule {
  private implicit val enumReader = enumerationValueReader
  private implicit val arbReaderOA2S: ValueReader[OAuth2Settings] = arbitraryTypeValueReader[OAuth2Settings]
  private implicit val arbReaderJWTAS: ValueReader[JWTAuthenticatorSettings] =
    arbitraryTypeValueReader[JWTAuthenticatorSettings]


  //TODO remove all social providers
  def configure() {
    bind[Silhouette[DefaultEnv]].to[SilhouetteProvider[DefaultEnv]]
    bind[IdentityService[User]].to[UserService]
    bind[UnsecuredErrorHandler].to[CustomUnsecuredErrorHandler]
    bind[SecuredErrorHandler].to[CustomSecuredErrorHandler]
    bind[UserService].to[UserServiceImpl]
    bind[UserDAO].to[UserDAOImpl]
    bind[CacheLayer].to[PlayCacheLayer]
    bind[IDGenerator].toInstance(new SecureRandomIDGenerator())
    bind[FingerprintGenerator].toInstance(new DefaultFingerprintGenerator(false))
    bind[EventBus].toInstance(EventBus())
    bind[Clock].toInstance(Clock())
    bind[DelegableAuthInfoDAO[PasswordInfo]].to[PasswordInfoDAO]
    bind[DelegableAuthInfoDAO[OAuth1Info]].toInstance(new InMemoryAuthInfoDAO[OAuth1Info])
    bind[DelegableAuthInfoDAO[OAuth2Info]].toInstance(new InMemoryAuthInfoDAO[OAuth2Info])
    bind[DelegableAuthInfoDAO[OpenIDInfo]].toInstance(new InMemoryAuthInfoDAO[OpenIDInfo])
  }


  @Provides
  def provideAuthInfoRepository(
                                 passwordInfoDAO: DelegableAuthInfoDAO[PasswordInfo],
                                 oauth1InfoDAO: DelegableAuthInfoDAO[OAuth1Info],
                                 oauth2InfoDAO: DelegableAuthInfoDAO[OAuth2Info],
                                 openIDInfoDAO: DelegableAuthInfoDAO[OpenIDInfo]
                               ): AuthInfoRepository = {

    new DelegableAuthInfoRepository(passwordInfoDAO, oauth1InfoDAO, oauth2InfoDAO, openIDInfoDAO)
  }


  @Provides
  def provideEnvironment(
                          identityService: IdentityService[User],
                          userService: UserService,
                          authenticatorService: AuthenticatorService[JWTAuthenticator],
                          eventBus: EventBus): Environment[DefaultEnv] = {

    Environment[DefaultEnv](
      identityService,
      authenticatorService,
      Seq(),
      eventBus
    )
  }

  @Provides
  def provideAuthenticatorService(
                                   authenticatorEncoder: Base64AuthenticatorEncoder,
                                   idGenerator: IDGenerator,
                                   configuration: Configuration,
                                   cacheLayer: CacheLayer,
                                   clock: Clock)
  : AuthenticatorSevice[JWTAuthenticator] =  new JWTAuthenticatorService(
      configuration.underlying as[JWTAuthenticatorSettings] "silhouette.authenticator",
      None, //Some(new CacheAuthenticatorRepository[JWTAuthenticator](cacheLayer)),
      authenticatorEncoder,
      idGenPreformatted text`erator,
      clock)

#2

Hi,

if you do not apply a AuthenticatorRepository to the JWTAuthenticatorService then the authenticator gets not persisted. This isn’t needed because a JWT can store all the authenticator information. If you apply an AuthenticatorRepository then you has the possibility to invalidate a token on the server side.

Hope that answers your question.

Best regards,
Christian


#3

I am going to use docker for application. I think after docker deployment all users will be logged out so I am trying to implement AuthenticatorRepository. I tried to debug with breakpoints but it seems that injected instance is never called. Could you suggest please what should I check and should I redefine and override SecuredActions ?


#4

Could you please describe exactly the issue your facing? You say that you think that after docker deployment all users will be logged out. Have you tested this or do you think that this issue can occur?

Normally the JWT authenticator should work always regarding if you define a AuthenticatorRepository or not. This has nothing to do with your deployment. So I’m not really sure which issue you have?


#5

I was thinking that this can occur. Thank you for suggestion. I will test it and post the result here.


#6

@akkie, thanks for suggestion. I just tested and everything seems to be working with shared database. Deploying with docker just should not override database