Announcement Announcement Module
Collapse
No announcement yet.
some problems about AcegiAuthenticationSource Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • some problems about AcegiAuthenticationSource

    I want to intergrate spring ldap and acegi. But when i used AcegiAuthenticationSource it doesn't work.
    The rusult is
    [WARN,AcegiAuthenticationSource,http-8080-3] No Authentication object set in SecurityContext - returning empty String as Principal
    [WARN,AcegiAuthenticationSource,http-8080-3] No Authentication object set in SecurityContext - returning empty String as Credentials

    My config file is
    Code:
    <beans>
    	<bean id="contextSource"
    	class="org.springframework.ldap.core.support.LdapContextSource">
    		<property name="url" value="ldap://localhost:389" />
    		<property name="base" value="dc=whut,dc=edu" />
    		<property name="authenticationSource" ref="authenticationSource"/>
    	</bean>
    	<bean id="authenticationSource" 
    		class="org.springframework.ldap.authentication.AcegiAuthenticationSource" />
    
    	<bean id="ldapTemplate"
    		class="org.springframework.ldap.core.LdapTemplate">
    		<constructor-arg ref="contextSource" />
    	</bean>
    	<bean id="IpsDao" class="spring.IpsDAOImpl">
    		<property name="ldapTemplate" ref="ldapTemplate" />
    	</bean>
    	
    	<bean id="filterChainProxy"
    		class="org.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			</value>
    		</property>
    	</bean>
    
    	<bean id="httpSessionContextIntegrationFilter"
    		class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
    
    	<bean id="logoutFilter"
    		class="org.acegisecurity.ui.logout.LogoutFilter">
    		<constructor-arg value="/logoutSuccess.jsp" />
    		<constructor-arg>
    			<list>
    				<bean
    					class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
    			</list>
    		</constructor-arg>
    	</bean>
    
    	<bean id="authenticationProcessingFilter"
    		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    		<property name="authenticationManager"
    			ref="authenticationManager" />
    		<property name="authenticationFailureUrl"
    			value="/acegilogin.jsp?login_error=1" />
    		<property name="defaultTargetUrl"
    			value="/index.jsp"/>
    		<property name="filterProcessesUrl"
    			value="/j_acegi_security_check" />
    	</bean>
    
    	<bean id="securityContextHolderAwareRequestFilter"
    		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
    
    	<bean id="exceptionTranslationFilter"
    		class="org.acegisecurity.ui.ExceptionTranslationFilter">
    		<property name="authenticationEntryPoint">
    			<bean
    				class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    				<property name="loginFormUrl" value="/acegilogin.jsp" />
    			</bean>
    		</property>
    		<property name="accessDeniedHandler">
    			<bean
    				class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    				<property name="errorPage" value="/acegilogin.jsp" />
    			</bean>
    		</property>
    	</bean>
    
    	<bean id="authenticationManager"
    		class="org.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="ldapAuthenticationProvider" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="userCache"
    		class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    		<property name="cache">
    			<bean
    				class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    				<property name="cacheManager">
    					<bean
    						class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
    				</property>
    				<property name="cacheName" value="userCache" />
    			</bean>
    		</property>
    	</bean>
    
    	<bean id="ldapAuthenticationProvider"
    		class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
    		<constructor-arg>
    			<ref local="authenticator" />
    		</constructor-arg>
    		<constructor-arg>
    			<ref local="populator" />
    		</constructor-arg>
    		<property name="userCache" ref="userCache"/>
    	</bean>
    
    	<bean id="authenticator"
    		class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
    		<constructor-arg>
    			<ref local="initialDirContextFactory" />
    		</constructor-arg>
    		<property name="userSearch">
    			<ref local="userSearch" />
    		</property>
    	</bean>
    
    	<bean id="userSearch"
    		class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
    		<constructor-arg>
    			<value>ou=Users</value>
    		</constructor-arg>
    		<constructor-arg>
    			<value>(cn={0})</value>
    		</constructor-arg>
    		<constructor-arg>
    			<ref local="initialDirContextFactory" />
    		</constructor-arg>
    		<property name="searchSubtree">
    			<value>true</value>
    		</property>
    	</bean>
    
    	<bean id="populator"
    		class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
    		<constructor-arg>
    			<ref local="initialDirContextFactory" />
    		</constructor-arg>
    		<constructor-arg>
    			<value>ou=Groups</value>
    		</constructor-arg>
    		<property name="groupRoleAttribute">
    			<value>cn</value>
    		</property>
    		<property name="groupSearchFilter">
    			<value>groupmember={0}</value>
    		</property>
    		<property name="searchSubtree">
    			<value>true</value>
    		</property>
    	</bean>
    	
    	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    		<property name="key" value="changeThis"/>
    		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
    	</bean>
    	
    	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="accessDecisionManager">
    			<bean class="org.acegisecurity.vote.AffirmativeBased">
    				<property name="allowIfAllAbstainDecisions" value="false"/>
    				<property name="decisionVoters">
    					<list>
    						<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
    						<bean class="org.acegisecurity.vote.RoleVoter"/>
    					</list>
    				</property>
    			</bean>
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
    				/**=ROLE_MANAGER
    			</value>
    		</property>
    	</bean>
    	
    	<bean id="initialDirContextFactory"
    		class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
    		<constructor-arg
    			value="ldap://localhost:389/dc=whut,dc=edu" />
    		<property name="managerDn">
    			<value>cn=root,dc=whut,dc=edu</value>
    		</property>
    		<property name="managerPassword">
    			<value>password</value>
    		</property>
    	</bean>
    
    	<!--bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/-->
    </beans>
    But in the jsps i can get the Authentication. Code is:
    Code:
    Object obj = SecurityContextHolder.getContext().getAuthentication();   
                if (null != obj){   
                    Object userDetail = SecurityContextHolder.getContext().getAuthentication().getPrincipal();   
                    String username = "";
                    if (userDetail instanceof LdapUserDetails) {   
                        username = ((LdapUserDetails) userDetail).getDn();   
                    } else {   
                        LdapUserDetails details = (LdapUserDetails)userDetail;
                        username=details.getDn();
                    }   
                    out.print(username);
    it works well. it's the same of the code in AcegiAuthenticationSource. but in AcegiAuthenticationSource i get a null Authentication,why?
    Thanks

  • #2
    Well, it's obvious the Authentication is null at the point when getPrincipal and getCredentials are called. It seems you're performing some LDAP operation that requires authentication before the login has been completed. Could you try to set some default login information using DefaultValuesAuthenticationSourceDecorator?

    Comment


    • #3
      en, when called getPrincipal and getCredentials i can't get the Authentication,and i try this code
      Code:
      Object obj = SecurityContextHolder.getContext().getAuthentication();   
                  if (null != obj){   
                      Object userDetail = SecurityContextHolder.getContext().getAuthentication().getPrincipal();   
                      String username = "";
                      if (userDetail instanceof LdapUserDetails) {   
                          username = ((LdapUserDetails) userDetail).getDn();   
                      } else {   
                          LdapUserDetails details = (LdapUserDetails)userDetail;
                          username=details.getDn();
                      }
      in the servlet ,it works well. But in the struts 2's actions it doesn't work.
      Now i have a try of DefaultValuesAuthenticationSourceDecorator

      Comment


      • #4
        Now is ok. The problem is the sequence of filters, the Struts2 filter is in precedence, so in the action i can't get the Authentication. I changed the sequence of struts2 and acegi now it works well.
        Thanks ulsa.

        Comment

        Working...
        X