Announcement Announcement Module
Collapse
No announcement yet.
null ContextHolder with HTTP Basic authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • null ContextHolder with HTTP Basic authentication

    I'm trying to configure Acegi to apply basic http security to an URL. When I submit the credentials asked for by the browser I get the following exception:

    java.lang.IllegalStateException: ContextHolder invalid: 'null': are your filters ordered correctly? HttpSessionContextIntegrationFilter should have already executed by this time (look for it in the stack dump below)
    net.sf.acegisecurity.context.security.SecureContex tUtils.getSecureContext(SecureContextUtils.java:38 )
    net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(BasicProcessingFilter.java:179)
    net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    net.sf.acegisecurity.util.FilterChainProxy.doFilte r(FilterChainProxy.java:173)
    net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    org.netbeans.modules.web.monitor.server.MonitorFil ter.doFilter(MonitorFilter.java:362)

    I assume I've left something out from my spring config. Here is the spring config that I'm using:

    <!-- An access decision voter that reads ROLE_* configuration settings -->
    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
    <property name="providers">
    <list>
    <ref local="daoAuthenticationProvider"/>
    </list>
    </property>
    </bean>

    <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthe nticationProvider">
    <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
    </bean>

    <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.I nMemoryDaoImpl">
    <property name="userMap">
    <value>
    soapuser=seep,ROLE_SOAPCLIENT
    </value>
    </property>
    </bean>

    <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

    <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased" >
    <property name="allowIfAllAbstainDecisions"><value>false</value></property>
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter"/>
    </list>
    </property>
    </bean>

    <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy" >
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=basicProcessingFilter,securityEnforcementFilter
    </value>
    </property>
    </bean>

    <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilter">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>
    </bean>

    <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.Security EnforcementFilter">
    <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
    <property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>
    </bean>

    <bean id="authenticationEntryPoint"
    class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilterEntryPoint">
    <property name="realmName"><value>soap_test_realm</value></property>
    </bean>

    <bean id="filterInvocationInterceptor"
    class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /service/**=ROLE_SOAPCLIENT
    </value>
    </property>
    </bean>

    Can any one see what is missing or wrong?

  • #2
    I now also see that the exception I complained about actually said that the HttpSessionContextIntegrationFilter is missing (*blush*). So I added a HttpSessionContextIntegrationFilter to the filter chain as suggested by the exception and it's working fine now.

    Comment


    • #3
      Same Exception

      Hi,

      I also got the same exception.
      I read your reply and accordingly, as the exception says provided the HttpSessionContexIntegrationFilter.
      But after adding the filter, my application is not starting at all.
      Can you please provide the code snippet for adding the HttpSessionContextIntegrationFilter so that I might be able to figure out what exactly is going wrong.

      Thanks,
      Ravikumar

      Comment


      • #4
        See the Contacts sample, which shows how to use FilterChainProxy. Basically you just add the bean name of your HttpSessionContextIntegrationFilter to the right of the equals sign inside the FilterChainProxy.filterInvocationDefinitionSource property.

        Comment

        Working...
        X