Announcement Announcement Module
Collapse
No announcement yet.
RoleVoter prefix is not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • RoleVoter prefix is not working

    Hi All,

    I have build a custome login/logout security handler and integrated in spring security 3.0. All is working good except 1 issue. I am trying to put ROLE_ prefix before every role i fetch from DB, but somehow it is not being done. By spring security configuration xml is -

    Code:
    	<global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>
    	
    	<authentication-manager alias="authenticationManager">
    	<authentication-provider>
    	<password-encoder hash="plaintext"/>	
    	<jdbc-user-service data-source-ref="dataSource"
    	users-by-username-query = "select user_id,user_password,status as enabled from user_master where user_email_id = ?" 
    	authorities-by-username-query="SELECT user.user_id, role.role_type 
    									FROM user_master USER, role_master role, user_role ur 
    									WHERE user.user_id = ur.user_id
    									AND role.role_id = ur.role_id
    									AND user.user_id=?"/>		
    	</authentication-provider>
    	</authentication-manager>
    	
        <beans:bean id="authenticationProcessingFilter" class="XXX.XXX.XXX.XXXAuthenticationProcessingFilter">
    		<beans:property name="authenticationManager" ref="authenticationManager" />
    		<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
     		<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
    	</beans:bean>
    	
    	<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    	 	<beans:property name="defaultTargetUrl" value="/index.jsp"/>
    	</beans:bean>
    	<beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    	 	<beans:property name="defaultFailureUrl" value="/login.jsp?login_error=true"/>
    	</beans:bean>
    	
    	<http auto-config="false" access-decision-manager-ref="accessDecisionManager" 
    	entry-point-ref="authenticationProcessingFilterEntryPoint">
    	<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter" />
    	<custom-filter position="LOGOUT_FILTER" ref="customLogoutFilter"/>
    	<access-denied-handler error-page="/login.jsp"/> 
    	<intercept-url pattern="/XXX/**" access="ROLE_USER"/>
    	<intercept-url pattern="/XXX/*" access="ROLE_RESTAURENT"/>
    	<intercept-url pattern="/XXX/*" access="ROLE_ADMIN"/>
    	</http>
         <beans:bean id="customLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    		<beans:constructor-arg value="/login.jsp"></beans:constructor-arg>
    		<beans:constructor-arg>
    			<beans:list>
    				<beans:bean class="XXX.XXX.XXX.XXX.XXXSecurityLogoutHandler" />
    				<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
    			</beans:list>
    		</beans:constructor-arg>
    		<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" />		
    	</beans:bean> 
    	
         <beans:bean id="authenticationProcessingFilterEntryPoint"
    		class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    		<beans:property name="loginFormUrl" value="/login.jsp" />
    		<beans:property name="forceHttps" value="false" />
    	</beans:bean>
    		
         <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
             <beans:property name="jndiName" value="/jdbc/XXX"/>
             <beans:property name="resourceRef" value="true"/>
        </beans:bean>
    	
        <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    		<beans:property name="decisionVoters">
    			<beans:list><beans:ref bean="roleVoter" /> </beans:list>
      		</beans:property>
      	</beans:bean>  	 
    	<beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
     	<beans:property name="rolePrefix">	<beans:value>ROLE_</beans:value> </beans:property>
      </beans:bean>
    </beans:beans>
    Also no security context is being set presently in HTTP session. Here is my log file

    Code:
    19:28:39,157 DEBUG DataSourceUtils:332 - Returning JDBC Connection to DataSource
    19:28:39,157 DEBUG DaoAuthenticationProvider:69 - Authentication failed: password does not match stored value
    19:28:39,157 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7ddcc040: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: 9F480C623F97F5B3EFA37D5B70331ACF; Not granted any authorities]
    19:28:39,172 DEBUG XXXAuthenticationProcessingFilter:318 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
    19:28:39,172 DEBUG XXXAuthenticationProcessingFilter:319 - Updated SecurityContextHolder to contain null Authentication
    19:28:39,172 DEBUG XXXAuthenticationProcessingFilter:320 - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@1c8b884
    19:28:39,172 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /login.jsp?login_error=true
    19:28:39,172 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/XXX/login.jsp?login_error=true'
    19:28:39,172 DEBUG HttpSessionSecurityContextRepository:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    19:28:39,172 DEBUG SecurityContextPersistenceFilter:89 - SecurityContextHolder now cleared, as request processing completed
    19:28:39,188 DEBUG FilterChainProxy:194 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
    19:28:39,188 DEBUG FilterChainProxy:201 - Candidate is: '/login.jsp'; pattern is /**; matched=true
    19:28:39,188 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
    19:28:39,188 DEBUG HttpSessionSecurityContextRepository:142 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
    19:28:39,188 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1c958af. A new one will be created.
    19:28:39,188 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter'
    19:28:39,188 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 3 of 9 in additional filter chain; firing Filter: 'XXXAuthenticationProcessingFilter'
    19:28:39,188 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
    19:28:39,188 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
    19:28:39,203 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
    19:28:39,203 DEBUG AnonymousAuthenticationFilter:67 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90572420: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: 9F480C623F97F5B3EFA37D5B70331ACF; Granted Authorities: ROLE_ANONYMOUS'
    19:28:39,203 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
    19:28:39,203 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
    19:28:39,203 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
    19:28:39,203 DEBUG DefaultFilterInvocationSecurityMetadataSource:173 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
    19:28:39,203 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /order/**; matched=false
    19:28:39,203 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /restaurent/*; matched=false
    19:28:39,219 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /admin/*; matched=false
    19:28:39,219 DEBUG FilterSecurityInterceptor:183 - Public object - authentication not attempted
    19:28:39,219 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.access.event.PublicInvocationEvent[source=FilterInvocation: URL: /login.jsp?login_error=true]
    19:28:39,219 DEBUG FilterChainProxy:363 - /login.jsp?login_error=true reached end of additional filter chain; proceeding with original chain
    19:28:39,219 DEBUG ExceptionTranslationFilter:100 - Chain processed normally
    19:28:39,219 DEBUG HttpSessionSecurityContextRepository:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    19:28:39,219 DEBUG SecurityContextPersistenceFilter:89 - SecurityContextHolder now cleared, as request processing completed
    Last edited by sachin_yadav; Dec 13th, 2011, 09:03 AM. Reason: changed to correct logs

  • #2
    The rolePrefix property just tells the RoleVoter that the authorities will come with that prefix.
    Try to change your query to add ROLE_ to the returned authority:

    Code:
    SELECT user.user_id, 'ROLE_' || role.role_type as role_type
       FROM user_master USER, role_master role, user_role ur 
     WHERE user.user_id = ur.user_id
          AND role.role_id = ur.role_id
          AND user.user_id=?
    please notice that the concatenation syntax may vary on different DBMS.

    Comment


    • #3
      The log shows a failed authentication

      Authentication failed: password does not match stored value
      followed by the re-rendering of the login page.

      Comment


      • #4
        ya just noticed my bad. This is working fine now, thanks for all your support.

        Comment

        Working...
        X