Announcement Announcement Module
Collapse
No announcement yet.
An Authentication object was not found in the SecurityContext Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Authentication object was not found in the SecurityContext

    This is my file configuration

    Code:
    <?xml version="1.0" encoding="ISO-8859-1"?>
    
    <beans:beans 
    	xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:util="http://www.springframework.org/schema/util"
        xmlns:p="http://www.springframework.org/schema/p"  
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation=
        	"http://www.springframework.org/schema/beans 
        	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
    		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    	<debug/>
        <!-- <global-method-security pre-post-annotations="enabled" /> -->
    
        <beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
    		<beans:property name="errorPage" value="/login.xhtml"/>
    	</beans:bean>
    	
    	<beans:bean id="roleHierarchy"	class="com.indra.contratos.application.security.RolApplicationService"/>
    	
    	<beans:bean id="rolApplicationService" class="com.indra.contratos.application.security.RolApplicationService" />
    	
    	<beans:bean id="roleHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
    		<beans:constructor-arg ref="roleHierarchy" />
    		<beans:property name="rolePrefix" value="" />
        </beans:bean>
    
    	<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
           <beans:constructor-arg>
               <beans:list>
                    <beans:ref bean="roleHierarchyVoter"/>
               </beans:list>
           </beans:constructor-arg>
        </beans:bean>
        
    	<!-- <beans:bean id="customLogoutSuccessHandler" class="com.indra.contratos.application.security.CustomLogoutSuccessHandler"/> -->
    
    	<beans:bean id="securityMetadataSource" class="com.indra.contratos.application.security.InterceptorApplicationService"/>
    	
    	<beans:bean id="filterSecurityInterceptor"
    	     class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
    	  <beans:property name="authenticationManager" ref="authenticationManager"/>
    	  <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
    	  <beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
    	</beans:bean>
    	
        <http auto-config="false" 
        	authentication-manager-ref="authenticationManager"
        	access-decision-manager-ref="accessDecisionManager"
        	entry-point-ref="authenticationEntryPoint"
        	use-expressions="true"
        	>
            
            <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
            <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
            <!-- <custom-filter ref="customFilterChain" before="LAST"/> -->
            <!-- <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" /> -->
            <!-- <custom-filter position="FILTER_SECURITY_INTERCEPTOR" ref="filterSecurityInterceptor" /> -->
            <!-- <intercept-url pattern="/resources/**" filters="none"/>
            <intercept-url pattern="/javax.faces.resource/**" filters="none"/> -->
    		<!-- <intercept-url pattern="/login.xhtml" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/>
    		<intercept-url pattern="/l/**" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/> -->
    		<!-- <intercept-url pattern="/a1/**" access="hasPermission('SYS_ADMIN')"/> --> 
    		<access-denied-handler ref="accessDeniedHandler"/>
    		
            <!-- <form-login login-page="/pages/login.xhtml" authentication-failure-url="/pages/failed.xhtml" /> --> 
            
            <!-- <logout delete-cookies="true"  invalidate-session="true" 
                success-handler-ref="customLogoutSuccessHandler"/> -->
            
            <session-management session-authentication-strategy-ref="sas" >
                <!-- <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/> -->
            </session-management> 
    
        </http>
        
        <beans:bean id="basicAuthenticationFilter"
    	  class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
    	  <beans:property name="authenticationManager" ref="authenticationManager"/>
    	  <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    	</beans:bean>
        
        <beans:bean id="authenticationEntryPoint"  
            class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
            p:loginFormUrl="/login.xhtml" />
    
        <beans:bean id="myAuthFilter" 
            class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
      		<beans:property name="sessionAuthenticationStrategy" ref="sas" />
      		<beans:property name="authenticationManager" ref="authenticationManager" />
      		<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/> 
    	</beans:bean>
        
        <beans:bean id="concurrencyFilter"
    		class="org.springframework.security.web.session.ConcurrentSessionFilter">
    		<beans:property name="sessionRegistry" ref="sessionRegistry" />
    		<beans:property name="expiredUrl" value="/login.xhtml" />
    	</beans:bean>
    	
    	<beans:bean id="securityContextPersistenceFilter"
    	    class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
    	  <beans:property name='securityContextRepository'>
    	    <beans:bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
    	      <beans:property name='allowSessionCreation' value='false' />
    	    </beans:bean>
    	  </beans:property>
    	</beans:bean>
        
        <beans:bean id="sas" 
            class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    	  	<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
    	  	<beans:property name="maximumSessions" value="1" />
    	</beans:bean>
    	
    	<beans:bean id="sessionRegistry"
    	    class="org.springframework.security.core.session.SessionRegistryImpl" /> 
    
    	<beans:bean id="passwordEncoder" 
    	    class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
    	
    	<beans:bean id="authService" 
    	    class="com.indra.contratos.application.security.UserApplicationService" />
    	    
    	
        <authentication-manager alias="authenticationManager" >
            <authentication-provider user-service-ref="authService"> 
                <password-encoder ref="passwordEncoder" />
    			<!-- <jdbc-user-service data-source-ref="dataSource" />  -->
            </authentication-provider>
        </authentication-manager>
        
    	<beans:bean id="customFilterChain" class="org.springframework.security.web.FilterChainProxy">
    	  <beans:constructor-arg>
    	    <beans:list>
    	      <filter-chain pattern="/pages/accessDenied.xhtml" filters="none"/>
    	      <filter-chain pattern="/login.xhtml" filters="none"/>
    		  <filter-chain pattern="/l/" filters="none"/>
    		  <filter-chain pattern="/resources/**" filters="none"/>
    		  <filter-chain pattern="/javax.faces.resource/**" filters="none"/>
    	      <filter-chain pattern="/**" filters="
    	           filterSecurityInterceptor,
    	           securityContextPersistenceFilter,
    	           basicAuthenticationFilter,
    	           concurrencyFilter,
    	           myAuthFilter" />
    	    </beans:list>
    	  </beans:constructor-arg>
    	</beans:bean>
    	
    </beans:beans>

  • #2
    For those searching the forums, this looks like a double post see http://forum.springsource.org/showth...s-not-found-in

    Comment

    Working...
    X