Announcement Announcement Module
Collapse
No announcement yet.
Remember Me doesn't work on server reset Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remember Me doesn't work on server reset

    Hi

    Could someone tell me what is it that i did wrong in my acegi login?
    If I authenticate a user under the remember me feature, if i reset my server(Tomcat - i don't know if makes any difference), the remember me doesn't work(any page i am trying to acces results in an 403 Access Denied).

    I am using Eclipse.
    If i delete my server, then, when i run my project again, the "remember me" works

    Does anyone have any ideea what is my problem?

    Andrei

  • #2
    Your browser probably has a setting to ask the user to accept a cookie. If so, switch that on and see if Acegi Security is presenting the cookie to the browser.

    Comment


    • #3
      re...

      Good morning

      That' not it, becouse appfuse's demo application doesn't behave like this. It works just fine. So it means that i must be doing something wrong

      Andrei

      Comment


      • #4
        Would suggest you switch on browser cookie acceptance confirmation, login and tick the remember-me option, ensure the remember-me cookie is presented, close the browser, reopen the browser, visit a secure page, and note the DEBUG log messages that happen at that point (when you visit the secure page - you should see remember-me taking place). Next shutdown Tomcat and your browser, reload them both, visit a secure page, and again look at DEBUG log messages. Compare the two. See what the difference is. You can post them both here (just the parts asked for, not the whole thing) and we can give you some more help.

        Comment


        • #5
          logs...

          Hi

          My problem was not only at the remember me, but also on a normal not-remember-me user login. As i turned on my acegi log messages, as you
          told me, i noticed an exception when i try to login:

          LOG:

          Code:
          DEBUG - Secure object: FilterInvocation: URL: /index2.jspm; ConfigAttributes: [admin, user, tech]
          DEBUG - Authentication exception occurred; redirecting to authentication entry point
          org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
          	at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:414)
          	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:308)
          	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
          	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:165)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
          	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          	at ro.crispico.gioppi.web.filter.MessageFilter.doFilter(MessageFilter.java:40)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
          	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
          	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
          	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
          	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
          	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
          	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
          	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
          	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
          	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
          	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
          	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
          	at java.lang.Thread.run(Thread.java:595)
          DEBUG - Authentication entry point being called; target URL added to Session: http://localhost:8080/gioppi/index2.jspm
          DEBUG - Redirecting to: http://localhost:8080/gioppi/login.jspx
          DEBUG - SecurityContextHolder set to new context, as request processing completed
          but still, it redirects me to the login page.

          If i restart my server, and i try to manually enter an address in browser, instead to redirect me to the login, it gives me an 403 access denied error page:

          LOG:
          Code:
          DEBUG - Candidate is: '/containerList.jspm'; pattern is /containerList.jspm*; matched=true
          DEBUG - Secure object: FilterInvocation: URL: /containerList.jspm; ConfigAttributes: [user, tech, admin]
          DEBUG - Previously Authenticated: [email protected]: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: BF86E5A009D6D359962F4D580B0030DB; Granted Authorities: null, null
          DEBUG - Access is denied (user is not anonymous); sending back forbidden response
          org.acegisecurity.AccessDeniedException: Access is denied
          	at org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
          	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:347)
          	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
          	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:174)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
          	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
          	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
          	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          	at ro.crispico.gioppi.web.filter.MessageFilter.doFilter(MessageFilter.java:40)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
          	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
          	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
          	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
          	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
          	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
          	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
          	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
          	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
          	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
          	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
          	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
          	at java.lang.Thread.run(Thread.java:595)
          DEBUG - SecurityContextHolder set to new context, as request processing completed

          Comment


          • #6
            My acegi-security configuration file is:

            Code:
            <?xml version="1.0" encoding="UTF-8"?>
            <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
                "http://www.springframework.org/dtd/spring-beans.dtd">
            
            <beans>
            
                <!-- ======================== FILTER CHAIN ======================= -->
                <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
                    <property name="filterInvocationDefinitionSource">
                        <value>
                            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                            PATTERN_TYPE_APACHE_ANT
                            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,remoteUserFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                        </value>
                        <!-- Put channelProcessingFilter before remoteUserFilter to turn on SSL switching -->
                        <!-- It's off by default b/c Canoo WebTest doesn't support SSL out-of-the-box -->
                    </property>
                </bean>
            
                <!-- ======================== AUTHENTICATION ======================= -->
            
                <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
                     The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
                     Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
                <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                    <property name="authenticationManager" ref="authenticationManager"/>
                    <property name="accessDecisionManager" ref="accessDecisionManager"/>
                     <property name="objectDefinitionSource">
                        <value>
                            PATTERN_TYPE_APACHE_ANT
                            /userList.jspm*=admin
                            /driverList.jspm*=user,tech,admin
                            /editDriver.jspm*=admin
                            /updateDrivers.jspm*=admin
                            /vehicleList.jspm*=user,tech,admin
                            /editVehicle.jspm*=admin
                            /addressList.jspm*=user,tech,admin
                            /editAddress.jspm*=admin
                            /flightList.jspm*=user,tech,admin
                            /editFlight.jspm*=tech
                            /containerList.jspm*=user,tech,admin
                            /editContainer.jspm*=tech
                            /editFlightContainers.jspm*=tech
                            /editParking.jspm*=admin
                            /editProfile.jspm*=user,tech,admin
                            /editUser.jspm*=user,tech,admin
                            /**/*.jspm*=admin,user,tech
                            /**/*.jsp*=admin,user,tech                
                        </value>
                    </property>
                </bean>
            
                <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
                    <property name="providers">
                        <list>
                            <ref local="daoAuthenticationProvider"/>
                             <ref local="rememberMeAuthenticationProvider"/>
                        </list>
                    </property>
                </bean>
               
                <!-- Log failed authentication attempts to commons-logging -->
                <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
                
                <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
                     <property name="userDetailsService" ref="userDao"/>
                     <property name="userCache" ref="userCache"/>
                     <property name="passwordEncoder" ref="passwordEncoder"/>
                </bean>
            
                <!-- This bean definition must be available to ApplicationContext.getBean() so StartupListener
                     can look for it and detect if password encryption is turned on or not -->
                <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/>
            
                <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
                    <property name="rolePrefix" value=""/>
                </bean>
            
                <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
                    <property name="allowIfAllAbstainDecisions" value="false"/>
                    <property name="decisionVoters">
                        <list>
                            <ref local="roleVoter"/>
                        </list>
                    </property>
                </bean>
                
                <!-- ===================== HTTP REQUEST SECURITY ==================== -->
                <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
                
                <bean id="authenticationProcessingFilter" class="ro.crispico.util.acegi.CustomAuthenticationProcessingFilter">
                    <property name="authenticationManager" ref="authenticationManager"/>
                    <property name="authenticationFailureUrl" value="/login.jspx?error=true"/>
                    <property name="defaultTargetUrl" value="/"/>
                    <property name="filterProcessesUrl" value="/j_security_check"/>
                    <property name="rememberMeServices" ref="rememberMeServices"/>
                </bean>
                
                <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
                    <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/>
                </bean>
                
                <bean id="remoteUserFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
            
                <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                    <property name="loginFormUrl" value="/login.jspx"/>
                    <property name="forceHttps" value="false"/>
                </bean>
                
                <bean id="userManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
                    <property name="authenticationManager" ref="authenticationManager"/>
                    <property name="accessDecisionManager" ref="accessDecisionManager"/>
                    <property name="objectDefinitionSource">
                         <value>
                             ro.crispico.gioppi.service.UserService.getUsers=admin
                             ro.crispico.gioppi.service.UserService.removeUser=admin
                         </value>
                    </property>
                </bean>
                
                <!-- ===================== REMEMBER ME ==================== -->
                <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
                    <property name="authenticationManager" ref="authenticationManager"/>
                    <property name="rememberMeServices" ref="rememberMeServices"/>
                </bean>
             
                <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> 
                    <property name="userDetailsService" ref="userDao"/>
                    <property name="key" value="appfuseRocks"/> 
                    <property name="parameter" value="rememberMe"/>
                </bean> 
              
                <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> 
                    <property name="key" value="appfuseRocks"/>
                </bean>
                
                <!-- ===================== SSL SWITCHING ==================== -->
                <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
                    <property name="channelDecisionManager" ref="channelDecisionManager"/>
                    <property name="filterInvocationDefinitionSource">
                        <value>
                            PATTERN_TYPE_APACHE_ANT
                            /login*=REQUIRES_SECURE_CHANNEL
                            /j_security_check*=REQUIRES_SECURE_CHANNEL
                            /**=REQUIRES_INSECURE_CHANNEL
                        </value>
                    </property>
                </bean>
            
                <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
                    <property name="channelProcessors">
                        <list>
                            <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
                            <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
                        </list>
                    </property>
                </bean>
            </beans>

            Comment


            • #7
              I noticed that the first exception(the one thrown before redirecting me to login) is normal to be thrown.
              I still haven't figured it out why my user-roles dissapear on server reset.
              If anyone can help me, i would appreciate !

              Comment

              Working...
              X