Announcement Announcement Module
Collapse
No announcement yet.
Login goes fine until....AuthenticationCredentialsNotFoundEx Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login goes fine until....AuthenticationCredentialsNotFoundEx

    I can't login.
    what i do is login (from samples) than do my stuff. than I logoff (from sample) when i directly want to go to de page that i have secured, and try to login afterwards i get AuthenticationCredentialsNotFoundException and i can't login no more!!

    Code:
    2004-10-21 17:30:54,321 DEBUG acegisecurity.ui.AbstractIntegrationFilter:164  -> Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)
    2004-10-21 17:30:54,321 DEBUG acegisecurity.ui.AbstractProcessingFilter:290  -> Request is to process authentication
    2004-10-21 17:30:54,321 DEBUG acegisecurity.providers.ProviderManager:125  -> Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider
    2004-10-21 17:30:54,361 DEBUG dao.cache.EhCacheBasedUserCache:86  -> Cache hit: true; username: quentin
    2004-10-21 17:30:54,361 DEBUG acegisecurity.ui.AbstractProcessingFilter:343  -> Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@eabd2f: Username: quentin; Password: [PROTECTED]; Authenticated: false; Details: 127.0.0.1; Granted Authorities: ROLE_TELLER, ROLE_SUPERVISOR
    2004-10-21 17:30:54,361 DEBUG acegisecurity.ui.AbstractProcessingFilter:358  -> Redirecting to target URL from HTTP Session (or default): http://localhost:8084/acegi/itemSummery.do
    2004-10-21 17:30:54,381 DEBUG acegisecurity.ui.AbstractIntegrationFilter:176  -> Updating container with new Authentication object, and then removing Authentication from ContextHolder
    2004-10-21 17:30:54,501 DEBUG acegisecurity.ui.AbstractIntegrationFilter:164  -> Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)
    2004-10-21 17:30:54,501 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:112  -> Converted URL to lowercase, from: 'uri: /acegi/itemSummery.do
    method: GET
    QueryString: null
    Parameters:
    Headers:
            Name: accept    Value: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
            Name: referer   Value: http://localhost:8084/acegi/acegilogin.jsp
            Name: accept-language   Value: en-us
            Name: accept-encoding   Value: gzip, deflate
            Name: user-agent        Value: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Crazy Browser 1.0.5)
            Name: host      Value: localhost:8084
            Name: connection        Value: Keep-Alive
            Name: cache-control     Value: no-cache
            Name: cookie    Value: JSESSIONID=67A521C246B9D10401E7F2488C24B52F
    '; to: '/itemsummery.do'
    2004-10-21 17:30:54,601 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:123  -> Candidate is: '/itemsummery.do'; pattern is /secure/**; matched=false
    2004-10-21 17:30:54,601 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:123  -> Candidate is: '/itemsummery.do'; pattern is /test/**; matched=false
    2004-10-21 17:30:54,601 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:123  -> Candidate is: '/itemsummery.do'; pattern is /*.do; matched=true
    2004-10-21 17:30:54,601 DEBUG acegisecurity.intercept.AbstractSecurityInterceptor:273  -> Secure object: FilterInvocation: URL: /itemSummery.do; ConfigAttributes: [ROLE_SUPERVISOR]
    2004-10-21 17:30:54,611 DEBUG intercept.web.SecurityEnforcementFilter:191  -> Authentication failed - adding target URL to Session: http://localhost:8084/acegi/itemSummery.do
    net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: Authentication credentials were not found in the SecureContext
            at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.interceptor(AbstractSecurityInterceptor.java:289)
            at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:78)
            at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter(SecurityEnforcementFilter.java:165)
            at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:105)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
            at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:368)
            at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:105)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
            at net.sf.acegisecurity.ui.AbstractIntegrationFilter.doFilter(AbstractIntegrationFilter.java:170)
            at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:105)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
            at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:305)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:257)
            at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
            at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
            at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:184)
            at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
            at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
            at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972)
            at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:732)
            at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:619)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:688)
            at java.lang.Thread.run(Thread.java:534)
    2004-10-21 17:30:54,621 DEBUG ui.webapp.AuthenticationProcessingFilterEntryPoint:176  -> Redirecting to: http://localhost:8084/acegi/acegilogin.jsp
    2004-10-21 17:30:54,621 DEBUG acegisecurity.ui.AbstractIntegrationFilter:176  -> Updating container with new Authentication object, and then removing Authentication from ContextHolder
    2004-10-21 17:30:54,771 DEBUG acegisecurity.ui.AbstractIntegrationFilter:164  -> Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)
    2004-10-21 17:30:54,771 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:112  -> Converted URL to lowercase, from: 'uri: /acegi/acegilogin.jsp
    method: GET
    QueryString: null
    Parameters:
    Headers:
            Name: accept    Value: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
            Name: referer   Value: http://localhost:8084/acegi/acegilogin.jsp
            Name: accept-language   Value: en-us
            Name: accept-encoding   Value: gzip, deflate
            Name: user-agent        Value: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Crazy Browser 1.0.5)
            Name: host      Value: localhost:8084
            Name: connection        Value: Keep-Alive
            Name: cache-control     Value: no-cache
            Name: cookie    Value: JSESSIONID=67A521C246B9D10401E7F2488C24B52F
    '; to: '/acegilogin.jsp'
    2004-10-21 17:30:54,771 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:123  -> Candidate is: '/acegilogin.jsp'; pattern is /secure/**; matched=false
    2004-10-21 17:30:54,781 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:123  -> Candidate is: '/acegilogin.jsp'; pattern is /test/**; matched=false
    2004-10-21 17:30:54,781 DEBUG intercept.web.PathBasedFilterInvocationDefinitionMap:123  -> Candidate is: '/acegilogin.jsp'; pattern is /*.do; matched=false
    2004-10-21 17:30:54,781 DEBUG acegisecurity.intercept.AbstractSecurityInterceptor:346  -> Public object - authentication not attempted
    2004-10-21 17:30:54,811 DEBUG intercept.web.SecurityEnforcementFilter:168  -> Chain processed normally
    2004-10-21 17:30:54,811 DEBUG acegisecurity.ui.AbstractIntegrationFilter:176  -> Updating container with new Authentication object, and then removing Authentication from ContextHolder

  • #2
    It's a filter ordering issue. See my post at http://forum.springframework.org/showthread.php?t=10989.

    Basically your AbstractIntegrationFilter is running, then you're logging on via the AbstractProcessingFilter. AbstractProcessingFilter updates the HttpSession with the correct Authentication request object and sends the redirect. Then AbstractIntegrationFilter finishes running by copying from the ContextHolder a null object, overwriting the HttpSession (which needs to be there for your redirected request to http://localhost:8084/acegi/itemSummery.do).
    Last edited by robyn; May 14th, 2006, 11:46 AM.

    Comment


    • #3
      Partial solved the problem! After the logoff (session.invalidate()) I can't login again! It wil produce a net.sf.acegisecurity.AuthenticationCredentialsNotF oundException: Authentication credentials were not found in the SecureContext
      again. Still don't know what it is?

      Order is now:

      AuthenticationProcessingFilter
      AutoIntegrationFilter
      SecurityEnforcementFilter


      Another question: do i need th BasicProcessingFilter?

      Comment


      • #4
        :evil: I can't get it right :evil:

        I took the xml (web, applicationContext) from Sample

        Just modified it and it works just GREAT.

        If just got another question? Don't wont to bother you to must, but I've got a Domain Model Bussiness Objects (Beans) which are used in three layers. Now I got my services(get, update, delete, etc) secured see above. I want to secure my Domain Objects, so I can "simulate" tabel\row level security. Do I have to do this in the same way as Method security or is there another way.

        My Layers
        (Struts - Spring - Hibernate)

        Comment


        • #5
          The net.sf.acegisecurity.acl.basic package provides a simple integer-mask based approach to ACL-level permissions. It is discussed in the reference guide.

          If you always pass your domain objects to a services layer, you can write a custom AccessDecisionVoter which ensures sufficient permissions are assigned for a domain object.

          If you aren't using a services layer, you need to get more creative. I recently added to CVS AspectJ support which would enable you to define pointcuts for your domain objects, thus automatically applying a method security interceptor in front of domain object method invocations. Or, you can use the autowiring support in Spring sandbox to autowire the AclManager into the domain object instance and then code within the domain object instance a check for necessary permissions for each method invocation.

          Personally I found the AspectJ IDE support not mature enough to support working on a real application, and coding security checks into your domain objects is bad form.

          On our current project we've setup our domain objects as follows:

          - Provide public setters and getters (which perform no validation)
          - Provide a Validator for the domain object
          - Autowire the Validator when retriving the domain object from Hibernate (if creating a new instance, just autowire it from AutowireCapableBeanFactory)
          - Have a bindSupport() method which configures domain object-wide properties (eg a Person object with a firstName and lastName, upon bindSupport() it updates the displayName)
          - Have a validate() method which calls the Validator, throwing BindException if any problems
          - Have a bindAndValidate() method which calls bindSupport() then validate()
          - A BindAndValidateInterceptor and BindAndValidateAdvisor wires against all DAO implementations to call the domain object's bindAndValidate()
          - All "business methods" are package protected, so they can only be called by a services layer object in the same package
          - All "business methods" needing a valid object state call bindAndValidate() before they run their business-specific logic
          - Services layers method interception enforces ACL security
          - Spring MVC controllers use the normal Validator approach and call bindSupport() in the onBind() method
          - Failures during the BindAndValidateInterceptor are considered programming faults, as the UI layer should have called the Validator as part of its workflow
          - By implementing BindAndValidateInterceptor as an AOP Alliance interceptor rather than a Hibernate Interceptor, the bindSupport() method can successfully change the domain object properties and the Validator can perform queries again the Hibernate Session

          The result of all this is domain objects can be reused for Hibernate, MVC, and search forms. Business behaviour is also located in the business objects. ACL security is also enforced.

          Comment


          • #6
            What about context?

            Ben, you have provided some great writeups about validation in this forum. One question I still have about validation is context:

            I can see how a validator can be used as you described to validate all of the required fields in a domain object, but what if you wanted your validator to enforce some constraints. For example, my UserValidator may want to check to make sure the username property is not blank. In addition, before I persist a new user object to the database, I may also want to check to see if that username already exists (and raise an error if it does).

            Since there is only one validator for user, how can it be used in the insert case, as well as update?

            Hope that makes sense

            Comment

            Working...
            X