Announcement Announcement Module
Collapse
No announcement yet.
Rememberme with password encoder Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rememberme with password encoder

    I'm having trouble using Acegi rememberme. Upon login, it sets the rememberme cookie but it's not doing anything. It's not remembering! I suspect the problem has something to do with the password encoder I'm using with my daoAuthenticationProvider. I see no such thing to use with TokenBasedRememberMeServices.

    Thanks in advance for any help you can give me.

    Keith

    Here's the my acegi config:

    <bean id="authenticationManager"
    class="org.acegisecurity.providers.ProviderManager ">
    <property name="providers">
    <list>
    <ref bean="daoAuthenticationProvider" />
    <ref bean="anonymousAuthenticationProvider" />
    <ref bean="rememberMeAuthenticationProvider" />
    </list>
    </property>
    </bean>

    <bean id="daoAuthenticationProvider"
    class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
    <property name="userDetailsService">
    <ref bean="authenticationDao" />
    </property>
    <property name="passwordEncoder">
    <ref local="passwordEncoder" />
    </property>
    </bean>

    <bean id="authenticationDao"
    class="org.acegisecurity.userdetails.jdbc.JdbcDaoI mpl">
    <property name="dataSource" ref="dataSource" />
    <property name="authoritiesByUsernameQuery">
    <value>
    SELECT users.username, roles.name
    FROM users,roles,user_roles
    WHERE users.id = user_roles.user_id
    AND user_roles.role_id=roles.id
    AND users.username = ?
    </value>
    </property>
    </bean>

    <bean id="passwordEncoder"
    class="com.newtilt.util.EncryptedPasswordEncoder" />

    <bean id="exceptionTranslationFilter"
    class="org.acegisecurity.ui.ExceptionTranslationFi lter">
    <property name="authenticationEntryPoint">
    <ref bean="authenticationEntryPoint" />
    </property>
    </bean>

    <!-- = = = = = = = = SECURITY INTERCEPTOR = = = = = = = = -->
    <bean id="baseFilterInvocationInterceptor"
    class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor"
    lazy-init="true" abstract="true">
    <property name="authenticationManager">
    <ref bean="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
    <ref bean="accessDecisionManager" />
    </property>
    </bean>

    <bean id="filterInvocationInterceptor"
    parent="baseFilterInvocationInterceptor">
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    ^.*\.html$=ROLE_USER
    ^.*\.html\?.*=ROLE_USER
    ^.*/public/.*?=ROLE_ANONYMOUS
    </value>
    </property>
    </bean>

    <bean id="accessDecisionManager"
    class="org.acegisecurity.vote.UnanimousBased">
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter" />
    </list>
    </property>
    </bean>

    <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />

    <bean id="authenticationEntryPoint"
    class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
    <property name="loginFormUrl">
    <value>/login.jsp</value>
    </property>
    <property name="forceHttps">
    <value>false</value>
    </property>
    </bean>

    <bean id="authenticationProcessingFilter"
    class="com.risi.portal.service.SessionAwareAuthent icationProcessingFilter">
    <property name="filterProcessesUrl">
    <value>/j_acegi_security_check</value>
    </property>
    <property name="authenticationFailureUrl">
    <value>/login.jsp?login_error=1</value>
    </property>
    <property name="defaultTargetUrl">
    <value>/index.html</value>
    </property>
    <property name="authenticationManager">
    <ref bean="authenticationManager" />
    </property>
    <property name="rememberMeServices">
    <ref bean="rememberMeServices" />
    </property>
    </bean>

    <bean id="httpSessionIntegrationFilter"
    class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter">
    <property name="context"
    value="org.acegisecurity.context.SecurityContextIm pl" />
    </bean>

    <bean id="filterChainProxy"
    class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    /j_acegi_security_check.*=httpSessionIntegrationFil ter,authenticationProcessingFilter,rememberMeProce ssingFilter
    /.*=authenticationProcessingFilter,rememberMeProces singFilter,httpSessionIntegrationFilter,anonymousP rocessingFilter,exceptionTranslationFilter,filterI nvocationInterceptor
    </value>
    </property>
    </bean>

    <bean id="anonymousProcessingFilter"
    class="org.acegisecurity.providers.anonymous.Anony mousProcessingFilter">
    <property name="key"><value>anonymous</value></property>
    <property name="userAttribute"><value>anonymous,ROLE_ANONYMO US</value></property>
    </bean>

    <bean id="anonymousAuthenticationProvider"
    class="org.acegisecurity.providers.anonymous.Anony mousAuthenticationProvider">
    <property name="key"><value>anonymous</value></property>
    </bean>

    <!-- = = = = = = = = = = REMEMBER ME = = = = = = = = = = = = = = -->

    <bean id="rememberMeProcessingFilter"
    class="org.acegisecurity.ui.rememberme.RememberMeP rocessingFilter">
    <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
    <property name="authenticationManager"><ref local="authenticationManager"/></property>
    </bean>

    <bean id="rememberMeServices"
    class="org.acegisecurity.ui.rememberme.TokenBasedR ememberMeServices">
    <property name="userDetailsService"><ref local="authenticationDao"/></property>
    <property name="tokenValiditySeconds"><value>864000</value></property>
    <property name="key"><value>springRocks</value></property>
    <property name="parameter"><value>_acegi_security_remember_m e</value></property>
    </bean>

    <bean id="rememberMeAuthenticationProvider"
    class="org.acegisecurity.providers.rememberme.Reme mberMeAuthenticationProvider">
    <property name="key"><value>springRocks</value></property>
    </bean>

    And here's my login form:

    <form method="POST" action="j_acegi_security_check"><input type="text"
    name="j_username" /><br />
    <input type="password" name="j_password" /><br />
    <input type="checkbox" name="_acegi_security_remember_me"> Remember me<br/>
    <input type="submit" value="Log In"/></form>
    Last edited by pidepiper; Jun 2nd, 2006, 09:18 AM.

  • #2
    Problem was with filterChainProxy

    I found the problem I was having - I removed the authenticationprocessing filter and reordered the calls in my "filterChainProxy".

    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    /j_acegi_security_check.*=httpSessionIntegrationFil ter,authenticationProcessingFilter,rememberMeProce ssingFilter
    /.*=httpSessionIntegrationFilter,rememberMeProcessi ngFilter,anonymousProcessingFilter,exceptionTransl ationFilter,filterInvocationInterceptor
    </value>


    Keith
    Last edited by pidepiper; Jun 2nd, 2006, 10:47 AM.

    Comment

    Working...
    X