Announcement Announcement Module
Collapse
No announcement yet.
Why granted authorities = null, null after server restart Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why granted authorities = null, null after server restart

    Hello,

    I am having a problem using the ACEGI security system. When I start the server and access a protected resource, I am correctly redirected to the login page, and then to the required resource (provided I enter the correct username/password). (the first bloc of log).

    If I restart the server, and try to acces a secured resource, I get a 403 error.
    After looking through the code, I understand that somehow acegi finds the user logged in (so it does not redirect to the login page), but its authorities are set to null, null, so it can't serve the requested resource. I imagine that the user is retreive somehow from the server's persistent storage, but with no authority. (the second bloc of log).

    Could you please help me with this issue?

    Thank you in advance,
    Cristian.

    Code:
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/index2.jspm'; to: '/index2.jspm'
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**; matched=true
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 1 of 6 in additional filter chain; firing Filter: '[email protected]71f5'
    [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(195) | HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 2 of 6 in additional filter chain; firing Filter: '[email protected]2c'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@1ed00d1'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 4 of 6 in additional filter chain; firing Filter: '[email protected]'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@1c0cb76'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@6dd8e1'
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /userList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /driverList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editDriver.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /updateDrivers.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /vehicleList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editVehicle.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /addressList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editAddress.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /flightList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlight.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /containerList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editContainer.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlightContainers.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editParking.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editProfile.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editUser.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /unitSelect.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**/*.jspm*; matched=true
    [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(301) | Secure object: FilterInvocation: URL: /index2.jspm; ConfigAttributes: [admin, user, tech]
    [gioppi] DEBUG ExceptionTranslationFilter.doFilter(150) | Authentication exception occurred; redirecting to authentication entry point
    org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
    	at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:414)
    	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:308)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:165)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at ro.crispico.gioppi.web.filter.MessageFilter.doFilter(MessageFilter.java:40)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
    	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    	at java.lang.Thread.run(Thread.java:595)
    [gioppi] DEBUG ExceptionTranslationFilter.sendStartAuthentication(255) | Authentication entry point being called; target URL added to Session: http://localhost:8080/gioppi/index2.jspm
    [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_TARGET_URL
    [gioppi] DEBUG AuthenticationProcessingFilterEntryPoint.commence(131) | Redirecting to: http://localhost:8080/gioppi/login.jspx
    [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed
    [gioppi] INFO ExpressionEvaluationUtils.<clinit>(66) | Using JSP 2.0 ExpressionEvaluator

  • #2
    Code:
    DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/missionlist.jspm'; to: '/missionlist.jspm'
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionlist.jspm'; pattern is /**; matched=true
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 1 of 6 in additional filter chain; firing Filter: '[email protected]0af'
    [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: [email protected]: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 2 of 6 in additional filter chain; firing Filter: '[email protected]06'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@8e85b5'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 4 of 6 in additional filter chain; firing Filter: '[email protected]b'
    [gioppi] DEBUG RememberMeProcessingFilter.doFilter(168) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@0: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@134c0a6'
    [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@53f0a8'
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /userList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /driverList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editDriver.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /updateDrivers.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /vehicleList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editVehicle.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /addressList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editAddress.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /flightList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editFlight.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /containerList.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editContainer.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editFlightContainers.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editParking.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editProfile.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editUser.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /unitSelect.jspm*; matched=false
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /**/*.jspm*; matched=true
    [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(301) | Secure object: FilterInvocation: URL: /missionList.jspm; ConfigAttributes: [admin, user, tech]
    [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(340) | Previously Authenticated: [email protected]: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null
    [gioppi] DEBUG ExceptionTranslationFilter.doFilter(168) | Access is denied (user is not anonymous); sending back forbidden response
    org.acegisecurity.AccessDeniedException: Access is denied
    	at org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:347)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:174)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
    	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at ro.crispico.gioppi.web.filter.MessageFilter.doFilter(MessageFilter.java:40)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
    	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    	at java.lang.Thread.run(Thread.java:595)
    [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_403_EXCEPTION
    [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed

    Comment


    • #3
      Originally posted by cristis1

      I imagine that the user is retreive somehow from the server's persistent storage, but with no authority. (the second bloc of log).
      Could you post your configuration please, as it's very hard to work out what's going on without any information on what kind of authentication is actually being used. The debug log from the authentication provider would also be useful.

      Comment


      • #4
        Thank you for the reply.

        The configuration of the acegi system is preety much based on the AppFuse application:

        Code:
        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
            "http://www.springframework.org/dtd/spring-beans.dtd">
        
        <beans>
        
            <!-- ======================== FILTER CHAIN ======================= -->
            <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
                <property name="filterInvocationDefinitionSource">
                    <value>
                        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                        PATTERN_TYPE_APACHE_ANT
                        /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,remoteUserFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                    </value>
                    <!-- Put channelProcessingFilter before remoteUserFilter to turn on SSL switching -->
                    <!-- It's off by default b/c Canoo WebTest doesn't support SSL out-of-the-box -->
                </property>
            </bean>
        
            <!-- ======================== AUTHENTICATION ======================= -->
        
            <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
                 The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
                 Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
            <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="accessDecisionManager" ref="accessDecisionManager"/>
                 <property name="objectDefinitionSource">
                    <value>
                        PATTERN_TYPE_APACHE_ANT
                        /userList.jspm*=admin
                        /driverList.jspm*=user,tech,admin
                        /editDriver.jspm*=admin
                        /updateDrivers.jspm*=admin,tech
                        /vehicleList.jspm*=user,tech,admin
                        /editVehicle.jspm*=admin
                        /addressList.jspm*=user,tech,admin
                        /editAddress.jspm*=admin
                        /flightList.jspm*=user,tech,admin
                        /editFlight.jspm*=tech
                        /containerList.jspm*=user,tech,admin
                        /editContainer.jspm*=tech
                        /editFlightContainers.jspm*=tech
                        /editParking.jspm*=admin
                        /editProfile.jspm*=user,tech,admin
                        /editUser.jspm*=user,tech,admin
                        /unitSelect.jspm*=user,tech,admin
                        /**/*.jspm*=admin,user,tech
                        /**/*.jsp*=admin,user,tech                
                    </value>
                </property>
            </bean>
        
            <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
                <property name="providers">
                    <list>
                        <ref local="daoAuthenticationProvider"/>
        <!--            <ref local="rememberMeAuthenticationProvider"/>
        -->
                    </list>
                </property>
            </bean>
           
            <!-- Log failed authentication attempts to commons-logging -->
            <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
            
            <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
                 <property name="userDetailsService" ref="userDao"/>
                 <property name="userCache" ref="userCache"/>
                 <property name="passwordEncoder" ref="passwordEncoder"/>
            </bean>
        
            <!-- This bean definition must be available to ApplicationContext.getBean() so StartupListener
                 can look for it and detect if password encryption is turned on or not -->
            <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/>
        
            <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
                <property name="rolePrefix" value=""/>
            </bean>
        
            <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
                <property name="allowIfAllAbstainDecisions" value="false"/>
                <property name="decisionVoters">
                    <list>
                        <ref local="roleVoter"/>
                    </list>
                </property>
            </bean>
            
            <!-- ===================== HTTP REQUEST SECURITY ==================== -->
            <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
            
            <bean id="authenticationProcessingFilter" class="ro.crispico.util.acegi.CustomAuthenticationProcessingFilter">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="authenticationFailureUrl" value="/login.jspx?error=true"/>
                <property name="defaultTargetUrl" value="/"/>
                <property name="filterProcessesUrl" value="/j_security_check"/>
                <property name="rememberMeServices" ref="rememberMeServices"/>
            </bean>
            
            <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
                <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/>
            </bean>
            
            <bean id="remoteUserFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
        
            <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                <property name="loginFormUrl" value="/login.jspx"/>
                <property name="forceHttps" value="false"/>
            </bean>
            
            <bean id="userManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="accessDecisionManager" ref="accessDecisionManager"/>
                <property name="objectDefinitionSource">
                     <value>
                         ro.crispico.gioppi.service.UserService.getUsers=admin
                         ro.crispico.gioppi.service.UserService.removeUser=admin
                     </value>
                </property>
            </bean>
            
            <!-- ===================== REMEMBER ME ==================== -->
            <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="rememberMeServices" ref="rememberMeServices"/>
            </bean>
         
            <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> 
                <property name="userDetailsService" ref="userDao"/>
                <property name="key" value="appfuseRocks"/> 
                <property name="parameter" value="rememberMe"/>
            </bean> 
          
            <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> 
                <property name="key" value="appfuseRocks"/>
            </bean>
            
            <!-- ===================== SSL SWITCHING ==================== -->
            <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
                <property name="channelDecisionManager" ref="channelDecisionManager"/>
                <property name="filterInvocationDefinitionSource">
                    <value>
                        PATTERN_TYPE_APACHE_ANT
                        /login*=REQUIRES_SECURE_CHANNEL
                        /j_security_check*=REQUIRES_SECURE_CHANNEL
                        /**=REQUIRES_INSECURE_CHANNEL
                    </value>
                </property>
            </bean>
        
            <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
                <property name="channelProcessors">
                    <list>
                        <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
                        <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
                    </list>
                </property>
            </bean>
        </beans>
        CustomAuthenticationProcessingFilter adds some specific processing after the authentication. I don't think it is the problem, as I had the same issue before customizing this filter.

        The log generated after a succesfull authentication follows.
        Thank you,
        Cristian.
        Last edited by cristis1; Jun 4th, 2006, 10:47 AM.

        Comment


        • #5
          Code:
          [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/j_security_check'; to: '/j_security_check'
          [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/j_security_check'; pattern is /**; matched=true
          [gioppi] DEBUG FilterChainProxy.doFilter(297) | /j_security_check at position 1 of 6 in additional filter chain; firing Filter: '[email protected]7d25'
          [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(195) | HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
          [gioppi] DEBUG FilterChainProxy.doFilter(297) | /j_security_check at position 2 of 6 in additional filter chain; firing Filter: '[email protected]1'
          [gioppi] DEBUG AbstractProcessingFilter.doFilter(220) | Request is to process authentication
          [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_LAST_USERNAME
          [gioppi] DEBUG ProviderManager.doAuthentication(202) | Authentication attempt using org.acegisecurity.providers.dao.DaoAuthenticationProvider
          [gioppi] DEBUG EhCacheBasedUserCache.getUserFromCache(71) | Cache hit: false; username: tech
          Hibernate: select user0_.id as id43_, user0_.version as version43_, user0_.username as username43_, user0_.password as password43_, user0_.firstName as firstName43_, user0_.lastName as lastName43_, user0_.account_enabled as account7_43_, user0_.account_expired as account8_43_, user0_.account_locked as account9_43_, user0_.credentials_expired as credent10_43_, user0_.unitId as unitId43_ from gioppi.app_user user0_ where user0_.username=?
          Hibernate: select roles0_.user_id as user1_0_, roles0_.role_id as role2_0_ from gioppi.user_roles roles0_ where roles0_.user_id=?
          Hibernate: select role0_.id as id41_0_, role0_.name as name41_0_, role0_.description as descript3_41_0_ from gioppi.role role0_ where role0_.id=?
          Hibernate: select role0_.id as id41_0_, role0_.name as name41_0_, role0_.description as descript3_41_0_ from gioppi.role role0_ where role0_.id=?
          [gioppi] DEBUG EhCacheBasedUserCache.putUserInCache(90) | Cache put: tech
          XXX: apelare getAuthorities(), [user, tech]
          [gioppi] WARN LoggerListener.onApplicationEvent(60) | Authentication event AuthenticationSuccessEvent: tech; details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989
          [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: unit
          Hibernate: select unit0_.id as id42_0_, unit0_.name as name42_0_, unit0_.color as color42_0_, unit0_.defaultDepot as defaultD4_42_0_ from gioppi.Unit unit0_ where unit0_.id=?
          [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: unitname
          Hibernate: select this_.id as id42_0_, this_.name as name42_0_, this_.color as color42_0_, this_.defaultDepot as defaultD4_42_0_ from gioppi.Unit this_
          [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: globalSettings
          [gioppi] DEBUG AbstractProcessingFilter.successfulAuthentication(392) | Authentication success: [email protected]fcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech
          [gioppi] DEBUG AbstractProcessingFilter.successfulAuthentication(398) | Updated SecurityContextHolder to contain the following Authentication: '[email protected]fcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
          [gioppi] DEBUG AbstractProcessingFilter.successfulAuthentication(416) | Redirecting to target URL from HTTP Session (or default): http://localhost:8080/gioppi/index2.jspm
          [gioppi] DEBUG TokenBasedRememberMeServices.loginSuccess(294) | Did not send remember-me cookie (principal did not set parameter 'rememberMe')
          [gioppi] WARN LoggerListener.onApplicationEvent(60) | Authentication event InteractiveAuthenticationSuccessEvent: tech; details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989
          [gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_CONTEXT

          Comment


          • #6
            Code:
            [gioppi] DEBUG UserCounterListener.incrementUserCounter(58) | User Count: 1
            [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(276) | SecurityContext stored to HttpSession: 'org.acegisecurity.context.SecurityContextImpl@ffcd5a60: Authentication: [email protected]fcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
            [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/index2.jspm'; to: '/index2.jspm'
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**; matched=true
            [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 1 of 6 in additional filter chain; firing Filter: '[email protected]7d25'
            [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@ffcd5a60: Authentication: [email protected]fcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
            [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 2 of 6 in additional filter chain; firing Filter: '[email protected]1'
            [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@1984f7d'
            [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 4 of 6 in additional filter chain; firing Filter: '[email protected]d'
            [gioppi] DEBUG RememberMeProcessingFilter.doFilter(168) | SecurityContextHolder not populated with remember-me token, as it already contained: '[email protected]fcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
            [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@731f3f'
            [gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@86988'
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /userList.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /driverList.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editDriver.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /updateDrivers.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /vehicleList.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editVehicle.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /addressList.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editAddress.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /flightList.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlight.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /containerList.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editContainer.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlightContainers.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editParking.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editProfile.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editUser.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /unitSelect.jspm*; matched=false
            [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**/*.jspm*; matched=true
            [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(301) | Secure object: FilterInvocation: URL: /index2.jspm; ConfigAttributes: [admin, user, tech]
            [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(340) | Previously Authenticated: [email protected]fcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech
            [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(358) | Authorization successful
            [gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(371) | RunAsManager did not change Authentication object
            [gioppi] DEBUG FilterChainProxy.doFilter(288) | /index2.jspm reached end of additional filter chain; proceeding with original chain
            [gioppi] DEBUG ExceptionTranslationFilter.doFilter(146) | Chain processed normally
            [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed

            Comment


            • #7
              Originally posted by cristis1
              Thank you for the reply.

              CustomAuthenticationProcessingFilter adds some specific processing after the authentication. I don't think it is the problem, as I had the same issue before customizing this filter.
              Could you explain what kind of processing you do after the user is authenticated?

              The user information appears to be correctly loaded from the database.

              Comment


              • #8
                I replaced CustomAuthenticationProcessingFilter with the original AuthenticationProcessingFilter but it is the same thing.

                There's another thing I don't understand though. In the second login attempt (after the server restart), acegi says that the users is authenticated, but it has no granted authorities:

                Code:
                [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: [email protected]: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null'
                In the code of the User class, I added a log message when getAuthorities() is called:
                Code:
                XXX: apelare getAuthorities(), [user, tech]
                .

                As one can see from the logs, this method is called after a succesfull authentication, but it is not called when trying to acces a ressource after a server restart. So I could guess that acegi doesn't actually instantiate a User instance in this case? And if it does not, what does it get from the Tomcat's persistent storage?

                And another strange thing: here is a piece of log after a succesfully served ressource:
                Code:
                [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/missionlist.jspm'; to: '/missionlist.jspm'
                [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionlist.jspm'; pattern is /**; matched=true
                [gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 1 of 6 in additional filter chain; firing Filter: '[email protected]9ef9'
                [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@fed01e40: Authentication: [email protected]ed01e40: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 7687A9AD69685A8DFB07E804C076D1BC; Granted Authorities: user, tech'
                after comparing to this:
                Code:
                [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/containerlist.jspm'; to: '/containerlist.jspm'
                [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/containerlist.jspm'; pattern is /**; matched=true
                [gioppi] DEBUG FilterChainProxy.doFilter(297) | /containerList.jspm at position 1 of 6 in additional filter chain; firing Filter: '[email protected]976'
                [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: [email protected]: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 7687A9AD69685A8DFB07E804C076D1BC; Granted Authorities: null, null'
                I noticed a strange thing: org.acegisecurity.context.SecurityContextImpl@fed0 1e40: Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@fed01e40

                and

                org.acegisecurity.context.SecurityContextImpl@0: Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@0

                I guess the 2 objects SecurityContextImpl and UsernamePasswordAuthenticationToken use the standard java toString impl, so what is the meaning of 0 in this case?



                Thank you,
                Cristian.
                Last edited by cristis1; Jun 5th, 2006, 11:25 AM.

                Comment


                • #9
                  I think the correct question to ask is why my user object is not correctly deserialized or/and serialized. Besides the roles list that is null, I noticed that another object associated to the user is also loaded as null.

                  Comment


                  • #10
                    Sorry, I hadn't actually noticed you were talking about a server restart.

                    It does look like some kind of serialization issue. Both the classes you mention have their own toString methods, but I don't know what's going on.

                    Do you definately need to have sessions restored after a restart. Presumably the persisted session data will also contain sensitive information like user passwords etc.

                    Comment


                    • #11
                      Thanks Luke.
                      I figured it out. My Role class wasn't correctly deserialized because it was inheriting from classes that were not serializable. Now all the parents of Role, including Role implement serializable, so Tomcat correctly persists them into its persistent storage.

                      Comment

                      Working...
                      X