Announcement Announcement Module
Collapse
No announcement yet.
Pls, give some example Acegi usage in the servlets. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pls, give some example Acegi usage in the servlets.

    How can I use it in the servlets? I'd like to look at some example.
    I'm not very experienced in jstl.

    1.
    What's value for: <form action="<c:url value='j_security_check'/>" method="POST">? How to set/get it? It seems action just has a value 'j_security_check' and that's all. Is it correct?

    What to do with application-context XML settings?
    <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilter">.........
    <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
    <property name="defaultTargetUrl"><value>/</value></property>
    <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    ........
    <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilterEntryPoint">
    <property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
    ........


    2. The second part of the question.

    I need instance-based ACL so I looked 'contacts.war'. I have 'transaction supported' component which should be controlled with ACL. So I used 'contacts example' and wrote:


    .....
    <bean id="backendContactManagerTarget" class="business.CommunityManagerImpl"/>......

    I'm getting error:
    .....
    Context initialization failed org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'backendContactManagerTarget' defined in resource [/WEB-INF/applicationContext-hibernate.xml] of ServletContext: Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: sessionFactory or hibernateTemplate is required java.lang.IllegalArgumentException: sessionFactory or hibernateTemplate is required.

    That's correct. So I changed this bean to:

    <bean id="backendCommunityManagerTarget" parent="baseTransactionProxy">
    <property name="target" >
    <bean class="CommunityManagerImpl">
    <property name="sessionFactory">
    <ref local="sessionFactory"/>
    </property>
    </bean>
    </property>
    </bean>

    So I'm getting several errors for every 'acegi filter' from the web.xml:

    ..........
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'channelProcessingFilter'
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'channelDecisionManager'
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'secureChannelProcessor'
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'insecureChannelProcessor'
    INFO [ChannelProcessingFilter] Validated configuration attributes
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'authenticationProcessingFilter'
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'securityEnforcementFilter'
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'filterInvocationInterceptor'
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'httpRequestAccessDecisionManager'
    INFO [AbstractSecurityInterceptor] Validated configuration attributes
    INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'authenticationProcessingFilterEntryPoint'
    INFO [ContextLoader] Using context class [org.springframework.web.context.support.XmlWebAppl icationContext] for root WebApplicationContext
    INFO [ContextLoader] Published root WebApplicationContext [org.springframework.web.context.support.XmlWebAppl icationContext: displayName=[Root XmlWebApplicationContext]; startup date=[Mon Nov 01 17:39:23 EET 2004]; root of ApplicationContext hierarchy; config locations=[/WEB-INF/applicationContext-hibernate.xml]; ] as ServletContext attribute with name [interface org.springframework.web.context.WebApplicationCont ext.ROOT]

    1) ERROR [Engine] StandardContext[]Exception starting filter Acegi Authentication Processing Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
    at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
    .........
    2) ERROR [Engine] StandardContext[]Exception starting filter Acegi Security System for Spring Auto Integration Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
    .........
    3) ERROR [Engine] StandardContext[]Exception starting filter Acegi Channel Processing Filter
    org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
    .......
    4) ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP Request Security Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
    ........
    5) ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP BASIC Authorization Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
    ..........

    But I have other 'transaction supported' componets and they work fine.

    <bean id="baseTransactionProxy" class="org.springframework.transaction.interceptor .TransactionProxyFactoryBean"
    abstract="true">
    <property name="transactionManager">
    <ref bean="transactionManager"/>
    </property>
    <property name="transactionAttributes">
    <props>
    <prop key="get*">PROPAGATION_REQUIRED,readOnly</prop>
    ..........
    </props>
    </property>
    </bean>

    <bean id="questionManager" parent="baseTransactionProxy">
    <property name="target">
    <bean class="business.QuestionnaireManagerImpl">
    <property name="sessionFactory">
    <ref local="sessionFactory"/>
    </property>
    </bean>
    </property>
    </bean>

    What's wrong with component which must be 'transactional + secured'?

    I've tried another configuration:

    <bean id="communityManagerFacade" class="org.springframework.aop.framework.ProxyFact oryBean">
    <property name="proxyInterfaces"><value>business.CommunityMa nager</value></property>
    <property name="target"><ref local="backendCommunityManagerTarget"/></property>
    <property name="interceptorNames">
    <list>
    <idref local="publicCommunityManagerSecurity"/>
    </list>
    </property>
    </bean>
    ........
    <bean id="backendCommunityManagerTarget" parent="baseTransactionProxy">
    <property name="target" >
    <bean class="business.CommunityManagerImpl">
    <property name="sessionFactory">
    <ref local="sessionFactory"/>
    </property>
    </bean>
    </property>
    </bean>

    The result is the same - errors for every acegi filter.


    3.
    Where I can put my 'own' filter which corrects encoding, before or after 'Acegi filters'? I tried both approaches but result is the same.

    <filter>
    <filter-name>WebAction</filter-name>
    <filter-class>web.WebAction</filter-class>
    <init-param>
    <param-name>requestEncoding</param-name>
    <param-value>Cp1251</param-value>
    </init-param>
    </filter>


    Thanks in advance.

  • #2
    Have you tried using org.springframework.aop.framework.ProxyFactoryBean to wire your security, transaction and then target bean?

    Regarding your encoding filter not working Acegi Security filters, would you please describe the behaviour you're seeing a little more.

    Concerning your first question, the form posts to j_security_check. In the default configuration AuthenticationProcessingFilter listens for requests to /j_acegi_security_check. So unless your have changed this configuration setting (and it has not been changed in the XML you included in your post) you will need to ensure the form HTML posts to /j_acegi_security_check.

    Comment


    • #3
      >>Have you tried using org.springframework.aop.framework.
      >>ProxyFactoryBean to wire your security, transaction and then target bean?

      Now I don't have a clue how make it in the right way... There is only 'security wiring' in the 'contacts.war' but not 'security + transaction'.

      I'm using Jboss 3.2.5, Spring 1.1, Hibernate 2.1.6 for the Web applicatioin (serlvets + Freemaker template engine) trying to use Acegi as main security framework and remove all custom security checks/implementation.

      'Transational' beans with proxies work fine. They are implemented on the Spring base classes and have 'SessionFactory' (hibernate) + 'transaction' injection.

      Now I have architecture for 'secured' bean:
      'Facade' class holds 'backend' bean. They both implement common interface. I'd like to set up 'security wrapper' (also for ACL) around 'facade' and 'transactional wrapper' around 'backend'. Something doesn't work as deployment fails. Or may be better make 'transaction' around 'facade' also? But I don't know how make it better.

      >>Regarding your encoding filter not working Acegi Security filters,
      >>would you please describe the behaviour you're seeing a little more.

      Deployment fails on the app startup.

      Project deploys 'almost fine' and fails at the end. Sorry for such a long log.

      [DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilter'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilterEntryPoint'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'autoIntegrationFilter'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'roleVoter'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communitySecurityVoter'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'businessAccessDecisionManager'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'publicCommunityManagerSecurity'
      .........
      INFO [AbstractSecurityInterceptor] Validated configuration attributes
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communityManagerFacade'
      INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'backendCommunityManagerTarget'
      .....
      [HERE AS IT WAS SHOWN EARLIER]....
      .....
      ERROR [Engine] StandardContext[]Exception starting filter Acegi Authentication Processing Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
      at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
      at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
      at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
      at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
      at org.apache.catalina.core.ApplicationFilterConfig.s etFilterDef(ApplicationFilterConfig.java:308)
      at org.apache.catalina.core.ApplicationFilterConfig.< init>(ApplicationFilterConfig.java:79)
      at org.apache.catalina.core.StandardContext.filterSta rt(StandardContext.java:3676)
      at org.apache.catalina.core.StandardContext.start(Sta ndardContext.java:4327)
      at org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:823)
      at org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:807)
      at org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:595)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
      at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
      at org.apache.catalina.core.StandardContext.init(Stan dardContext.java:5412)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
      at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
      at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loyInternal(TomcatDeployer.java:286)
      at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loy(TomcatDeployer.java:70)
      at org.jboss.web.AbstractWebDeployer.start(AbstractWe bDeployer.java:306)
      at org.jboss.web.WebModule.startModule(WebModule.java :62)
      at org.jboss.web.WebModule.startService(WebModule.jav a:40)
      at org.jboss.system.ServiceMBeanSupport.jbossInternal Start(ServiceMBeanSupport.java:271)
      ......
      INFO [STDOUT] web.WebAction init
      INFO: .::WEB Action init...
      INFO [STDOUT] web.WebAction loadProperties
      INFO: loadProperties
      >>> My own filter starts fine. <<<

      ERROR [Engine] StandardContext[]Exception starting filter Acegi Security System for Spring Auto Integration Filter
      org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
      at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
      at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
      at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
      at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
      ............
      ERROR [Engine] StandardContext[]Exception starting filter Acegi Channel Processing Filter
      org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
      at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
      at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
      at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
      at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
      ...........
      ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP Request Security Filter
      org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
      at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
      at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
      at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
      at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
      .............
      ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP BASIC Authorization Filter
      org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
      at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
      at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
      at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
      at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
      at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
      .........
      ERROR [Context] Error filterStart
      ERROR [Context] Context startup failed due to previous errors
      INFO [Engine] StandardContext[]Closing root WebApplicationContext
      INFO [XmlWebApplicationContext] Closing application context [Root XmlWebApplicationContext]
      INFO [DefaultListableBeanFactory] Destroying singletons in factory {org.springframework.beans.factory.support.Default ListableBeanFactory defining beans [dataSource,sessionFactory,transactionManager,baseT ransactionProxy,.................,runAsManager,
      runAsAuthenticationProvider,authByAdapterProvider, authenticationManager,inMemoryDaoImpl,daoAuthentic ationProvider,basicProcessingFilter,basicProcessin gFilterEntryPoint,
      autoIntegrationFilter,roleVoter,communitySecurityV oter,businessAccessDecisionManager,publicCommunity ManagerSecurity,communityManagerFacade,backendComm unityManagerTarget,
      channelProcessingFilter,authenticationProcessingFi lter,securityEnforcementFilter,authenticationProce ssingFilterEntryPoint,httpRequestAccessDecisionMan ager,
      channelDecisionManager,secureChannelProcessor,inse cureChannelProcessor,filterInvocationInterceptor]; Root of BeanFactory hierarchy}
      10:43:50,348 INFO [LocalSessionFactoryBean] Closing Hibernate SessionFactory
      10:43:50,348 INFO [SessionFactoryImpl] closing
      .......
      And Web app deployment fails at the end.

      >>Concerning your first question, the form posts to j_security_check. In the default configuration
      >>AuthenticationProcessingFilter listens for requests to /j_acegi_security_check.
      Thanks. I've left it as it's in the example.


      I've already tried to use ProxyFactoryBean. I used custom 'Advice' and custom 'Interceptor' they work fine. Something like that:

      <bean id="communityManager" parent="baseTransactionProxy">
      <property name="target">
      <bean class="business.CommunityManagerImpl">
      <property name="sessionFactory">
      <ref local="sessionFactory"/>
      </property>
      </bean>
      </property>
      <property name="preInterceptors">
      <list>
      <ref local="myAdvisor"/>
      </list>
      </property>
      </bean>

      <bean id="myAdvice" class="security.advice.CommunityBeforeAdvice">
      <property name="securityManager">
      <ref bean="securityManager"/>
      </property>
      </bean>

      <bean id="myAdvisor" class="org.springframework.aop.support.NameMatchMe thodPointcutAdvisor">
      <constructor-arg>
      <ref local="myAdvice"/>
      </constructor-arg>
      <property name="mappedNames">
      <list>
      <value>storeCommunity</value>
      <value>deleteCommunity</value>
      </list>
      </property>

      But I hope the Acegi is better approach then 'custom implementation'. Is case I'm not be able use Acegi I'll write my own 'Interceptors' and will check ACL using custom scenario.

      Comment


      • #4
        [quote="blandger"]>>Have you tried using org.springframework.aop.framework.
        >>ProxyFactoryBean to wire your security, transaction and then target bean?

        Now I don't have a clue how make it in the right way... There is only 'security wiring' in the 'contacts.war' but not 'security + transaction'.

        I'm using Jboss 3.2.5, Spring 1.1, Hibernate 2.1.6 for the Web applicatioin (serlvets + Freemaker template engine) trying to use Acegi as main security framework and remove all custom security checks/implementation.

        'Transational' beans with proxies work fine. They are implemented on the Spring base classes and have 'SessionFactory' (hibernate) + 'transaction' injection.

        Now I have architecture for 'secured' bean:
        'Facade' class holds 'backend' bean. They both implement common interface. I'd like to set up 'security wrapper' (also for ACL) around 'facade' and 'transactional wrapper' around 'backend'. Something doesn't work as deployment fails. Or may be better make 'transaction' around 'facade' also? But I don't know how make it better.

        >>Regarding your encoding filter not working Acegi Security filters,
        >>would you please describe the behaviour you're seeing a little more.
        Deployment fails on the app startup.

        I can easy remove 'filters' from the application.xml
        ( <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilter">...) the deployment exception is still there. But If I remove 'filters' from the web.xml when error goes away (but nothing works of course).

        Project deploys 'almost fine' and fails at the end. Sorry for such a long log.

        [DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilter'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilterEntryPoint'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'autoIntegrationFilter'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'roleVoter'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communitySecurityVoter'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'businessAccessDecisionManager'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'publicCommunityManagerSecurity'
        .........
        INFO [AbstractSecurityInterceptor] Validated configuration attributes
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communityManagerFacade'
        INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'backendCommunityManagerTarget'
        .....
        [HERE AS IT WAS SHOWN EARLIER]....
        .....
        ERROR [Engine] StandardContext[]Exception starting filter Acegi Authentication Processing Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
        at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
        at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
        at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
        at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
        at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
        at org.apache.catalina.core.ApplicationFilterConfig.s etFilterDef(ApplicationFilterConfig.java:308)
        at org.apache.catalina.core.ApplicationFilterConfig.< init>(ApplicationFilterConfig.java:79)
        at org.apache.catalina.core.StandardContext.filterSta rt(StandardContext.java:3676)
        at org.apache.catalina.core.StandardContext.start(Sta ndardContext.java:4327)
        at org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:823)
        at org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:807)
        at org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:595)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
        at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
        at org.apache.catalina.core.StandardContext.init(Stan dardContext.java:5412)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
        at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
        at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loyInternal(TomcatDeployer.java:286)
        at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loy(TomcatDeployer.java:70)
        at org.jboss.web.AbstractWebDeployer.start(AbstractWe bDeployer.java:306)
        at org.jboss.web.WebModule.startModule(WebModule.java :62)
        at org.jboss.web.WebModule.startService(WebModule.jav a:40)
        at org.jboss.system.ServiceMBeanSupport.jbossInternal Start(ServiceMBeanSupport.java:271)
        ......
        INFO [STDOUT] web.WebAction init
        INFO: .::WEB Action init...
        INFO [STDOUT] web.WebAction loadProperties
        INFO: loadProperties
        >>> My own filter starts fine. <<<

        ERROR [Engine] StandardContext[]Exception starting filter Acegi Security System for Spring Auto Integration Filter
        org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
        at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
        at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
        at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
        at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
        at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
        ............
        ERROR [Engine] StandardContext[]Exception starting filter Acegi Channel Processing Filter
        org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
        at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
        at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
        at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
        at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
        at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
        ...........
        ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP Request Security Filter
        org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
        at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
        at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
        at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
        at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
        at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
        .............
        ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP BASIC Authorization Filter
        org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
        at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
        at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
        at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
        at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
        at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
        .........
        ERROR [Context] Error filterStart
        ERROR [Context] Context startup failed due to previous errors
        INFO [Engine] StandardContext[]Closing root WebApplicationContext
        INFO [XmlWebApplicationContext] Closing application context [Root XmlWebApplicationContext]
        INFO [DefaultListableBeanFactory] Destroying singletons in factory {org.springframework.beans.factory.support.Default ListableBeanFactory defining beans [dataSource,sessionFactory,transactionManager,baseT ransactionProxy,.................,runAsManager,
        runAsAuthenticationProvider,authByAdapterProvider, authenticationManager,inMemoryDaoImpl,daoAuthentic ationProvider,basicProcessingFilter,basicProcessin gFilterEntryPoint,
        autoIntegrationFilter,roleVoter,communitySecurityV oter,businessAccessDecisionManager,publicCommunity ManagerSecurity,communityManagerFacade,backendComm unityManagerTarget,
        channelProcessingFilter,authenticationProcessingFi lter,securityEnforcementFilter,authenticationProce ssingFilterEntryPoint,httpRequestAccessDecisionMan ager,
        channelDecisionManager,secureChannelProcessor,inse cureChannelProcessor,filterInvocationInterceptor]; Root of BeanFactory hierarchy}
        10:43:50,348 INFO [LocalSessionFactoryBean] Closing Hibernate SessionFactory
        10:43:50,348 INFO [SessionFactoryImpl] closing
        .......
        And Web app deployment fails at the end.

        >>Concerning your first question, the form posts to j_security_check. In the default configuration
        >>AuthenticationProcessingFilter listens for requests to /j_acegi_security_check.
        Thanks. I've left it as it's in the example.


        I've already tried to use ProxyFactoryBean. I used custom 'Advice' and custom 'Interceptor' they work fine. Something like that:

        <bean id="communityManager" parent="baseTransactionProxy">
        <property name="target">
        <bean class="business.CommunityManagerImpl">
        <property name="sessionFactory">
        <ref local="sessionFactory"/>
        </property>
        </bean>
        </property>
        <property name="preInterceptors">
        <list>
        <ref local="myAdvisor"/>
        </list>
        </property>
        </bean>

        <bean id="myAdvice" class="security.advice.CommunityBeforeAdvice">
        <property name="securityManager">
        <ref bean="securityManager"/>
        </property>
        </bean>

        <bean id="myAdvisor" class="org.springframework.aop.support.NameMatchMe thodPointcutAdvisor">
        <constructor-arg>
        <ref local="myAdvice"/>
        </constructor-arg>
        <property name="mappedNames">
        <list>
        <value>storeCommunity</value>
        <value>deleteCommunity</value>
        </list>
        </property>

        But I hope the Acegi is better approach then 'custom implementation'. Is case I'm not be able use Acegi I'll write my own 'Interceptors' and will check ACL using custom scenario.

        Comment


        • #5
          I am successfully using both Acegi Security's MethodSecurityInterceptor and Spring's TransactionInterceptor for the same beans. I am using Acegi Security's new MethodDefinitionSourceAdvisor and Spring's AttributesTransactionAttributeSource along with DefaultAdvisorAutoProxyCreator to do this.

          Regarding the filter errors, they appear related to the problematic bean configuration related to combined secured/transactional beans, so once you sort this out I am sure the filters will load correctly.

          Comment

          Working...
          X