Announcement Announcement Module
Collapse
No announcement yet.
[Newbie inside]Trouble to get Authentification obj in jsp Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Newbie inside]Trouble to get Authentification obj in jsp

    Hello there,
    I'm building a webapp (tomcat/spring) and start including security with acegi.

    My pb is that authentification looks to work (i.e. if i was not authentifiate i get redirected to the login form) great, but this code

    Code:
    <% 
    		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    		if (auth != null) { %>
    			Authentication object is of type: <%= auth.getClass().getName() %><BR><BR>
    			Authentication object as a String: <%= auth.toString() %><BR><BR>
    			
    			Authentication object holds the following granted authorities:<BR><BR>
    <%			GrantedAuthority[] granted = auth.getAuthorities();
    			for (int i = 0; i < granted.length; i++) { %>
    				<%= granted[i].toString() %> (getAuthority(): <%= granted[i].getAuthority() %>)<BR>
    <%			}
    
    			if (auth instanceof AuthByAdapter) { %>
    				<BR><B>SUCCESS! Your container adapter appears to be properly configured!</B><BR><BR>
    <%			} else { %>
    				<BR><B>SUCCESS! Your web filters appear to be properly configured!</B><BR>
    <%			}
    			
    		} else { %>
    			Authentication object is null.<BR>
    			This is an error and your Acegi Security application will not operate properly until corrected.<BR><BR>
    <%		}%>
    inside my jsp View show me that the Authentifaction object is null

    why?

    here is my security config
    Code:
    	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
             <value>
    		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    		    PATTERN_TYPE_APACHE_ANT            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
               </value>
          </property>
        </bean>
        
    	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
    		<property name="userCache"><ref local="userCache"/></property>
    	</bean>
    
    	<!-- daoImpl -->
    	<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    		<property name="userMap">
    			<value>
    				sg=xxx,ROLE_USER,ROLE_ROOT
    				jc=xxx,ROLE_USER
    			</value>
    		</property>
    	</bean>
    
    	<!-- cache -->
       <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
        
       <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
          <property name="cacheManager">
             <ref local="cacheManager"/>
          </property>
          <property name="cacheName">
             <value>userCache</value>
          </property>
       </bean>
       
       <bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
          <property name="cache"><ref local="userCacheBackend"/></property>
       </bean>
    
    	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
    	    <property name="providers">
    	        <list>
    	            <ref bean="daoAuthenticationProvider"/>
    	            <ref bean="anonymousAuthenticationProvider"/>
    	            <ref local="rememberMeAuthenticationProvider"/>	            
    	        </list>
    	    </property>
    	</bean>
    	
    	<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
    		<property name="key"><value>guest</value></property>
    	</bean>
    	
       <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
          <property name="key"><value>guest</value></property>
          <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
       </bean>
    
       <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> 
       		
       <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
       </bean>
    	
    	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
          <property name="authenticationManager"><ref local="authenticationManager"/></property>
          <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
       </bean>
    
       <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
          <property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
          <property name="key"><value>springRocks</value></property>
       </bean>
       
       <bean id="httpRequestIntegrationFilter" class="org.acegisecurity.adapters.HttpRequestIntegrationFilter">
       </bean>
    
       <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
          <property name="key"><value>springRocks</value></property>
       </bean>
    
    
       <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
          <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
       </bean>
    
       <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/login.html?login_error=1</value></property>
          <property name="defaultTargetUrl"><value>/element/list.html</value></property>
          <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    	  <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
       </bean>
    
       <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl"><value>/login.html</value></property>
          <property name="forceHttps"><value>false</value></property>
       </bean>
    
       <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref bean="roleVoter"/>
             </list>
          </property>
       </bean>
    
       <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
          <property name="objectDefinitionSource">
             <value>
    			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    			    PATTERN_TYPE_APACHE_ANT
    			    /login.html*=ROLE_ANONYMOUS,ROLE_USER
    			    /costing/*=ROLE_COSTING,ROLE_USER,ROLE_ROOT
    			    /element/*=ROLE_ELEMENT,ROLE_USER,ROLE_ROOT
    			    /rollup/*=ROLE_ROLLUP,ROLE_USER,ROLE_ROOT
    				/**=ROLE_USER,ROLE_ROOT
             </value>
          </property>
       </bean>
       
       <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
       	
    </beans>
    looking at the logs i saw this:

    Code:
    DEBUG http-8080-1 org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap - Candidate is: '/pages/js/confirmation.jsp'; pattern is /**; matched=true
    DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /pages/js/confirmation.jsp; ConfigAttributes: [ROLE_USER, ROLE_ROOT]
    DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Previously Authenticated: [email protected]a22c2a1: Username: org.acegisecurity.userdetails.User@0: Username: sg; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, ROLE_ROOT; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 3DB9E41C591AE156E2C30902A3BA26D3; Granted Authorities: ROLE_USER, ROLE_ROOT
    DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Authorization successful
    DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - RunAsManager did not change Authentication object
    DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /pages/js/confirmation.jsp reached end of additional filter chain; proceeding with original chain
    DEBUG http-8080-1 org.acegisecurity.ui.ExceptionTranslationFilter - Chain processed normally
    DEBUG http-8080-1 org.acegisecurity.context.HttpSessionContextIntegrationFilter - SecurityContextHolder set to new context, as request processing completed
    The very last line puzzle me.

    Any help would be much appreciate.
    nota: sitemesh decorate all views

  • #2
    i changed some config here
    {{{
    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="authenticationFailureUrl"><value>/login.html?login_error=1</value></property>
    <property name="defaultTargetUrl"><value>/element/list.html</value></property>
    <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
    </bean>

    <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
    <property name="loginFormUrl"><value>/login.html</value></property>
    <property name="forceHttps"><value>false</value></property>
    </bean>
    }}}

    to
    {{{
    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
    <property name="defaultTargetUrl"><value>/element/list.html</value></property>
    <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
    </bean>

    <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
    <property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
    <property name="forceHttps"><value>false</value></property>
    </bean>
    }}}
    so the login form is no more a spring view, it is astd jsp file.

    No more success.

    Comment


    • #3
      Why are you using scriptlets to access the security context. Just use the acegi taglibrary to access and check rights etc.

      Comment


      • #4
        actually i was using the taglib
        Code:
        <%@ taglib uri="http://acegisecurity.org/authz" prefix="authz" %>
        <authz:authentication operation="username"/>
        with no success so i added the scriptlet for debug purpose.

        Comment


        • #5
          more investigations shows me this:

          i add this scriptlet to see session content:
          Code:
          	<div class="session">
          	    <h1> Get all session-scoped attributes </h1>
          	    <%
          	    if (session != null) {
          			java.util.Enumeration attr = session.getAttributeNames();
          	        for (; attr.hasMoreElements(); ) {
          	            // Get the name of the attribute
          	            String name = (String)attr.nextElement(); %>
          	            
          	            <%= name %> <%
          	    
          	            // Get the value of the attribute
          	            Object value = session.getAttribute(name);
          	            %>
          	            
          	            <%= value.toString() %> <br/> <%
          	        }
          	    }
          	    %><hr/>
            		<%= SecurityContextHolder.getContext() %>
          	</div>
          Here is the output:
          Code:
          ACEGI_SECURITY_LAST_USERNAME sg
          ACEGI_SAVED_REQUEST_KEY SavedRequest[http://localhost:8080/xcost/element/list.html]
          ACEGI_SECURITY_CONTEXT org.acegisecurity.context.SecurityContextImpl@5dc82df: Authentication: [email protected]dc82df: Username: org.acegisecurity.userdetails.User@0: Username: sg; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, ROLE_ROOT; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: A8490E6D58D81B0BF9BDC8D7EA471837; Granted Authorities: ROLE_USER, ROLE_ROOT
          
          org.acegisecurity.context.SecurityContextImpl@ffffffff: Null authentication
          So it looks like the httpSessionContextIntegrationFilter works fine but :
          this <%= SecurityContextHolder.getContext() %> is broken...

          how can it be?

          ps: the authz tag <authz:authentication operation="username"/> still does not work which sounds fair enough as the taglib code calls SecurityContextHolder.getContext()

          Comment


          • #6
            still puzzled :/

            Help me please... all my thanks and a Hello Kitty pins to the one that will help me

            Comment


            • #7
              I looked at your configuration and it looks like as you are using 2 filters to check/wrap the security in.

              The httpSessionContextIntegrationFilter and securityContextHolderAwareRequestFilter. Why is that? I would remove the latter and try again. For the moment I do not see anything strange in your config.

              Comment


              • #8
                thanks for your comment

                new filter config:
                Code:
                	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
                		<property name="filterInvocationDefinitionSource">
                			<value>
                				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                		    	PATTERN_TYPE_APACHE_ANT
                            	/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                			</value>
                		</property>
                	</bean>
                Nothing better

                Comment


                • #9
                  is this log normal?
                  Code:
                  DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Previously Authenticated: [email protected]defcd7: Username: org.acegisecurity.userdetails.User@0: Username: sg; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, ROLE_ROOT; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 1C7E1E15E1A0ECD26C53563185F8974D; Granted Authorities: ROLE_USER, ROLE_ROOT
                  DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Authorization successful
                  DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - RunAsManager did not change Authentication object
                  DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /pages/js/confirmation.jsp reached end of additional filter chain; proceeding with original chain
                  DEBUG http-8080-1 org.acegisecurity.ui.ExceptionTranslationFilter - Chain processed normally
                  DEBUG http-8080-1 org.acegisecurity.context.HttpSessionContextIntegrationFilter - SecurityContextHolder set to new context, as request processing completed
                  DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]] org.acegisecurity.ui.session.HttpSessionEventPublisher - Publishing event: org.acegisecurity.ui.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@10daff6]

                  Comment


                  • #10
                    still bugged ;(

                    here is an updated version of my acegi config
                    Code:
                    <?xml version="1.0" encoding="UTF-8"?>
                    
                    <!DOCTYPE beans PUBLIC
                        "-//SPRING//DTD BEAN//EN"
                        "http://www.springframework.org/dtd/spring-beans.dtd">
                    
                    <beans
                      default-autowire="no"
                      default-lazy-init="true"
                      default-dependency-check="none"
                    >
                    
                    	<!-- ======================== FILTER CHAIN ======================= -->
                    
                    	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
                    		<property name="filterInvocationDefinitionSource">
                    			<value>
                    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                    		    	PATTERN_TYPE_APACHE_ANT
                                	/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                    			</value>
                    		</property>
                    	</bean>
                        
                        <!-- ======================== AUTHENTICATION  ======================= -->   
                    	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
                    		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
                    		<property name="userCache"><ref local="userCache"/></property>
                    	</bean>
                    
                    	<!-- InMemoryDaoImpl -->
                    	<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
                    		<property name="userMap">
                    			<value>
                    				sg=sg,ROLE_USER,ROLE_ROOT
                    				st=st,ROLE_USER
                    				pu=st,ROLE_USER
                    				jc=jc,ROLE_USER
                    			</value>
                    		</property>
                    	</bean>
                    
                    	<!-- cache -->
                    	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                        
                    	<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                    		<property name="cacheManager">
                    			<ref local="cacheManager"/>
                    		</property>
                    		<property name="cacheName">
                    			<value>userCache</value>
                    		</property>
                    	</bean>
                       
                    	<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
                    		<property name="cache"><ref local="userCacheBackend"/></property>
                    	</bean>
                    
                    	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
                    	    <property name="providers">
                    	        <list>
                    	            <ref bean="daoAuthenticationProvider"/>
                    	            <ref bean="anonymousAuthenticationProvider"/>
                    	            <ref local="rememberMeAuthenticationProvider"/>	            
                    	        </list>
                    	    </property>
                    	</bean>
                    	
                    	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
                    		<property name="key"><value>guest</value></property>
                    		<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
                    	</bean>
                    	
                    	<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
                    		<property name="key"><value>guest</value></property>
                    	</bean>
                    
                    	<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
                    		<property name="authenticationManager"><ref local="authenticationManager"/></property>
                    		<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
                    	</bean>
                    
                    	<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
                    		<property name="realmName"><value>xCost Realm</value></property>
                    	</bean>
                    	
                    	<!-- Automatically receives AuthenticationEvent messages -->
                    	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
                       		
                    	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
                    	
                    	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
                    		<property name="authenticationManager"><ref local="authenticationManager"/></property>
                    		<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
                    	</bean>
                    
                    	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
                    		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
                    		<property name="key"><value>springRocks</value></property>
                       </bean>
                       
                    	<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
                       		<property name="key"><value>springRocks</value></property>
                    	</bean>
                    	<!-- ===================== HTTP REQUEST SECURITY ==================== -->
                    	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
                     		<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
                    	</bean>
                    
                    	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
                    		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
                    		<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
                    		<property name="defaultTargetUrl"><value>/element/list.html</value></property>
                    		<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
                    		<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
                    	</bean>
                    
                    	<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                    		<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
                    		<property name="forceHttps"><value>false</value></property>
                    	</bean>
                    
                    	<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
                    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
                    		<property name="decisionVoters">
                    			<list>
                                	<ref bean="roleVoter"/>
                             	</list>
                    		</property>
                    	</bean>
                    
                    	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                    		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
                    		<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
                    		<property name="objectDefinitionSource">
                    			<value>
                    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                    			    PATTERN_TYPE_APACHE_ANT
                    			    /acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
                    			    /pages/css/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
                    			    /pages/js/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
                    			    /pages/i/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
                    			    /index.jsp*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT    
                    				/**=ROLE_USER,ROLE_ROOT
                    			</value>
                    		</property>
                    	</bean>
                       
                      	<!-- An access decision voter that reads ROLE_* configuration settings -->
                    	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
                       	
                    </beans>
                    the system authentication works fine but authz tag such as <authz:authentication operation="username"/> still not work... (

                    scriptlet such as
                    Code:
                    <%= SecurityContextHolder.getContext() %>
                    output
                    org.acegisecurity.context.SecurityContextImpl@ffff ffff: Null authentication
                    after been loged in


                    <invocking ACEGI Guru>Please HELP ME</invocking ACEGI Guru>

                    Comment


                    • #11
                      seeing that the acegi-security-sample-contact-filter webapp works fine and use spring-2.0-m2 i moved my app to spring-2.0-rc3 hoping some magic would fix my pb.

                      No success

                      Comment


                      • #12
                        This may help.....I'm not a acegi guru....I'm trying figure out my problem. Maybe if this helps you can help me.....I'm learning....but having the source helps tremendously.

                        The authentication object is null. I'm sure you already know this. I search references and found 18 references on setAuth*

                        I'm thinking it may have something to do with the basicprocessfilter you have setup in your filters.

                        BasicProc*Filter (line 153)
                        SecurityContextHolder.getContext().setAuthenticati on(null);

                        I would suggest turning your debug level on to debug mode. Well, never mind, it looks like you already have it on.

                        Try removing the basicprocessingfilter? This is newbie advice given to another newbie....so take it for what it's worth.

                        Comment


                        • #13
                          as suggested here is the new filter chain:
                          Code:
                          	<!-- ======================== FILTER CHAIN ======================= -->
                          
                          	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
                          	      of "httpSessionContextIntegrationFilter" in the list below -->
                          	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
                          		<property name="filterInvocationDefinitionSource">
                          			<value>
                          				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                          		    	PATTERN_TYPE_APACHE_ANT
                                      	/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                          			</value>
                          		</property>
                          	</bean>
                          <%= SecurityContextHolder.getContext() %> scriptlet still failed HELL

                          Code:
                          org.acegisecurity.context.SecurityContextImpl@ffffffff: Null

                          Comment


                          • #14
                            Hi,

                            you'll only need the SecurityContextHolderAwareRequestFilter if you have to support J2EE-Security webapps using HttpServletRequest.isUserInRole() and HttpServletRequest.getRemoteUser().

                            If you are using Acegis-style security througout your Webapp you can leave this one out.

                            Two questions:

                            Are you using SiteMesh?
                            -> Then you'd have to ensure Acegi executes it filters before sitemesh.

                            Well, rather a dumb question: Does your Session survive the request (cookies turned off, req. parm. missing?)???

                            Otherwise the configuration looks fine....

                            Regards,
                            Jens

                            Comment


                            • #15
                              heya

                              1. session survive request

                              2. i use sitemesh, how to ensure acegy runs before sitemesh?

                              Comment

                              Working...
                              X