Announcement Announcement Module
Collapse
No announcement yet.
The requested resource (/j_security_check) is not available Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • The requested resource (/j_security_check) is not available

    I am new to Spring and to Acegi security and am trying to get a login form for my web app to work. I am get the error: "The requested resource (/j_security_check) is not available" when I submit the login page. I have followed the example in the Acegi reference manual as best I can. Here is an extract of my web.xml:

    Code:
    <!-- Acegi Filter -->
      <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
          <param-name>targetClass</param-name>
          <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
      </filter>
      <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
    Here is an extract from my applicationContext.xml file:

    Code:
    <!-- Acegi Security -->
      <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
          <value>
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
            /img/**=anonymousProcessingFilter
            /images/**=anonymousProcessingFilter
            /css/**=anonymousProcessingFilter
            /*.css=anonymousProcessingFilter
            /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter
          </value>
        </property>
      </bean>
    
      <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
    
      <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
        <constructor-arg value="/index.jsp"/>
        <!-- URL redirected to after logout -->
        <constructor-arg>
          <list>
            <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
          </list>
        </constructor-arg>
        <property name="filterProcessesUrl" value="/logout.jsp"/>
      </bean>
    
      <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/login.html?error=true"/>
        <property name="defaultTargetUrl" value="/"/>
        <property name="filterProcessesUrl" value="/j_security_check"/>
      </bean>
    
      <bean id="authenticationProcessingFilterEntryPoint"
            class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl">
          <value>/login.html</value>
        </property>
        <property name="forceHttps">
          <value>false</value>
        </property>
      </bean>
    
      <bean id="securityContextHolderAwareRequestFilter"
            class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
    
      <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
        <property name="accessDeniedHandler">
          <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
            <property name="errorPage" value="/accessDenied.jsp"/>
          </bean>
        </property>
      </bean>
    
      <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
          <property name="key" value="anonymous"/>
          <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
        </bean>
      
      <!-- Authentication Manager -->
      <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
          <property name="providers">
            <list>
              <ref local="daoAuthenticationProvider"/>
              <ref local="anonymousAuthenticationProvider"/>
            </list>
          </property>
      </bean>
    
      <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
          <property name="key" value="anonymous"/>
      </bean>
    
      <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <!--<property name="userDetailsService" ref="inMemoryDaoImpl"/>-->
        <property name="userDetailsService" ref="userDao"/>
        <!--property name="userCache" ref="userCache"/>-->
        <property name="passwordEncoder" ref="passwordEncoder"/>
      </bean>
    
      <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/>
    Here is my login.html:

    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <meta name="description" content="Your description goes here" />
    <meta name="keywords" content="your,keywords,goes,here" />
    <meta name="author" content="Your Name / Original design: Andreas Viklund - http://andreasviklund.com/" />
    <link rel="stylesheet" type="text/css" href="andreas01.css" media="screen,projection" />
    <link rel="stylesheet" type="text/css" href="print.css" media="print" />
    <title>Metadata Repository</title>
    </head>
    
    <body>
    <div id="wrap">
    
    <div id="header">
    <h1>Metadata Repository</h1>
    <p>Improving the quality of our surveys.<p>
    </div>
    
    <img id="frontphoto" src="img/front.jpg" width="760" height="175" alt="" />
    
    <div id="leftside">
    <h2 class="hide">Menu:</h2>
    
    <ul class="avmenu">
    <li><a href="#">Login</a></li>
    </ul>
    
    </div>
    
    <div id="contentwide">
    <h3>Login</h3>
    <form method="POST" id="loginForm" action="/j_security_check">
        
        <div class="left">
        <ul>  
          <p>
              Username
             <br>  
             <input type="text" class="text medium" name="j_username" id="j_username" tabindex="1"/>
             <br>
            
          </p>
    
          <p>
              Password
              <br>
            <input type="password" class="text medium" name="j_password" id="j_password" tabindex="2"/>
            <br>
          </p> 
          <input type="submit" class="button" name="login" value="Login" tabindex="3"/>
        </ul>
        <br><br>
        </div>  
    </form>
    </div>
    
    <div id="footer">
    A DMID ESDMF Product<br>Copyright &copy; Statistics SA
    </div>
    
    
    </div>
    </body>
    </html>
    Any idea what I am doing wrong?

    Thanks,
    Stephen

  • #2
    Hi,

    try to extend the <filter-mapping> element as follows:
    Code:
        <filter-mapping>
            <filter-name>AcegiFilter</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>FORWARD</dispatcher>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
    I use Acegi together with JSF and I must set the filterProcessesUrl in your acegi configuration file to
    Code:
    <property name="filterProcessesUrl" value="/j_acegi_security_check.jsp" />
    Try both of these settings, separately and together.

    Comment


    • #3
      I would also recommend taking the example that ships with Acegi as a base. Its a trivial example, but its an excellent starting point!

      Comment


      • #4
        Thanks for your help Warlock. Unfortunately neither of those settings fixed the problem though.

        Originally posted by Warlock View Post
        Hi,

        try to extend the <filter-mapping> element as follows:
        Code:
            <filter-mapping>
                <filter-name>AcegiFilter</filter-name>
                <url-pattern>/*</url-pattern>
                <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
            </filter-mapping>
        I use Acegi together with JSF and I must set the filterProcessesUrl in your acegi configuration file to
        Code:
        <property name="filterProcessesUrl" value="/j_acegi_security_check.jsp" />
        Try both of these settings, separately and together.

        Comment


        • #5
          Try to call /j_acegi_security_check in your login.html and set the filterProcessesUrl to this url as well instead of j_security_check.
          The Acegi reference manual also says j_acegi_security_check.

          Comment


          • #6
            I have tried both j_security_check and j_acegi_security_check, but neither work.

            I have also followed the sample tutorial and tried to use it exactly as it stands in my app. However, I get an error:

            Code:
            2007-01-07 20:54:00,687 ERROR [org.springframework.web.context.ContextLoader] - Context initialization failed
            org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationProcessingFilter' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' while setting bean property 'cache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.cache.ehcache.EhCacheFactoryBean]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            Caused by: 
            org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' while setting bean property 'cache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.cache.ehcache.EhCacheFactoryBean]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            Caused by: 
            org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' while setting bean property 'cache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.cache.ehcache.EhCacheFactoryBean]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            Caused by: 
            org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#1798928' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Cannot create inner bean 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' while setting bean property 'cache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.cache.ehcache.EhCacheFactoryBean]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            Caused by: 
            org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.cache.ehcache.EhCacheFactoryBean#151dcd6' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.cache.ehcache.EhCacheFactoryBean]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            Caused by: 
            org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.cache.ehcache.EhCacheFactoryBean]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            Caused by: 
            java.lang.NoClassDefFoundError: net/sf/ehcache/store/MemoryStoreEvictionPolicy
            	at org.springframework.cache.ehcache.EhCacheFactoryBean.<init>(EhCacheFactoryBean.java:64)
            It seems that the MemoryStoreEvictionPolicy class cannot be found. I have copied all the library jars from the example over, but removed duplicates where they already existed in my WEB-INF/lib folder. I notice that the example uses spring-1.2.8, while I am using spring-2.0. Could this be the problem? How do I get the example to work with my app?

            Comment


            • #7
              Need to change your action to remove the leading "/" unless you application is installed as the Root application this is trying post to something at the root of your application server instead of your context root.

              Code:
              <form method="POST" id="loginForm" action="j_security_check">
                  
                  <div class="left">
                  <ul>  
                    <p>
                        Username
                       <br>  
                       <input type="text" class="text medium" name="j_username" id="j_username" tabindex="1"/>
                       <br>
                      
                    </p>
              
                    <p>
                        Password
                        <br>
                      <input type="password" class="text medium" name="j_password" id="j_password" tabindex="2"/>
                      <br>
                    </p> 
                    <input type="submit" class="button" name="login" value="Login" tabindex="3"/>
                  </ul>
                  <br><br>
                  </div>  
              </form>
              Also, you should be using c:url to do this to prevent changes if you want to install this as the root application. As this will pre-pend the context root on the action (if there is one).

              Code:
              <form action="<c:url value='j_acegi_security_check'/>" method="POST">
              Last edited by cwash5; Jan 7th, 2007, 01:30 PM.

              Comment


              • #8
                I have tried this, but it still does not work. Should I specify the full context path to j_security_check where it appears in applicationContext.xml as well? I have tried several different combinations, but it just doesn't find it.

                Stephen

                Comment


                • #9
                  Looks like your configuration of the authenticationProcessingFilter does not match your jsp. The value in your action needs to match the value of the filterProcessesUrl (as mentioned above). Form action needs to be without the leading "/", but the filterProcessesUrl needs to have the leading "/".

                  Code:
                  <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
                        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
                        <property name="authenticationFailureUrl"><value>/login.htm?login_error=1</value></property>
                        <property name="defaultTargetUrl"><value>/</value></property>
                        <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
                     </bean>
                  If you already have these matching post your latest acegi config, jsp and the error message/stacktrace.
                  Last edited by cwash5; Jan 7th, 2007, 07:40 PM.

                  Comment


                  • #10
                    My configuration is as above, but is still not working.

                    Here is my acegi config:
                    Code:
                    <?xml version="1.0" encoding="UTF-8"?>
                    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
                    
                    <beans>
                    
                      <!-- ======================== FILTER CHAIN ======================= -->
                    
                      <!--  Note: I got rid of the 'rememberMe' and 'switchUser' filters you see in a lot of examples.  They were confusing the debugging, and now that I understand what's going on, they'll be easy to add in later if I need them -->
                      <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
                        <property name="filterInvocationDefinitionSource">
                          <value>
                            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                            PATTERN_TYPE_APACHE_ANT
                            /images/**=anonymousProcessingFilter
                            /css/**=anonymousProcessingFilter
                            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,securityContextHolderAwareRequestFilter,logoutFilter
                          </value>
                        </property>
                      </bean>
                    
                      <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
                    
                      <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
                        <constructor-arg value="/index.jsp"/>
                        <!-- URL redirected to after logout -->
                        <constructor-arg>
                          <list>
                            <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
                          </list>
                        </constructor-arg>
                        <property name="filterProcessesUrl" value="/login.jsp"/>
                      </bean>
                    
                      <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
                        <property name="authenticationManager" ref="authenticationManager"/>
                        <property name="authenticationFailureUrl" value="/login.jsp?error=true"/>
                        <property name="defaultTargetUrl" value="/"/>
                        <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
                      </bean>
                    
                      <bean id="authenticationProcessingFilterEntryPoint"
                            class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                        <property name="loginFormUrl">
                          <value>/login.jsp</value>
                        </property>
                        <property name="forceHttps">
                          <value>false</value>
                        </property>
                      </bean>
                    
                      <bean id="securityContextHolderAwareRequestFilter"
                            class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
                    
                      <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
                        <property name="key" value="anonymous"/>
                        <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
                      </bean>
                    
                      <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
                        <property name="authenticationEntryPoint">
                          <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                            <property name="loginFormUrl" value="/za.gov.statssa.cmr.ui.Cmr/login.jsp"/>
                            <property name="forceHttps" value="false"/>
                          </bean>
                        </property>
                      </bean>
                    
                      <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                        <property name="authenticationManager" ref="authenticationManager"/>
                        <property name="accessDecisionManager" ref="accessDecisionManager"/>
                        <property name="objectDefinitionSource">
                          <value>
                            PATTERN_TYPE_APACHE_ANT
                            /**/*.html*=Administrator,User
                          </value>
                        </property>
                      </bean>
                    
                      <!-- ======================== AUTHENTICATION ======================= -->
                    
                      <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
                        <property name="providers">
                          <list>
                            <ref local="daoAuthenticationProvider"/>
                            <ref local="anonymousAuthenticationProvider"/>
                          </list>
                        </property>
                      </bean>
                    
                      <bean id="anonymousAuthenticationProvider"
                            class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
                        <property name="key" value="anonymous"/>
                      </bean>
                    
                    
                      <!-- ***NOTE*** The inMemoryDaoImpl DOES NOT support the passwordEncoder -->
                      <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
                        <property name="userMap">
                          <value>
                            aslam=aslamk,user,admin
                            stephen=stephenh,user,admin
                            anonymous=anonymous,
                          </value>
                        </property>
                      </bean>
                    
                      <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/>
                    
                      <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
                        <!--<property name="userDetailsService" ref="inMemoryDaoImpl"/>-->
                        <property name="userDetailsService" ref="userDao"/>
                        <property name="userCache" ref="userCache"/>
                        <property name="passwordEncoder" ref="passwordEncoder"/>
                      </bean>
                    
                      <!-- Automatically receives AuthenticationEvent messages -->
                      <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
                    
                      <!-- ===================== HTTP REQUEST SECURITY ==================== -->
                      <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
                        <property name="allowIfAllAbstainDecisions" value="false"/>
                        <property name="decisionVoters">
                          <list>
                            <bean class="org.acegisecurity.vote.RoleVoter">
                              <property name="rolePrefix" value=""/>
                            </bean>
                          </list>
                        </property>
                      </bean>
                    
                      <!-- SSL Switching: to use this, configure it in the filterChainProxy bean -->
                      <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
                        <property name="channelDecisionManager" ref="channelDecisionManager"/>
                        <property name="filterInvocationDefinitionSource">
                          <value>
                            PATTERN_TYPE_APACHE_ANT
                    
                            /login*=REQUIRES_SECURE_CHANNEL
                            /j_acegi_security_check*=REQUIRES_SECURE_CHANNEL
                            /**=REQUIRES_INSECURE_CHANNEL
                          </value>
                        </property>
                      </bean>
                    
                      <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
                        <property name="channelProcessors">
                          <list>
                            <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
                            <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
                          </list>
                        </property>
                      </bean>
                    
                    </beans>
                    Here is my login.jsp:

                    Code:
                    <%@ include file="common/taglibs.jsp" %>
                    <head>
                    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
                    <meta name="description" content="Your description goes here" />
                    <meta name="keywords" content="your,keywords,goes,here" />
                    <meta name="author" content="Your Name / Original design: Andreas Viklund - http://andreasviklund.com/" />
                    <link rel="stylesheet" type="text/css" href="andreas01.css" media="screen,projection" />
                    <link rel="stylesheet" type="text/css" href="print.css" media="print" />
                    <title>Metadata Repository</title>
                    </head>
                    
                    <body>
                    <div id="wrap">
                    
                    <div id="header">
                    <h1>Metadata Repository</h1>
                    <p>Improving the quality of our surveys.<p>
                    </div>
                    
                    <img id="frontphoto" src="img/front.jpg" width="760" height="175" alt="" />
                    
                    <div id="leftside">
                    <h2 class="hide">Menu:</h2>
                    
                    <ul class="avmenu">
                    <li><a href="#">Login</a></li>
                    </ul>
                    
                    </div>
                    
                    <div id="contentwide">
                    <h3>Login</h3>
                    <form method="post" id="loginForm" action="<c:url value='j_acegi_security_check'/>"
                        
                        <div class="left">
                        <ul>  
                          <p>
                              Username
                             <br>  
                             <input type="text" class="text medium" name="j_username" id="j_username" tabindex="1"/>
                             <br>
                            
                          </p>
                    
                          <p>
                              Password
                              <br>
                            <input type="password" class="text medium" name="j_password" id="j_password" tabindex="2"/>
                            <br>
                          </p> 
                          <input type="submit" class="button" name="login" value="Login" tabindex="3"/>
                        </ul>
                        <br><br>
                        </div>  
                    </form>
                    </div>
                    
                    <div id="footer">
                    A DMID ESDMF Product<br>Copyright &copy; Statistics SA
                    </div>
                    
                    
                    </div>
                    </body>
                    </html>
                    The log file is attached.

                    Thanks for your help!

                    Comment


                    • #11
                      When you go to a url that should be secured (*.html) does it bounce you to the login page? Just want to see if the Acegi infrastructure is setup correctly.

                      It looks like you are getting a 404 on the j_acegi_security_check when the org.tuckey.web.filters.urlrewrite.UrlRewriter processes. Can you show all the filters you have configured?

                      Since it is a filter that intercepts the j_acegi_security_check the acegi filters need to be further down the chain from the UrlRewriter filter.

                      Hope that makes sense.
                      Last edited by cwash5; Jan 8th, 2007, 07:21 AM.

                      Comment


                      • #12
                        Yes it does. That part is at least working.

                        Comment


                        • #13
                          Try removing your Rewrite filter.

                          Comment


                          • #14
                            Why don't you start from the tutorial example (or the contacts sample application), get that working and then extend it step-by-step so that you can work out where you go wrong.

                            You can't use "j_security_check" as the authentication URL as this is used for standard servlet security and will be handled by the container (before the request gets anywhere near your filter chain).

                            Comment


                            • #15
                              I did try working from the tutorial example, but I ran into a problem with the cache (see previous post), which I think may be because the example is Spring 1.2.8 and I am using Spring 2.0.

                              Comment

                              Working...
                              X