Announcement Announcement Module
Collapse
No announcement yet.
Method call why not be intercepted by MethodSecurityIntercep Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Method call why not be intercepted by MethodSecurityIntercep

    Hi,Ben

    Thanks for your response!

    I've tried MethodSecurityInterceptor. Below is my application context config and some code snippet, it's a long post.

    The application is based on an old architecture, business method is called in jsp code, so I write a Spring bean as a wrapper
    of the business method code, e.g. call PositionManager.getPositions in SecurityPositionManager.getPositions. See the code
    example below.

    With contacts example as the template, I changed something, it works except that method calls aren't intercepted by MethodSecurityInterceptor.

    Because I'm a newbie to Spring & AcegiSecurity,maybe I don't really understand some idea.

    1.applicationContext-acegi-security.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    <beans>
       <!-- ======================== AUTHENTICATION ======================= -->
       <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
          <property name="providers">
             <list>
                <ref local="daoAuthenticationProvider"/>
             </list>
          </property>
       </bean>
    
       <bean id="jdbcDaoImpl" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
          <property name="dataSource"><ref bean="dataSource"/></property>
       </bean>
    
       <bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
    
       <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
          <property name="authenticationDao"><ref local="jdbcDaoImpl"/></property>
          <property name="userCache"><ref local="userCache"/></property>
          <property name="passwordEncoder"><ref local="passwordEncoder"/></property>
       </bean>
    
       <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
          <property name="minutesToIdle"><value>5</value></property>
       </bean>
    
       <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
    
       <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
          <property name="authenticationManager"><ref local="authenticationManager"/></property>
          <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
       </bean>
    
       <bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
          <property name="realmName"><value>Security Realm</value></property>
       </bean>
    
       <bean id="httpSessionIntegrationFilter" class="net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter"/>
    
       <!-- ===================== HTTP REQUEST SECURITY ==================== -->
       <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
          <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
          <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
       </bean>
    
       <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
          <property name="defaultTargetUrl"><value>/</value></property>
          <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
       </bean>
    
       <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
          <property name="forceHttps"><value>false</value></property>
       </bean>
    
       <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref bean="roleVoter"/>
             </list>
          </property>
       </bean>
    
       <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
            The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
            Accordingly, you should place MOST SPECIFIC &#40;ie a/b/c/d.*&#41; expressions first, with LEAST SPECIFIC &#40;ie a/.*&#41; expressions last -->
       <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
          <property name="objectDefinitionSource">
             <value>
    			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				\A/secure/super.*\Z=ROLE_WE_DONT_HAVE
    				\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_USER
             </value>
          </property>
       </bean>
    </beans>
    2.applicationContext-common-business.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    <beans>
        <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
            <property name="driverClassName">
                <value>org.gjt.mm.mysql.Driver</value>
            </property>
            <property name="url">
                <value>jdbc&#58;mysql&#58;//127.0.0.1&#58;3306/acegi</value>
            </property>
            <property name="username">
                <value>root</value>
            </property>
            <property name="password">
                <value>password</value>
            </property>
        </bean>
    	
    	<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
    		<property name="dataSource"><ref local="dataSource"/></property>
    	</bean>
    	
    	<bean id="transactionInterceptor" class="org.springframework.transaction.interceptor.TransactionInterceptor">
        	<property name="transactionManager"><ref bean="transactionManager"/></property>
    		<property name="transactionAttributeSource">
    			<value>
    				com.xxx.jaidwapfactory.security.SecurityManager.getAllRecipients=PROPAGATION_REQUIRED,readOnly
    				com.xxx.jaidwapfactory.security.SecurityManager.getAll=PROPAGATION_REQUIRED,readOnly
    				com.xxx.jaidwapfactory.security.SecurityManager.deletePermission=PROPAGATION_REQUIRED
    				com.xxx.jaidwapfactory.security.SecurityManager.addPermission=PROPAGATION_REQUIRED
    			</value>
    		</property>
    	</bean>
    
       <bean id="dataSourcePopulator" class="com.xxx.jaidwapfactory.security.DataSourcePopulator">
    	   <property name="dataSource"><ref local="dataSource"/></property>
       </bean>
       
       <bean id="securityDao" class="com.xxx.jaidwapfactory.security.SecurityDaoSpring">
    	   <property name="dataSource"><ref local="dataSource"/></property>
       </bean>
    
       <bean id="securityManager" class="org.springframework.aop.framework.ProxyFactoryBean">
          <property name="proxyInterfaces"><value>com.xxx.jaidwapfactory.security.SecurityManager</value></property>
          <property name="interceptorNames">
             <list>
                <idref local="transactionInterceptor"/>
                <!--idref bean="securityManagerSecurity"/-->
                <idref local="securityManagerTarget"/>
             </list>
          </property>
       </bean>
       <bean id="securityManagerTarget" class="com.xxx.jaidwapfactory.security.SecurityManagerBackend">
    	   <property name="securityDao"><ref local="securityDao"/></property>
    	   <property name="basicAclExtendedDao"><ref bean="basicAclExtendedDao"/></property>
       </bean>   
       <bean id="positionManager" class="org.springframework.aop.framework.ProxyFactoryBean">
          <property name="proxyInterfaces"><value>com.xxx.jaidwapfactory.security.SecurityPositionManager</value></property>
          <property name="interceptorNames">
             <list>
                <idref local="transactionInterceptor"/>
                <idref bean="positionManagerSecurity"/>
                <idref local="positionManagerTarget"/>
             </list>
          </property>
       </bean>
       <bean id="positionManagerTarget" class="com.xxx.jaidwapfactory.security.SecurityPositionManagerImpl">
    	   <property name="basicAclExtendedDao"><ref bean="basicAclExtendedDao"/></property>       
    	   <property name="securityManager"><ref bean="securityManager"/></property>       	   
       </bean>
    </beans>
    3.applicationContext-common-authorization.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    <beans>
       <!-- ~~~~~~~~~~~~~~~~~~ "BEFORE INVOCATION" AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~ -->
       <!-- ACL permission masks used by this application -->
       <bean id="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
          <property name="staticField"><value>net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value></property>
       </bean>
       <bean id="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
          <property name="staticField"><value>net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ</value></property>
       </bean>
       <bean id="net.sf.acegisecurity.acl.basic.SimpleAclEntry.DELETE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
          <property name="staticField"><value>net.sf.acegisecurity.acl.basic.SimpleAclEntry.DELETE</value></property>
       </bean>
    
       <!-- An access decision voter that reads ROLE_* configuration settings -->
       <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    
       <!-- An access decision voter that reads ACL_CONTACT_READ configuration settings -->
       <bean id="aclPositionReadVoter" class="net.sf.acegisecurity.vote.BasicAclEntryVoter">
          <property name="processConfigAttribute"><value>ACL_CONTACT_READ</value></property>
          <property name="processDomainObjectClass"><value>com.xxx.jaidwapfactory.position.concrete.PositionImpl</value></property>
          <property name="aclManager"><ref local="aclManager"/></property>
          <property name="requirePermission">
    		<list>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
    		    <!--ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/-->
    		</list>
          </property>
       </bean>
       
       <!-- An access decision voter that reads ACL_CONTACT_DELETE configuration settings -->
       <bean id="aclPositionDeleteVoter" class="net.sf.acegisecurity.vote.BasicAclEntryVoter">
          <property name="processConfigAttribute"><value>ACL_CONTACT_DELETE</value></property>
          <property name="processDomainObjectClass"><value>com.xxx.jaidwapfactory.position.concrete.PositionImpl</value></property>
          <property name="aclManager"><ref local="aclManager"/></property>
          <property name="requirePermission">
    		<list>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.DELETE"/>
    		</list>
          </property>
       </bean>
    
       <!-- An access decision voter that reads ACL_CONTACT_ADMIN configuration settings -->
       <bean id="aclPositionAdminVoter" class="net.sf.acegisecurity.vote.BasicAclEntryVoter">
          <property name="processConfigAttribute"><value>ACL_CONTACT_ADMIN</value></property>
          <property name="processDomainObjectClass"><value>com.xxx.jaidwapfactory.position.concrete.PositionImpl</value></property>
          <property name="aclManager"><ref local="aclManager"/></property>
          <property name="requirePermission">
    		<list>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
    		</list>
          </property>
       </bean>
       
       <bean id="positionAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref local="roleVoter"/>
                <ref local="aclPositionReadVoter"/>
                <ref local="aclPositionDeleteVoter"/>
                <ref local="aclPositionAdminVoter"/>
             </list>
          </property>
       </bean>
       <bean id="securityAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref local="roleVoter"/>
             </list>
          </property>
       </bean>   
       
       <!-- ========= ACCESS CONTROL LIST LOOKUP MANAGER DEFINITIONS ========= -->
       <bean id="aclManager" class="net.sf.acegisecurity.acl.AclProviderManager">
          <property name="providers">
             <list>
                <ref local="basicAclProvider"/>
             </list>
          </property>
       </bean>
    
       <bean id="basicAclProvider" class="net.sf.acegisecurity.acl.basic.BasicAclProvider">
          <property name="basicAclDao"><ref local="basicAclExtendedDao"/></property>
       </bean>
    
       <bean id="basicAclExtendedDao" class="net.sf.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl">
          <property name="dataSource"><ref bean="dataSource"/></property>
       </bean>
    
       <!-- ============== "AFTER INTERCEPTION" AUTHORIZATION DEFINITIONS =========== -->
    
       <bean id="afterInvocationManager" class="net.sf.acegisecurity.afterinvocation.AfterInvocationProviderManager">
          <property name="providers">
             <list>
                <ref local="afterAclRead"/>
                <ref local="afterAclCollectionRead"/>
             </list>
          </property>
       </bean>
       
       <!-- Processes AFTER_ACL_COLLECTION_READ configuration settings -->
       <bean id="afterAclCollectionRead" class="net.sf.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
          <property name="aclManager"><ref local="aclManager"/></property>
          <property name="requirePermission">
    		<list>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
    		</list>
          </property>
       </bean>
       
       <!-- Processes AFTER_ACL_READ configuration settings -->
       <bean id="afterAclRead" class="net.sf.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider">
          <property name="aclManager"><ref local="aclManager"/></property>
          <property name="requirePermission">
    		<list>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
    		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
    		</list>
          </property>
       </bean>
    
       <!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
       <bean id="positionManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="positionAccessDecisionManager"/></property>
          <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
          <property name="objectDefinitionSource">
             <value>
    				com.xxx.jaidwapfactory.security.SecurityPositionManager.addPosition=ROLE_USER
    				com.xxx.jaidwapfactory.security.SecurityPositionManager.removePosition=ACL_CONTACT_ADMIN
    				com.xxx.jaidwapfactory.security.SecurityPositionManager.getPositions=AFTER_ACL_COLLECTION_READ
    				com.xxx.jaidwapfactory.security.SecurityPositionManager.getPosition=AFTER_ACL_READ
             </value>
          </property>
       </bean>
    </beans>
    4.contacts-servlet.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    <beans>
    
    	<!-- ========================== WEB DEFINITIONS ======================= -->
        <!--
        <bean id="publicIndexController" class="com.xxx.jaidwapfactory.security.PublicIndexController">
        	<property name="contactManager"><ref bean="contactManager"/></property>
     	</bean>
        -->
        <bean id="secureIndexController" class="com.xxx.jaidwapfactory.security.SecureIndexController">
        	<property name="securityManager"><ref bean="securityManager"/></property>
     	</bean>
    
        <!--
        <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
            <property name="mappings">
                <props>
                    <prop key="/hello.htm">publicIndexController</prop>
                    <prop key="/secure/add.htm">secureAddForm</prop>
                    <prop key="/secure/index.htm">secureIndexController</prop>
                    <prop key="/secure/del.htm">secureDeleteController</prop>
                    <prop key="/secure/adminPermission.htm">adminPermissionController</prop>
                    <prop key="/secure/deletePermission.htm">deletePermissionController</prop>
                    <prop key="/secure/addPermission.htm">addPermissionForm</prop>
    			</props>
            </property>
        </bean>
     
    	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    		<property name="prefix"><value>/</value></property>
    		<property name="suffix"><value>.jsp</value></property>
    	</bean>
        -->
    </beans>
    5.web.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http&#58;//java.sun.com/dtd/web-app_2_3.dtd'>
    
    <!--
      - Security web application
      -
      - web.xml for "filter" artifact only.
      -
      - $Id&#58; web.xml,v 1.1 2004/12/01 12&#58;31&#58;49 i Exp $
      -->
    
    <web-app>
    
        <display-name>Security Sample Application</display-name>
        
    	<!--
    	  - Location of the XML file that defines the root application context
    	  - Applied by ContextLoaderListener.
    	  -->
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/applicationContext-acegi-security.xml
    			/WEB-INF/applicationContext-common-business.xml
    			/WEB-INF/applicationContext-common-authorization.xml
    		</param-value>
    	</context-param>
    	
    	<context-param>
    		<param-name>log4jConfigLocation</param-name>
    		<param-value>/WEB-INF/classes/log4j.properties</param-value>
    	</context-param>
    
       <!-- The <filter-mapping> to this filter is disabled by default -->
       <!--
       <filter>
            <filter-name>Acegi Channel Processing Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.securechannel.ChannelProcessingFilter</param-value>
            </init-param>
        </filter>
        -->
    	<!-- Responds to HTTP POSTs to j_acegi_security_check URI -->
        <filter>
            <filter-name>Acegi Authentication Processing Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value>
            </init-param>
        </filter>
    
    	<!-- Responds to HTTP requests with a BASIC &#40;RFC 1945&#41; authentication header -->
        <!--
        <filter>
            <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
            </init-param>
        </filter>
        -->
    	<!-- Obtains Authentication from HttpSession attribute, puts it into
    		 ContextHolder for request duration, proceeds with request, then
    		 copies Authentication from ContextHolder back into HttpSession -->
        <filter>
            <filter-name>Acegi Security System for Spring HttpSession Integration Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter</param-value>
            </init-param>
        </filter>
    
    	<!-- Provides HTTP request URL security, and also catches
    		 AcegiSecurityExceptions and sends 403 errors &#40;if access denied&#41;
    		 or commences an authentication mechanism as appropriate -->
    
        <filter>
            <filter-name>Acegi HTTP Request Security Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
            </init-param>
        </filter>
    
    	<!-- Remove the comments from the following <filter-mapping> if you'd
    	     like to ensure secure URLs are only available over HTTPS -->
        <!--
        <filter-mapping>
          <filter-name>Acegi Channel Processing Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        -->
    	
        <filter-mapping>
          <filter-name>Acegi Authentication Processing Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
    
        <!--
        <filter-mapping>
          <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        -->
    
        <filter-mapping>
          <filter-name>Acegi Security System for Spring HttpSession Integration Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        <filter-mapping>
          <filter-name>Acegi HTTP Request Security Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        
    	<!--
    	  - Loads the root application context of this web app at startup.
    	  - The application context is then available via 
    	  - WebApplicationContextUtils.getWebApplicationContext&#40;servletContext&#41;.
        -->
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    
        <listener>
    		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    	</listener>
    	
      <!--
    	- Provides core MVC application controller. See contacts-servlet.xml.
        -->
    	<servlet>
    		<servlet-name>contacts</servlet-name>
    		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    		<load-on-startup>1</load-on-startup>
    	</servlet>
    
      <!--
        - Provides web services endpoint. See remoting-servlet.xml.
        -->
        <!--
    	<servlet>
    		<servlet-name>remoting</servlet-name>
    		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    		<load-on-startup>2</load-on-startup>
    	</servlet>
        -->
    	<servlet-mapping>
        	<servlet-name>contacts</servlet-name>
        	<url-pattern>*.htm</url-pattern>
     	</servlet-mapping>
      <!--
    	<servlet-mapping>
    		<servlet-name>remoting</servlet-name>
    		<url-pattern>/remoting/*</url-pattern>
    	</servlet-mapping>
        -->
     	<welcome-file-list>
    		<welcome-file>index.jsp</welcome-file>
    	</welcome-file-list>
    
      	<taglib>
            <taglib-uri>/tags/spring</taglib-uri>
            <taglib-location>/WEB-INF/tld/spring.tld</taglib-location>
      	</taglib>
      	<!--taglib>
            <taglib-uri>/tags/authz</taglib-uri>
            <taglib-location>/WEB-INF/tld/authz.tld</taglib-location>
      	</taglib-->
    </web-app>
    6./secure/position_browse.jsp

    Code:
    <%@page contentType="text/html;charset=gb2312"%>
    <%@ include file="/WEB-INF/jsp/include.jsp" %>
    <%@include file="header.jsp"%>
    <%
    ArrayList positions = securityPositionManager.getPositions&#40;&#41;;
    %>
    <HTML><HEAD><TITLE>WAP Test</TITLE>
    <META http-equiv=Content-Type content="text/html; charset=gb2312"> 
    <link href="/inc/jaidstyle.css" rel=stylesheet type=text/css>
    </HEAD>
    <BODY>
    <h3><authz&#58;authentication operation="principal"/>'s Positions</h3>
    <center>
    <table width="98%" >
         <tr>
         	<td colspan=6 class='title'>
         	Position List
         	</td>
         </tr>
    
         <tr>
        <%Position p =null;
        for&#40;int i=0;i<positions.size&#40;&#41;;i++&#41;&#123;
        	p = &#40;Position&#41;positions.get&#40;i&#41;;
        	pageContext.setAttribute&#40;"p", p&#41;;
        %>    
           <td style="word-wrap&#58;  break-word">
    	       id:<a href="category_browse.jsp"><%=p.getId&#40;&#41;%></a>
    		</td>    
           <td style="word-wrap&#58;  break-word">
    	       Name:<%=p.getName&#40;&#41;%></a>
    		</td>
    		<authz&#58;acl domainObject="$&#123;p&#125;" hasPermission="16,1">
    		<td>
    			<A HREF="deleted.jsp?positionId=<%=p.getId&#40;&#41;%>">Del</A>
    		</td>
    		</authz&#58;acl>
    		
    		<authz&#58;acl domainObject="$&#123;p&#125;" hasPermission="1">
    		<td>
    			<A HREF="adminPermission.jsp?positionId=<%=p.getId&#40;&#41;%>">Admin Permission</A>
    		</td>
    		</authz&#58;acl>		
    	</tr>
    	<%&#125;%>
    </table>
    <p><a href="<c&#58;url value="position_create.jsp"/>">Add</a>   <p><a href="<c&#58;url value="../logoff.jsp"/>">Logoff</a>
    </center>
    </BODY></HTML>
    7./secure/header.jsp

    Code:
    <%@page import="java.util.*"%>
    <%@page import="com.xxx.jaidwapfactory.category.*"%>
    <%@page import="com.xxx.jaidwapfactory.position.*"%>
    <%@page import="com.xxx.jaidwapfactory.security.*"%>
    <%@page import="net.sf.acegisecurity.acl.*"%>
    <%@page import="net.sf.acegisecurity.acl.basic.*"%>
    <%@page import="org.springframework.context.ApplicationContext"%>
    <%@page import="org.springframework.web.bind.RequestUtils"%>
    <%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%>
    
    <%
    	PositionManager positionManager = PositionManager.getInstance&#40;&#41;;
    	CategoryManager categoryManager = CategoryManager.getInstance&#40;&#41;;
        
        ApplicationContext context = getContext&#40;pageContext.getServletContext&#40;&#41;&#41;;
        Map beans = context.getBeansOfType&#40;SecurityPositionManager.class, false, false&#41;;
        String beanName = &#40;String&#41; beans.keySet&#40;&#41;.iterator&#40;&#41;.next&#40;&#41;;
    	SecurityPositionManager securityPositionManager = &#40;SecurityPositionManager&#41; context.getBean&#40;beanName&#41;;
    	
    	beans = context.getBeansOfType&#40;com.xxx.jaidwapfactory.security.SecurityManager.class, false, false&#41;;
    	beanName = &#40;String&#41; beans.keySet&#40;&#41;.iterator&#40;&#41;.next&#40;&#41;;
    	com.xxx.jaidwapfactory.security.SecurityManager securityManager = &#40;com.xxx.jaidwapfactory.security.SecurityManager&#41; context.getBean&#40;beanName&#41;;	
    
    	beans = context.getBeansOfType&#40;AclManager.class, false, false&#41;;
    	beanName = &#40;String&#41; beans.keySet&#40;&#41;.iterator&#40;&#41;.next&#40;&#41;;
    	AclManager aclManager = &#40;AclManager&#41; context.getBean&#40;beanName&#41;;	
    		
    %>
    <%!
        protected ApplicationContext getContext&#40;ServletContext servletContext&#41; &#123;
            return WebApplicationContextUtils.getRequiredWebApplicationContext&#40;servletContext&#41;;
        &#125;
    %>
    8.SecurityPositionManagerImpl.java
    Code:
        public ArrayList getPositions&#40;&#41; &#123;
            return getPositionManager&#40;&#41;.getPositions&#40;&#41;;
        &#125;
    9.PositionManagerImpl.java
    Code:
        public ArrayList getPositions&#40;&#41; &#123;
            return positions;
        &#125;
    ok, now it's the log

    [code:1:61c233dd18]
    14&#58;47&#58;17,703 WARN Configurator&#58;125 - No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath&#58; jar&#58;file&#58;/D&#58;/devhome/Tomcat5.5.4/webapps/acegijaid/WEB-INF/lib/ehcache-0.9.jar!/ehcache-failsafe.xml
    14&#58;47&#58;18,644 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 1&#58;
    14&#58;47&#58;18,644 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 1&#58;
    14&#58;47&#58;18,654 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 2&#58; CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    14&#58;47&#58;18,654 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 2&#58; CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    14&#58;47&#58;18,715 DEBUG FilterInvocationDefinitionSourceEditor&#58;106 - Line 2&#58; Instructing mapper to convert URLs to lowercase before comparison
    14&#58;47&#58;18,715 DEBUG FilterInvocationDefinitionSourceEditor&#58;106 - Line 2&#58; Instructing mapper to convert URLs to lowercase before comparison
    14&#58;47&#58;18,725 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 3&#58; \A/secure/super.*\Z=ROLE_WE_DONT_HAVE
    14&#58;47&#58;18,725 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 3&#58; \A/secure/super.*\Z=ROLE_WE_DONT_HAVE
    14&#58;47&#58;18,765 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;114 - Added regular expression&#58; \A/secure/super.*\Z; attributes&#58; &#91;ROLE_WE_DONT_HAVE&#93;
    14&#58;47&#58;18,765 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;114 - Added regular expression&#58; \A/secure/super.*\Z; attributes&#58; &#91;ROLE_WE_DONT_HAVE&#93;
    14&#58;47&#58;18,765 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 4&#58; \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_USER
    14&#58;47&#58;18,765 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 4&#58; \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_USER
    14&#58;47&#58;18,815 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;114 - Added regular expression&#58; \A/secure/.*\Z; attributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;18,815 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;114 - Added regular expression&#58; \A/secure/.*\Z; attributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;18,815 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 5&#58;
    14&#58;47&#58;18,815 DEBUG FilterInvocationDefinitionSourceEditor&#58;97 - Line 5&#58;
    14&#58;47&#58;18,815 INFO AbstractSecurityInterceptor&#58;275 - Validated configuration attributes
    14&#58;47&#58;18,815 INFO AbstractSecurityInterceptor&#58;275 - Validated configuration attributes
    14&#58;47&#58;22,320 INFO JdbcDaoImpl$AclsByObjectIdentityMapping&#58;274 - RdbmsOperation with SQL &#91;SELECT RECIPIENT, MASK FROM acl_permission WHERE acl_object_identity = ?&#93; compiled
    14&#58;47&#58;22,320 INFO JdbcDaoImpl$AclsByObjectIdentityMapping&#58;274 - RdbmsOperation with SQL &#91;SELECT RECIPIENT, MASK FROM acl_permission WHERE acl_object_identity = ?&#93; compiled
    14&#58;47&#58;22,330 INFO JdbcDaoImpl$ObjectPropertiesMapping&#58;274 - RdbmsOperation with SQL &#91;SELECT CHILD.ID, CHILD.OBJECT_IDENTITY, CHILD.ACL_CLASS, PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY FROM acl_object_identity as CHILD LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id WHERE CHILD.object_identity = ?&#93; compiled
    14&#58;47&#58;22,330 INFO JdbcDaoImpl$ObjectPropertiesMapping&#58;274 - RdbmsOperation with SQL &#91;SELECT CHILD.ID, CHILD.OBJECT_IDENTITY, CHILD.ACL_CLASS, PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY FROM acl_object_identity as CHILD LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id WHERE CHILD.object_identity = ?&#93; compiled
    14&#58;47&#58;22,330 INFO JdbcExtendedDaoImpl$LookupPermissionIdMapping&#58; 274 - RdbmsOperation with SQL &#91;SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?&#93; compiled
    14&#58;47&#58;22,330 INFO JdbcExtendedDaoImpl$LookupPermissionIdMapping&#58; 274 - RdbmsOperation with SQL &#91;SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?&#93; compiled
    14&#58;47&#58;22,340 INFO JdbcExtendedDaoImpl$AclPermissionInsert&#58;274 - RdbmsOperation with SQL &#91;INSERT INTO acl_permission &#40;id, acl_object_identity, recipient, mask&#41; VALUES &#40;?, ?, ?, ?&#41;&#93; compiled
    14&#58;47&#58;22,340 INFO JdbcExtendedDaoImpl$AclPermissionInsert&#58;274 - RdbmsOperation with SQL &#91;INSERT INTO acl_permission &#40;id, acl_object_identity, recipient, mask&#41; VALUES &#40;?, ?, ?, ?&#41;&#93; compiled
    14&#58;47&#58;22,340 INFO JdbcExtendedDaoImpl$AclObjectIdentityInsert&#58;27 4 - RdbmsOperation with SQL &#91;INSERT INTO acl_object_identity &#40;id, object_identity, parent_object, acl_class&#41; VALUES &#40;?, ?, ?, ?&#41;&#93; compiled
    14&#58;47&#58;22,340 INFO JdbcExtendedDaoImpl$AclObjectIdentityInsert&#58;27 4 - RdbmsOperation with SQL &#91;INSERT INTO acl_object_identity &#40;id, object_identity, parent_object, acl_class&#41; VALUES &#40;?, ?, ?, ?&#41;&#93; compiled
    14&#58;47&#58;22,350 INFO JdbcExtendedDaoImpl$AclPermissionDelete&#58;274 - RdbmsOperation with SQL &#91;DELETE FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?&#93; compiled
    14&#58;47&#58;22,350 INFO JdbcExtendedDaoImpl$AclPermissionDelete&#58;274 - RdbmsOperation with SQL &#91;DELETE FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?&#93; compiled
    14&#58;47&#58;22,360 INFO JdbcExtendedDaoImpl$AclObjectIdentityDelete&#58;27 4 - RdbmsOperation with SQL &#91;DELETE FROM acl_object_identity WHERE id = ?&#93; compiled
    14&#58;47&#58;22,360 INFO JdbcExtendedDaoImpl$AclObjectIdentityDelete&#58;27 4 - RdbmsOperation with SQL &#91;DELETE FROM acl_object_identity WHERE id = ?&#93; compiled
    14&#58;47&#58;22,550 INFO JdbcExtendedDaoImpl$AclPermissionUpdate&#58;274 - RdbmsOperation with SQL &#91;UPDATE acl_permission SET mask = ? WHERE id = ?&#93; compiled
    14&#58;47&#58;22,550 INFO JdbcExtendedDaoImpl$AclPermissionUpdate&#58;274 - RdbmsOperation with SQL &#91;UPDATE acl_permission SET mask = ? WHERE id = ?&#93; compiled
    14&#58;47&#58;22,911 DEBUG BasicAclEntryVoter&#58;216 - processDomainObjectClass=com.xxx.jaidwapfactory.po sition.concrete.PositionImpl
    14&#58;47&#58;22,911 DEBUG BasicAclEntryVoter&#58;216 - processDomainObjectClass=com.xxx.jaidwapfactory.po sition.concrete.PositionImpl
    14&#58;47&#58;22,911 DEBUG BasicAclEntryVoter&#58;216 - processDomainObjectClass=com.xxx.jaidwapfactory.po sition.concrete.PositionImpl
    14&#58;47&#58;22,911 DEBUG BasicAclEntryVoter&#58;216 - processDomainObjectClass=com.xxx.jaidwapfactory.po sition.concrete.PositionImpl
    14&#58;47&#58;22,921 DEBUG BasicAclEntryVoter&#58;216 - processDomainObjectClass=com.xxx.jaidwapfactory.po sition.concrete.PositionImpl
    14&#58;47&#58;22,921 DEBUG BasicAclEntryVoter&#58;216 - processDomainObjectClass=com.xxx.jaidwapfactory.po sition.concrete.PositionImpl
    14&#58;47&#58;23,141 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.removePosition&#93; with attributes &#91;&#91;ACL_CONTACT_ADMIN&#93;&#93;
    14&#58;47&#58;23,141 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.removePosition&#93; with attributes &#91;&#91;ACL_CONTACT_ADMIN&#93;&#93;
    14&#58;47&#58;23,141 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.removePosition&#93; with attributes &#91;&#91;ACL_CONTACT_ADMIN&#93;&#93;
    14&#58;47&#58;23,141 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract void com.xxx.jaidwapfactory.security.SecurityPositionMa nager.removePosition&#40;com.xxx.jaidwapfactory.po sition.Position&#41;&#93; with attributes &#91;&#91;ACL_CONTACT_ADMIN&#93;&#93;
    14&#58;47&#58;23,141 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract void com.xxx.jaidwapfactory.security.SecurityPositionMa nager.removePosition&#40;com.xxx.jaidwapfactory.po sition.Position&#41;&#93; with attributes &#91;&#91;ACL_CONTACT_ADMIN&#93;&#93;
    14&#58;47&#58;23,141 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract void com.xxx.jaidwapfactory.security.SecurityPositionMa nager.removePosition&#40;com.xxx.jaidwapfactory.po sition.Position&#41;&#93; with attributes &#91;&#91;ACL_CONTACT_ADMIN&#93;&#93;
    14&#58;47&#58;23,141 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.getPositions&#93; with attributes &#91;&#91;AFTER_ACL_COLLECTION_READ&#93;&#93;
    14&#58;47&#58;23,141 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.getPositions&#93; with attributes &#91;&#91;AFTER_ACL_COLLECTION_READ&#93;&#93;
    14&#58;47&#58;23,141 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.getPositions&#93; with attributes &#91;&#91;AFTER_ACL_COLLECTION_READ&#93;&#93;
    14&#58;47&#58;23,151 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract java.util.ArrayList com.xxx.jaidwapfactory.security.SecurityPositionMa nager.getPositions&#40;&#41;&#93; with attributes &#91;&#91;AFTER_ACL_COLLECTION_READ&#93;&#93;
    14&#58;47&#58;23,151 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract java.util.ArrayList com.xxx.jaidwapfactory.security.SecurityPositionMa nager.getPositions&#40;&#41;&#93; with attributes &#91;&#91;AFTER_ACL_COLLECTION_READ&#93;&#93;
    14&#58;47&#58;23,151 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract java.util.ArrayList com.xxx.jaidwapfactory.security.SecurityPositionMa nager.getPositions&#40;&#41;&#93; with attributes &#91;&#91;AFTER_ACL_COLLECTION_READ&#93;&#93;
    14&#58;47&#58;23,151 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.getPosition&#93; with attributes &#91;&#91;AFTER_ACL_READ&#93;&#93;
    14&#58;47&#58;23,151 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.getPosition&#93; with attributes &#91;&#91;AFTER_ACL_READ&#93;&#93;
    14&#58;47&#58;23,151 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.getPosition&#93; with attributes &#91;&#91;AFTER_ACL_READ&#93;&#93;
    14&#58;47&#58;23,151 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract com.xxx.jaidwapfactory.position.Position com.xxx.jaidwapfactory.security.SecurityPositionMa nager.getPosition&#40;java.lang.String&#41;&#93; with attributes &#91;&#91;AFTER_ACL_READ&#93;&#93;
    14&#58;47&#58;23,151 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract com.xxx.jaidwapfactory.position.Position com.xxx.jaidwapfactory.security.SecurityPositionMa nager.getPosition&#40;java.lang.String&#41;&#93; with attributes &#91;&#91;AFTER_ACL_READ&#93;&#93;
    14&#58;47&#58;23,151 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract com.xxx.jaidwapfactory.position.Position com.xxx.jaidwapfactory.security.SecurityPositionMa nager.getPosition&#40;java.lang.String&#41;&#93; with attributes &#91;&#91;AFTER_ACL_READ&#93;&#93;
    14&#58;47&#58;23,151 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.addPosition&#93; with attributes &#91;&#91;ROLE_USER&#93;&#93;
    14&#58;47&#58;23,151 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.addPosition&#93; with attributes &#91;&#91;ROLE_USER&#93;&#93;
    14&#58;47&#58;23,151 DEBUG MethodDefinitionMap&#58;164 - Adding secure method &#91;com.xxx.jaidwapfactory.security.SecurityPosit ionManager.addPosition&#93; with attributes &#91;&#91;ROLE_USER&#93;&#93;
    14&#58;47&#58;23,161 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract void com.xxx.jaidwapfactory.security.SecurityPositionMa nager.addPosition&#40;com.xxx.jaidwapfactory.posit ion.Position&#41;&#93; with attributes &#91;&#91;ROLE_USER&#93;&#93;
    14&#58;47&#58;23,161 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract void com.xxx.jaidwapfactory.security.SecurityPositionMa nager.addPosition&#40;com.xxx.jaidwapfactory.posit ion.Position&#41;&#93; with attributes &#91;&#91;ROLE_USER&#93;&#93;
    14&#58;47&#58;23,161 INFO MethodDefinitionMap&#58;114 - Adding secure method &#91;public abstract void com.xxx.jaidwapfactory.security.SecurityPositionMa nager.addPosition&#40;com.xxx.jaidwapfactory.posit ion.Position&#41;&#93; with attributes &#91;&#91;ROLE_USER&#93;&#93;
    14&#58;47&#58;23,161 DEBUG AfterInvocationProviderManager&#58;123 - Evaluating AFTER_ACL_COLLECTION_READ against net.sf.acegisecurity.afterinvocation.BasicAclEntry AfterInvocationProvider@3b4b1e
    14&#58;47&#58;23,161 DEBUG AfterInvocationProviderManager&#58;123 - Evaluating AFTER_ACL_COLLECTION_READ against net.sf.acegisecurity.afterinvocation.BasicAclEntry AfterInvocationProvider@3b4b1e
    14&#58;47&#58;23,161 DEBUG AfterInvocationProviderManager&#58;123 - Evaluating AFTER_ACL_COLLECTION_READ against net.sf.acegisecurity.afterinvocation.BasicAclEntry AfterInvocationCollectionFilteringProvider@c0a9f9
    14&#58;47&#58;23,161 DEBUG AfterInvocationProviderManager&#58;123 - Evaluating AFTER_ACL_COLLECTION_READ against net.sf.acegisecurity.afterinvocation.BasicAclEntry AfterInvocationCollectionFilteringProvider@c0a9f9
    14&#58;47&#58;23,161 DEBUG AfterInvocationProviderManager&#58;123 - Evaluating AFTER_ACL_READ against net.sf.acegisecurity.afterinvocation.BasicAclEntry AfterInvocationProvider@3b4b1e
    14&#58;47&#58;23,161 DEBUG AfterInvocationProviderManager&#58;123 - Evaluating AFTER_ACL_READ against net.sf.acegisecurity.afterinvocation.BasicAclEntry AfterInvocationProvider@3b4b1e
    14&#58;47&#58;23,161 INFO AbstractSecurityInterceptor&#58;275 - Validated configuration attributes
    14&#58;47&#58;23,161 INFO AbstractSecurityInterceptor&#58;275 - Validated configuration attributes
    14&#58;47&#58;23,171 DEBUG BasicAclEntryVoter&#58;239 - Voter for class=org.aopalliance.intercept.MethodInvocation
    14&#58;47&#58;23,171 DEBUG BasicAclEntryVoter&#58;239 - Voter for class=org.aopalliance.intercept.MethodInvocation
    14&#58;47&#58;23,171 DEBUG BasicAclEntryVoter&#58;239 - Voter for class=org.aopalliance.intercept.MethodInvocation
    14&#58;47&#58;23,171 DEBUG BasicAclEntryVoter&#58;239 - Voter for class=org.aopalliance.intercept.MethodInvocation
    14&#58;47&#58;23,171 DEBUG BasicAclEntryVoter&#58;239 - Voter for class=org.aopalliance.intercept.MethodInvocation
    14&#58;47&#58;23,171 DEBUG BasicAclEntryVoter&#58;239 - Voter for class=org.aopalliance.intercept.MethodInvocation
    14&#58;47&#58;32,554 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;32,554 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;32,554 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;32,554 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;32,625 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/index.jsp'
    14&#58;47&#58;32,625 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/index.jsp'
    14&#58;47&#58;32,625 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/index.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;32,625 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/index.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;32,625 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/index.jsp'; pattern is \A/secure/.*\Z; matched=false
    14&#58;47&#58;32,625 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/index.jsp'; pattern is \A/secure/.*\Z; matched=false
    14&#58;47&#58;32,625 DEBUG AbstractSecurityInterceptor&#58;476 - Public object - authentication not attempted
    14&#58;47&#58;32,625 DEBUG AbstractSecurityInterceptor&#58;476 - Public object - authentication not attempted
    14&#58;47&#58;40,376 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;40,376 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;40,376 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;40,376 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;40,416 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;40,416 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;40,416 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;40,416 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;40,416 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/hello.jsp'
    14&#58;47&#58;40,416 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/hello.jsp'
    14&#58;47&#58;40,416 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/hello.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;40,416 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/hello.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;40,436 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/hello.jsp'; pattern is \A/secure/.*\Z; matched=false
    14&#58;47&#58;40,436 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/hello.jsp'; pattern is \A/secure/.*\Z; matched=false
    14&#58;47&#58;40,436 DEBUG AbstractSecurityInterceptor&#58;476 - Public object - authentication not attempted
    14&#58;47&#58;40,436 DEBUG AbstractSecurityInterceptor&#58;476 - Public object - authentication not attempted
    14&#58;47&#58;42,158 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;42,158 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;42,158 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;42,158 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;44,692 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;44,692 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;44,692 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;44,692 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;44,692 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/secure/position_browse.jsp'
    14&#58;47&#58;44,692 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/secure/position_browse.jsp'
    14&#58;47&#58;44,702 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;44,702 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;44,702 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;44,702 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;44,702 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_browse.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;44,702 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_browse.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;44,712 DEBUG SecurityEnforcementFilter&#58;195 - Authentication failed - adding target URL to Session&#58; http&#58;//localhost&#58;8080/acegijaid/secure/position_browse.jsp
    net.sf.acegisecurity.AuthenticationCredentialsNotF oundException&#58; A valid SecureContext was not provided in the RequestContext
    at net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor.credentialsNotFound&#40;AbstractSecurityI nterceptor.java&#58;520&#41;
    at net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor.beforeInvocation&#40;AbstractSecurityInte rceptor.java&#58;388&#41;
    at net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor.invoke&#40;FilterSecurityInterceptor.ja va&#58;67&#41;
    at net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter.doFilter&#40;SecurityEnforcementFilter. java&#58;169&#41;
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er&#40;FilterToBeanProxy.java&#58;105&#41;
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter&#40;ApplicationFilterChain.java&#58 ;186&#41;
    at org.apache.catalina.core.ApplicationFilterChain.do Filter&#40;ApplicationFilterChain.java&#58;157&#41 ;
    at net.sf.acegisecurity.ui.AbstractIntegrationFilter. doFilter&#40;AbstractIntegrationFilter.java&#58;17 2&#41;
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er&#40;FilterToBeanProxy.java&#58;105&#41;
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter&#40;ApplicationFilterChain.java&#58 ;186&#41;
    at org.apache.catalina.core.ApplicationFilterChain.do Filter&#40;ApplicationFilterChain.java&#58;157&#41 ;
    at net.sf.acegisecurity.ui.AbstractProcessingFilter.d oFilter&#40;AbstractProcessingFilter.java&#58;391& #41;
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er&#40;FilterToBeanProxy.java&#58;105&#41;
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter&#40;ApplicationFilterChain.java&#58 ;186&#41;
    at org.apache.catalina.core.ApplicationFilterChain.do Filter&#40;ApplicationFilterChain.java&#58;157&#41 ;
    at org.apache.catalina.core.StandardWrapperValve.invo ke&#40;StandardWrapperValve.java&#58;214&#41;
    at org.apache.catalina.core.StandardContextValve.invo ke&#40;StandardContextValve.java&#58;178&#41;
    at org.apache.catalina.core.StandardHostValve.invoke& #40;StandardHostValve.java&#58;126&#41;
    at org.apache.catalina.valves.ErrorReportValve.invoke &#40;ErrorReportValve.java&#58;105&#41;
    at org.apache.catalina.core.StandardEngineValve.invok e&#40;StandardEngineValve.java&#58;107&#41;
    at org.apache.catalina.connector.CoyoteAdapter.servic e&#40;CoyoteAdapter.java&#58;148&#41;
    at org.apache.coyote.http11.Http11Processor.process&# 40;Http11Processor.java&#58;825&#41;
    at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.processConnection&#40;Http11Protocol .java&#58;731&#41;
    at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket&#40;PoolTcpEndpoint.java&#58;526&#41;
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt&#40;LeaderFollowerWorkerThread.java&#58; 80&#41;
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run&#40;ThreadPool.java&#58;684&#41;
    at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
    14&#58;47&#58;44,712 DEBUG SecurityEnforcementFilter&#58;195 - Authentication failed - adding target URL to Session&#58; http&#58;//localhost&#58;8080/acegijaid/secure/position_browse.jsp
    net.sf.acegisecurity.AuthenticationCredentialsNotF oundException&#58; A valid SecureContext was not provided in the RequestContext
    at net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor.credentialsNotFound&#40;AbstractSecurityI nterceptor.java&#58;520&#41;
    at net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor.beforeInvocation&#40;AbstractSecurityInte rceptor.java&#58;388&#41;
    at net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor.invoke&#40;FilterSecurityInterceptor.ja va&#58;67&#41;
    at net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter.doFilter&#40;SecurityEnforcementFilter. java&#58;169&#41;
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er&#40;FilterToBeanProxy.java&#58;105&#41;
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter&#40;ApplicationFilterChain.java&#58 ;186&#41;
    at org.apache.catalina.core.ApplicationFilterChain.do Filter&#40;ApplicationFilterChain.java&#58;157&#41 ;
    at net.sf.acegisecurity.ui.AbstractIntegrationFilter. doFilter&#40;AbstractIntegrationFilter.java&#58;17 2&#41;
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er&#40;FilterToBeanProxy.java&#58;105&#41;
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter&#40;ApplicationFilterChain.java&#58 ;186&#41;
    at org.apache.catalina.core.ApplicationFilterChain.do Filter&#40;ApplicationFilterChain.java&#58;157&#41 ;
    at net.sf.acegisecurity.ui.AbstractProcessingFilter.d oFilter&#40;AbstractProcessingFilter.java&#58;391& #41;
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er&#40;FilterToBeanProxy.java&#58;105&#41;
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter&#40;ApplicationFilterChain.java&#58 ;186&#41;
    at org.apache.catalina.core.ApplicationFilterChain.do Filter&#40;ApplicationFilterChain.java&#58;157&#41 ;
    at org.apache.catalina.core.StandardWrapperValve.invo ke&#40;StandardWrapperValve.java&#58;214&#41;
    at org.apache.catalina.core.StandardContextValve.invo ke&#40;StandardContextValve.java&#58;178&#41;
    at org.apache.catalina.core.StandardHostValve.invoke& #40;StandardHostValve.java&#58;126&#41;
    at org.apache.catalina.valves.ErrorReportValve.invoke &#40;ErrorReportValve.java&#58;105&#41;
    at org.apache.catalina.core.StandardEngineValve.invok e&#40;StandardEngineValve.java&#58;107&#41;
    at org.apache.catalina.connector.CoyoteAdapter.servic e&#40;CoyoteAdapter.java&#58;148&#41;
    at org.apache.coyote.http11.Http11Processor.process&# 40;Http11Processor.java&#58;825&#41;
    at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.processConnection&#40;Http11Protocol .java&#58;731&#41;
    at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket&#40;PoolTcpEndpoint.java&#58;526&#41;
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt&#40;LeaderFollowerWorkerThread.java&#58; 80&#41;
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run&#40;ThreadPool.java&#58;684&#41;
    at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
    14&#58;47&#58;44,732 DEBUG AuthenticationProcessingFilterEntryPoint&#58;176 - Redirecting to&#58; http&#58;//localhost&#58;8080/acegijaid/acegilogin.jsp
    14&#58;47&#58;44,732 DEBUG AuthenticationProcessingFilterEntryPoint&#58;176 - Redirecting to&#58; http&#58;//localhost&#58;8080/acegijaid/acegilogin.jsp
    14&#58;47&#58;44,732 DEBUG AuthenticationProcessingFilterEntryPoint&#58;176 - Redirecting to&#58; http&#58;//localhost&#58;8080/acegijaid/acegilogin.jsp
    14&#58;47&#58;44,732 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;44,732 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;44,742 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;44,742 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = null
    14&#58;47&#58;44,742 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;44,742 DEBUG AbstractIntegrationFilter&#58;166 - Authentication not added to ContextHolder &#40;could not extract an authentication object from the container which is an instance of Authentication&#41;
    14&#58;47&#58;44,742 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/acegilogin.jsp'
    14&#58;47&#58;44,742 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980 e7'; to&#58; '/acegilogin.jsp'
    14&#58;47&#58;44,742 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/acegilogin.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;44,742 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/acegilogin.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;44,752 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/acegilogin.jsp'; pattern is \A/secure/.*\Z; matched=false
    14&#58;47&#58;44,752 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/acegilogin.jsp'; pattern is \A/secure/.*\Z; matched=false
    14&#58;47&#58;44,752 DEBUG AbstractSecurityIntercep

  • #2
    continued

    Code:
    14&#58;47&#58;44,752 DEBUG AbstractSecurityInterceptor&#58;476 - Public object - authentication not attempted
    14&#58;47&#58;44,752 DEBUG AbstractSecurityInterceptor&#58;476 - Public object - authentication not attempted
    14&#58;47&#58;46,795 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;46,795 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;46,795 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;46,795 DEBUG AbstractIntegrationFilter&#58;195 - ContextHolder does not contain any authentication information
    14&#58;47&#58;50,510 DEBUG AbstractProcessingFilter&#58;311 - Request is to process authentication
    14&#58;47&#58;50,510 DEBUG AbstractProcessingFilter&#58;311 - Request is to process authentication
    14&#58;47&#58;50,670 DEBUG AbstractProcessingFilter&#58;363 - Authentication success&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@dfbb43&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;50,670 DEBUG AbstractProcessingFilter&#58;363 - Authentication success&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@dfbb43&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;50,691 DEBUG AbstractProcessingFilter&#58;381 - Redirecting to target URL from HTTP Session &#40;or default&#41;&#58; http&#58;//localhost&#58;8080/acegijaid/secure/position_browse.jsp
    14&#58;47&#58;50,691 DEBUG AbstractProcessingFilter&#58;381 - Redirecting to target URL from HTTP Session &#40;or default&#41;&#58; http&#58;//localhost&#58;8080/acegijaid/secure/position_browse.jsp
    14&#58;47&#58;50,711 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;47&#58;50,711 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;47&#58;50,711 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;47&#58;50,711 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;47&#58;50,711 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980e7'; to&#58; '/secure/position_browse.jsp'
    14&#58;47&#58;50,711 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980e7'; to&#58; '/secure/position_browse.jsp'
    14&#58;47&#58;50,721 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;50,721 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;50,721 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;50,721 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;50,721 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_browse.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;50,721 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_browse.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;50,721 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@7f3b8a&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;50,721 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@7f3b8a&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;50,721 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@7f3b8a&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_browse.jsp
    14&#58;47&#58;50,721 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@7f3b8a&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_browse.jsp
    14&#58;47&#58;50,731 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;47&#58;50,731 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;47&#58;50,731 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;47&#58;50,731 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;47&#58;53,384 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;53,384 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;53,384 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;47&#58;53,384 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;47&#58;55,007 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;47&#58;55,007 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;47&#58;55,007 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;47&#58;55,007 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;47&#58;55,007 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@93bca2'; to&#58; '/secure/position_create.jsp'
    14&#58;47&#58;55,007 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@93bca2'; to&#58; '/secure/position_create.jsp'
    14&#58;47&#58;55,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;55,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;55,047 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;55,047 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;55,047 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_create.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;55,047 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_create.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;55,057 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1455d1c&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;55,057 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1455d1c&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;55,057 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1455d1c&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_create.jsp
    14&#58;47&#58;55,057 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1455d1c&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_create.jsp
    14&#58;47&#58;55,057 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;47&#58;55,057 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;47&#58;55,057 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;47&#58;55,057 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;47&#58;55,708 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;55,708 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;55,708 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;47&#58;55,708 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;47&#58;55,718 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;47&#58;55,718 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;47&#58;55,718 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;47&#58;55,718 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;47&#58;55,718 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@93bca2'; to&#58; '/secure/inc/jaidstyle.css'
    14&#58;47&#58;55,718 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@93bca2'; to&#58; '/secure/inc/jaidstyle.css'
    14&#58;47&#58;55,728 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/inc/jaidstyle.css'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;55,728 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/inc/jaidstyle.css'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;47&#58;55,728 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/inc/jaidstyle.css'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;55,728 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/inc/jaidstyle.css'; pattern is \A/secure/.*\Z; matched=true
    14&#58;47&#58;55,728 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/inc/jaidstyle.css; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;55,728 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/inc/jaidstyle.css; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;47&#58;55,728 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1723c7f&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;55,728 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1723c7f&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;47&#58;55,728 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1723c7f&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/inc/jaidstyle.css
    14&#58;47&#58;55,728 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1723c7f&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/inc/jaidstyle.css
    14&#58;47&#58;55,728 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;47&#58;55,728 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;47&#58;55,738 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;47&#58;55,738 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;47&#58;55,738 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;55,738 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;47&#58;55,738 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;47&#58;55,738 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;48&#58;02,017 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;48&#58;02,017 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;48&#58;02,017 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;48&#58;02,017 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;48&#58;02,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980e7'; to&#58; '/secure/position_create_submit.jsp'
    14&#58;48&#58;02,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980e7'; to&#58; '/secure/position_create_submit.jsp'
    14&#58;48&#58;02,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create_submit.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;48&#58;02,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create_submit.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;48&#58;02,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create_submit.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;48&#58;02,017 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_create_submit.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;48&#58;02,017 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_create_submit.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;48&#58;02,017 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_create_submit.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;48&#58;02,017 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@e1eae7&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;02,017 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@e1eae7&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;02,027 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@e1eae7&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_create_submit.jsp
    14&#58;48&#58;02,027 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@e1eae7&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_create_submit.jsp
    14&#58;48&#58;02,027 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;48&#58;02,027 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;48&#58;02,027 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;48&#58;02,027 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;48&#58;02,948 DEBUG JdbcExtendedDaoImpl&#58;310 -  neoi.getClassname&#40;&#41; + "&#58;" + neoi.getId&#40;&#41;=com.xxx.jaidwapfactory.position.concrete.PositionImpl&#58;aaa
    14&#58;48&#58;02,948 DEBUG JdbcExtendedDaoImpl&#58;310 -  neoi.getClassname&#40;&#41; + "&#58;" + neoi.getId&#40;&#41;=com.xxx.jaidwapfactory.position.concrete.PositionImpl&#58;aaa
    14&#58;48&#58;02,978 DEBUG JdbcExtendedDaoImpl&#58;310 -  neoi.getClassname&#40;&#41; + "&#58;" + neoi.getId&#40;&#41;=com.xxx.jaidwapfactory.position.concrete.PositionImpl&#58;aaa
    14&#58;48&#58;02,978 DEBUG JdbcExtendedDaoImpl&#58;310 -  neoi.getClassname&#40;&#41; + "&#58;" + neoi.getId&#40;&#41;=com.xxx.jaidwapfactory.position.concrete.PositionImpl&#58;aaa
    14&#58;48&#58;02,998 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;48&#58;02,998 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;48&#58;02,998 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;48&#58;02,998 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;48&#58;03,118 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;48&#58;03,118 DEBUG AbstractIntegrationFilter&#58;135 - extractFromContainer = net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
    14&#58;48&#58;03,118 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;48&#58;03,118 DEBUG AbstractIntegrationFilter&#58;139 - Authentication added to ContextHolder from container
    14&#58;48&#58;03,118 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980e7'; to&#58; '/secure/position_browse.jsp'
    14&#58;48&#58;03,118 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;132 - Converted URL to lowercase, from&#58; 'org.apache.catalina.connector.RequestFacade@10980e7'; to&#58; '/secure/position_browse.jsp'
    14&#58;48&#58;03,118 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;48&#58;03,118 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/super.*\Z; matched=false
    14&#58;48&#58;03,128 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;48&#58;03,128 DEBUG RegExpBasedFilterInvocationDefinitionMap&#58;144 - Candidate is&#58; '/secure/position_browse.jsp'; pattern is \A/secure/.*\Z; matched=true
    14&#58;48&#58;03,128 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_browse.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;48&#58;03,128 DEBUG AbstractSecurityInterceptor&#58;381 - Secure object&#58; FilterInvocation&#58; URL&#58; /secure/position_browse.jsp; ConfigAttributes&#58; &#91;ROLE_SUPERVISOR, ROLE_USER&#93;
    14&#58;48&#58;03,128 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;03,128 DEBUG AbstractSecurityInterceptor&#58;421 - Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;03,138 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_browse.jsp
    14&#58;48&#58;03,138 DEBUG AffirmativeBased&#58;64 - Deciding, authentication=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER,object=FilterInvocation&#58; URL&#58; /secure/position_browse.jsp
    14&#58;48&#58;03,138 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;48&#58;03,138 DEBUG AbstractSecurityInterceptor&#58;441 - Authorization successful
    14&#58;48&#58;03,138 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;48&#58;03,138 DEBUG AbstractSecurityInterceptor&#58;456 - RunAsManager did not change Authentication object
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;328 - obtainIdentity returned net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;328 - obtainIdentity returned net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,168 DEBUG AclProviderManager&#58;100 - ACL lookup using net.sf.acegisecurity.acl.basic.BasicAclProvider
    14&#58;48&#58;03,168 DEBUG AclProviderManager&#58;100 - ACL lookup using net.sf.acegisecurity.acl.basic.BasicAclProvider
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;112 - Looking up&#58; net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,168 DEBUG BasicAclProvider&#58;112 - Looking up&#58; net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,199 DEBUG BasicAclProvider&#58;125 - Explicit add&#58; net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;
    14&#58;48&#58;03,199 DEBUG BasicAclProvider&#58;125 - Explicit add&#58; net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;
    14&#58;48&#58;03,199 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;77 - Locating AclEntry&#91;&#93;s &#40;from set of 1&#41; that apply to Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;03,199 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;77 - Locating AclEntry&#91;&#93;s &#40;from set of 1&#41; that apply to Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;03,199 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;104 - Principal &#40;from UserDetails&#41; matches AclEntry recipient&#58; dianne
    14&#58;48&#58;03,199 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;104 - Principal &#40;from UserDetails&#41; matches AclEntry recipient&#58; dianne
    14&#58;48&#58;03,199 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;143 - Returning effective AclEntry array with 1 elements
    14&#58;48&#58;03,199 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;143 - Returning effective AclEntry array with 1 elements
    14&#58;48&#58;03,199 DEBUG AclTag&#58;181 - Authentication&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER' has&#58; 1 AclEntrys for domain object&#58; 'com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang; ' from AclManager&#58; 'net.sf.acegisecurity.acl.AclProviderManager@1ef3a22'
    14&#58;48&#58;03,199 DEBUG AclTag&#58;181 - Authentication&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER' has&#58; 1 AclEntrys for domain object&#58; 'com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang; ' from AclManager&#58; 'net.sf.acegisecurity.acl.AclProviderManager@1ef3a22'
    14&#58;48&#58;03,199 DEBUG AclTag&#58;201 - Including tag body as found permission&#58; 1 due to AclEntry&#58; 'net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;'
    14&#58;48&#58;03,199 DEBUG AclTag&#58;201 - Including tag body as found permission&#58; 1 due to AclEntry&#58; 'net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;'
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;328 - obtainIdentity returned net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;328 - obtainIdentity returned net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,209 DEBUG AclProviderManager&#58;100 - ACL lookup using net.sf.acegisecurity.acl.basic.BasicAclProvider
    14&#58;48&#58;03,209 DEBUG AclProviderManager&#58;100 - ACL lookup using net.sf.acegisecurity.acl.basic.BasicAclProvider
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,209 DEBUG BasicAclProvider&#58;372 - domainInstance&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang;  attempting to pass to constructor&#58; public net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#40;java.lang.Object&#41; throws java.lang.IllegalAccessException,java.lang.reflect.InvocationTargetException
    14&#58;48&#58;03,229 DEBUG BasicAclProvider&#58;112 - Looking up&#58; net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,229 DEBUG BasicAclProvider&#58;112 - Looking up&#58; net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;
    14&#58;48&#58;03,349 DEBUG BasicAclProvider&#58;125 - Explicit add&#58; net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;
    14&#58;48&#58;03,349 DEBUG BasicAclProvider&#58;125 - Explicit add&#58; net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;
    14&#58;48&#58;03,349 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;77 - Locating AclEntry&#91;&#93;s &#40;from set of 1&#41; that apply to Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;03,349 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;77 - Locating AclEntry&#91;&#93;s &#40;from set of 1&#41; that apply to Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER
    14&#58;48&#58;03,349 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;104 - Principal &#40;from UserDetails&#41; matches AclEntry recipient&#58; dianne
    14&#58;48&#58;03,349 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;104 - Principal &#40;from UserDetails&#41; matches AclEntry recipient&#58; dianne
    14&#58;48&#58;03,349 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;143 - Returning effective AclEntry array with 1 elements
    14&#58;48&#58;03,349 DEBUG GrantedAuthorityEffectiveAclsResolver&#58;143 - Returning effective AclEntry array with 1 elements
    14&#58;48&#58;03,359 DEBUG AclTag&#58;181 - Authentication&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER' has&#58; 1 AclEntrys for domain object&#58; 'com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang; ' from AclManager&#58; 'net.sf.acegisecurity.acl.AclProviderManager@1ef3a22'
    14&#58;48&#58;03,359 DEBUG AclTag&#58;181 - Authentication&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@136bdda&#58; Username&#58; dianne; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_USER' has&#58; 1 AclEntrys for domain object&#58; 'com.xxx.jaidwapfactory.position.concrete.PositionImpl@9b59a2&#58; Id&#58; aaa; Name&#58; Aaron Tang; ' from AclManager&#58; 'net.sf.acegisecurity.acl.AclProviderManager@1ef3a22'
    14&#58;48&#58;03,359 DEBUG AclTag&#58;201 - Including tag body as found permission&#58; 1 due to AclEntry&#58; 'net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;'
    14&#58;48&#58;03,359 DEBUG AclTag&#58;201 - Including tag body as found permission&#58; 1 due to AclEntry&#58; 'net.sf.acegisecurity.acl.basic.SimpleAclEntry&#91;net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity&#91;Classname&#58; com.xxx.jaidwapfactory.position.concrete.PositionImpl; Identity&#58; aaa&#93;,dianne=A---- ...............................1 &#40;1&#41;&#93;'
    14&#58;48&#58;03,359 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;48&#58;03,359 DEBUG SecurityEnforcementFilter&#58;172 - Chain processed normally
    14&#58;48&#58;03,359 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder
    14&#58;48&#58;03,359 DEBUG AbstractIntegrationFilter&#58;178 - Updating container with new Authentication object, and then removing Authentication from ContextHolder

    Comment


    • #3
      Aaron, please post follow-up messages in the same thread as the original question, as it makes it easier for others to follow the conversation.

      I think your configuration of MethodSecurityInterceptor is incorrect. For example:

      Code:
         <bean id="positionManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
            <property name="authenticationManager"><ref bean="authenticationManager"/></property>
            <property name="accessDecisionManager"><ref local="positionAccessDecisionManager"/></property>
            <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
            <property name="objectDefinitionSource">
               <value>
                  com.xxx.jaidwapfactory.security.SecurityPositionManager.addPosition=ROLE_USER
                  com.xxx.jaidwapfactory.security.SecurityPositionManager.removePosition=ACL_CONTACT_ADMIN
                  com.xxx.jaidwapfactory.security.SecurityPositionManager.getPositions=AFTER_ACL_COLLECTION_READ
                  com.xxx.jaidwapfactory.security.SecurityPositionManager.getPosition=AFTER_ACL_READ
               </value>
            </property>
         </bean>
      </beans>
      The ROLE_USER is the most basic type of authorization - role-based access control. The remaining configuration attributes (ACL_CONTACT_ADMIN, AFTER_ACL_READ etc) provide ACL services. ACL services relate to not only the method invocation but also to the domain object passed to or returned from the method invocation. Looking at your debug messages, it would seem you're still using the sample data in terms of defining the ACLs that apply to different invocations.

      All-in-all I think you need to spend a little time with the reference manual. I updated it last night, so checkout from CVS and it will discuss the ACL capabilites in a lot better detail. Sorry to refer you back to the manual, but given I just wrote all this last night - and it's fairly comprehensive in detail - I think you'll get more value from a quick read there than reading a brief summary again.

      If you modify your configuration but it still doesn't work, please post your new configuration and I'll be happy to help. In the first instance I'd urge you to not try and use the ACL capabilities - just use the RoleVoter until you've got a reasonable feel for how Acegi Security works.

      Comment


      • #4
        I've tried using only RoleVoter before and tried again just now.

        Code:
           <bean id="positionManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
              <property name="authenticationManager"><ref bean="authenticationManager"/></property>
              <property name="accessDecisionManager"><ref local="positionAccessDecisionManager"/></property>
              <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
              <property name="objectDefinitionSource">
                 <value>
        				com.airinbox.jaidwapfactory.security.SecurityPositionManager.addPosition=ROLE_USER
        				com.airinbox.jaidwapfactory.security.SecurityPositionManager.removePosition=ROLE_USER,ACL_CONTACT_ADMIN
        				com.airinbox.jaidwapfactory.security.SecurityPositionManager.getPositions=ROLE_SUPERVISOR
        				com.airinbox.jaidwapfactory.security.SecurityPositionManager.getPosition=ROLE_SUPERVISOR
                 </value>
              </property>
           </bean>
        the authorities:

        Code:
        +----------+-----------------+
        | USERNAME | AUTHORITY       |
        +----------+-----------------+
        | dianne   | ROLE_USER       |
        | marissa  | ROLE_SUPERVISOR |
        | marissa  | ROLE_USER       |
        | peter    | ROLE_USER       |
        | scott    | ROLE_USER       |
        +----------+-----------------+
        but when executing getPositions "by" either dianne or scott, they can get all the positions created by marissa.

        So, I think my problem is just as the post topic said:
        Method call to the spring bean in my jsp code is not be intercepted by MethodSecurityInterceptor

        I also posted some debug msg from MethodSecurityInterceptor, please see: http://forum.springframework.org/showthread.php?t=11785
        Last edited by robyn; May 14th, 2006, 05:35 PM.

        Comment


        • #5
          If you're needing to filter domain object instances, as seems to be the case with "getPositions", you'll need ACL security. In this case you'll need to have a configuration similar to your existing configuration. Please post the contents of your two ACL tables, as I think that'll show what the problem is.

          Comment


          • #6
            1.authorities
            Code:
            +----------+-----------------+
            | USERNAME | AUTHORITY       |
            +----------+-----------------+
            | dianne   | ROLE_USER       |
            | marissa  | ROLE_SUPERVISOR |
            | marissa  | ROLE_USER       |
            | peter    | ROLE_USER       |
            | scott    | ROLE_USER       |
            +----------+-----------------+
            2.acl_object_identity
            Code:
            +-----+-----------------------------------------------------------------------+---------------+-----------------------------------------------+
            | ID  | OBJECT_IDENTITY                                                       | PARENT_OBJECT | ACL_CLASS                                     |
            +-----+-----------------------------------------------------------------------+---------------+-----------------------------------------------+
            | 100 | com.xxx.jaidwapfactory.position.concrete.PositionImpl&#58;aaron8tang |        &#91;NULL&#93; | net.sf.acegisecurity.acl.basic.SimpleAclEntry |
            +-----+-----------------------------------------------------------------------+---------------+-----------------------------------------------+
            3.acl_permission
            Code:
            +-----+---------------------+-----------+------+
            | ID  | ACL_OBJECT_IDENTITY | RECIPIENT | MASK |
            +-----+---------------------+-----------+------+
            | 113 |                 100 | scott     |    1 |
            +-----+---------------------+-----------+------+
            4.part of applicationContext-common-authorization.xml
            Code:
               <bean id="positionManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
                  <property name="authenticationManager"><ref bean="authenticationManager"/></property>
                  <property name="accessDecisionManager"><ref local="positionAccessDecisionManager"/></property>
                  <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
                  <property name="objectDefinitionSource">
                     <value>
            				com.xxx.jaidwapfactory.security.SecurityPositionManager.addPosition=ROLE_USER
            				com.xxx.jaidwapfactory.security.SecurityPositionManager.removePosition=ROLE_USER,ACL_CONTACT_ADMIN
            				com.xxx.jaidwapfactory.security.SecurityPositionManager.getPositions=ROLE_USER,AFTER_ACL_COLLECTION_READ
            				com.xxx.jaidwapfactory.security.SecurityPositionManager.getPosition=ROLE_USER,AFTER_ACL_READ
                     </value>
                  </property>
               </bean>

            Comment


            • #7
              This is a hard one to help you with given the size of stack traces etc and the number of messages. So, let's just focus on getting your getPositions method working initially.

              Your MethodSecurityInterceptor appears properly configured for getPositions. Requiring ROLE_USER will force the user to be logged in, and requiring AFTER_ACL_COLLECTION_READ will ensures every Collection element returned by the getPermissions has a "read" permission.

              I'm assuming you're happy using the sample users. As shown by acl_permission, "scott" is the only user who has access to acl_object_identity.id = 100, which is "com.xxx.jaidwapfactory.position.concrete.Position Impl:aaron8tang". Something troubling me is the RHS of the colon, which is "aaron8tang". If the PositionImpl.getId() returns a String, "aaron8tang", this is correct. However, identity properties are typically Integer or Long objects with no business meaning, so I'm wondering if this is correct. If your PositionImpl.getId() returns say 34, the acl_object_identity row should be "com.xxx.jaidwapfactory.position.concrete.Position Impl:34".

              Could you give your application a try again with the above in mind, and post any debug messages produced by the net.sf.acegisecurity.acl package and subpackages, along with any updates you made to the database tables.

              Comment


              • #8
                Ben,

                I review Spring's reference document and be enlighten by its 5.5.3 section, proxying interfaces.

                1.I change the positionManagerTarget from an independent bean to an inner bean.
                Code:
                    <bean id="positionManager" class="org.springframework.aop.framework.ProxyFactoryBean">
                        <property name="proxyInterfaces"><value>com.xxx.jaidwapfactory.security.SecurityPositionManager</value></property>
                        
                        <property name="target">
                            <!--id="positionManagerTarget" -->
                            <bean class="com.xxx.jaidwapfactory.security.SecurityPositionManagerImpl">
                    	        <property name="basicAclExtendedDao"><ref bean="basicAclExtendedDao"/></property>       
                    	        <property name="securityManager"><ref bean="securityManager"/></property>       	   
                            </bean>            
                        </property>
                        
                        <property name="interceptorNames">
                            <list>
                                <idref local="transactionInterceptor"/>
                                <idref bean="positionManagerSecurity"/>
                                <!--
                                <idref local="positionManagerTarget"/>
                                -->
                            </list>
                        </property>
                    </bean>
                2.then, I've to change code in /secure/header.jsp to
                Code:
                    ApplicationContext context = getContext&#40;pageContext.getServletContext&#40;&#41;&#41;;
                    //Map beans = context.getBeansOfType&#40;SecurityPositionManager.class, false, false&#41;;
                    String beanName = "positionManager";//&#40;String&#41; beans.keySet&#40;&#41;.iterator&#40;&#41;.next&#40;&#41;;
                	SecurityPositionManager securityPositionManager = &#40;SecurityPositionManager&#41; context.getBean&#40;beanName&#41;;
                otherwise, such exception is thrown(under tomcat 5.5.4)
                Code:
                &#91;ERROR,FilterSecurityInterceptor,http-8080-Processor25&#93; ServletException
                org.apache.jasper.JasperException
                	at org.apache.jasper.servlet.JspServletWrapper.service&#40;JspServletWrapper.java&#58;373&#41;
                	at org.apache.jasper.servlet.JspServlet.serviceJspFile&#40;JspServlet.java&#58;295&#41;
                	at org.apache.jasper.servlet.JspServlet.service&#40;JspServlet.java&#58;245&#41;
                	at javax.servlet.http.HttpServlet.service&#40;HttpServlet.java&#58;802&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;237&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;77&#41;
                	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;169&#41;
                	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;105&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;186&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at net.sf.acegisecurity.ui.AbstractIntegrationFilter.doFilter&#40;AbstractIntegrationFilter.java&#58;172&#41;
                	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;105&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;186&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;391&#41;
                	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;105&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;186&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;214&#41;
                	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;178&#41;
                	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;126&#41;
                	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;105&#41;
                	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;107&#41;
                	at org.apache.catalina.connector.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;148&#41;
                	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;825&#41;
                	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;731&#41;
                	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket&#40;PoolTcpEndpoint.java&#58;526&#41;
                	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt&#40;LeaderFollowerWorkerThread.java&#58;80&#41;
                	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;684&#41;
                	at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
                &#91;ERROR,FilterSecurityInterceptor,http-8080-Processor25&#93; RootCause
                java.util.NoSuchElementException
                	at java.util.HashMap$HashIterator.nextEntry&#40;HashMap.java&#58;790&#41;
                	at java.util.HashMap$KeyIterator.next&#40;HashMap.java&#58;823&#41;
                	at org.apache.jsp.secure.position_005fbrowse_jsp._jspService&#40;org.apache.jsp.secure.position_005fbrowse_jsp&#58;105&#41;
                	at org.apache.jasper.runtime.HttpJspBase.service&#40;HttpJspBase.java&#58;99&#41;
                	at javax.servlet.http.HttpServlet.service&#40;HttpServlet.java&#58;802&#41;
                	at org.apache.jasper.servlet.JspServletWrapper.service&#40;JspServletWrapper.java&#58;325&#41;
                	at org.apache.jasper.servlet.JspServlet.serviceJspFile&#40;JspServlet.java&#58;295&#41;
                	at org.apache.jasper.servlet.JspServlet.service&#40;JspServlet.java&#58;245&#41;
                	at javax.servlet.http.HttpServlet.service&#40;HttpServlet.java&#58;802&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;237&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;77&#41;
                	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;169&#41;
                	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;105&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;186&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at net.sf.acegisecurity.ui.AbstractIntegrationFilter.doFilter&#40;AbstractIntegrationFilter.java&#58;172&#41;
                	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;105&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;186&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;391&#41;
                	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;105&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;186&#41;
                	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;157&#41;
                	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;214&#41;
                	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;178&#41;
                	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;126&#41;
                	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;105&#41;
                	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;107&#41;
                	at org.apache.catalina.connector.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;148&#41;
                	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;825&#41;
                	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;731&#41;
                	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket&#40;PoolTcpEndpoint.java&#58;526&#41;
                	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt&#40;LeaderFollowerWorkerThread.java&#58;80&#41;
                	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;684&#41;
                	at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
                3.It works!
                Because my application is based on so-called Model 1 architecture, maybe there is something special somewhere.
                Your Spring framework based contacts application runs pretty well without such modification.

                Thanks for your great patience to help me, Ben!

                By the way, in BasicAclEntryAfterInvocationCollectionFilteringPro vider's decide method, I make a copy of returnedObject,
                and then remove items from the copy instead, not from returnedObject directly. Under some circumstance, returnedObject
                maybe be the only copy of business data. Perhaps in this case, I shouldn't be so lazy to reuse the reference impl, but to write my own AfterInvocationProvider.

                Comment


                • #9
                  Originally posted by aaron8tang
                  By the way, in BasicAclEntryAfterInvocationCollectionFilteringPro vider's decide method, I make a copy of returnedObject,
                  and then remove items from the copy instead, not from returnedObject directly. Under some circumstance, returnedObject
                  maybe be the only copy of business data. Perhaps in this case, I shouldn't be so lazy to reuse the reference impl, but to write my own AfterInvocationProvider.
                  Or have your business method itself perform a clone, which would seem the safest place to do it.

                  Comment

                  Working...
                  X